log file

es

23-01-2012 12:00

hoi hierbij even mijn log file,kunnen jullie even kijken pc loopt niet echt lekker!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:57:03, on 23-1-2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Nokia\PC Internet Access\NPCIA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\esther\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1109&m=aspire_8930
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1109&m=aspire_8930
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: “C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe”
O4 - HKLM\..\Run: “C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe” -startup
O4 - HKLM\..\Run: C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: “C:\Program Files\Ask.com\Updater\Updater.exe”
O4 - HKLM\..\RunOnce: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: ~“C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: C:\Program Files\MyTomTom 3\MyTomTomSA.exe
O4 - HKCU\..\Run: “C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKCU\..\Run: “C:\Program Files\Nokia\PC Internet Access\NPCIA.exe” /b
O4 - HKCU\..\Run: “C:\Program Files\uTorrent\uTorrent.exe” /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\esther\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\esther\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Zoek op het web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra ‘Tools’ menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
–
End of file - 14758 bytes
Ben

23-01-2012 13:18

Hallo es,
Voer eerst even het stappenplan uit:
http://antivirus.startpagina.nl/prikbord/4625317/voer-dit-eerst-uit-voordat-je-de-logjes-plaatst!!#msg-4625317
En plaats daarna de Twee gevraagde logjes.
Suc6 Ben
es

23-01-2012 13:56

goedenmiddag ,hoop dat deze wel goed is? ikdoe van de ani malware die van vanmorgen ff erbij
Malwarebytes Anti-Malware 1.60.0.1800
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Databaseversie: v2012.01.23.02
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
esther :: PC_VAN_ESTHER
23-1-2012 11:38:15
mbam-log-2012-01-23 (11-38-15).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 188088
Verstreken tijd: 11 minuut/minuten, 19 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
www.malwarebytes.org
Databaseversie: v2012.01.23.02
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
esther :: PC_VAN_ESTHER
23-1-2012 13:41:19
mbam-log-2012-01-23 (13-41-19).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 188229
Verstreken tijd: 10 minuut/minuten, 39 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:56:12, on 23-1-2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Nokia\PC Internet Access\NPCIA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\esther\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\cmd.exe
C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1109&m=aspire_8930
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1109&m=aspire_8930
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: “C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe”
O4 - HKLM\..\Run: “C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe” -startup
O4 - HKLM\..\Run: C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: “C:\Program Files\Ask.com\Updater\Updater.exe”
O4 - HKCU\..\Run: ~“C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: C:\Program Files\MyTomTom 3\MyTomTomSA.exe
O4 - HKCU\..\Run: “C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKCU\..\Run: “C:\Program Files\Nokia\PC Internet Access\NPCIA.exe” /b
O4 - HKCU\..\Run: “C:\Program Files\uTorrent\uTorrent.exe” /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\esther\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\esther\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Zoek op het web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra ‘Tools’ menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
–
End of file - 14531 bytes
es

23-01-2012 14:25

ff aanvullling ik zie dat ik sp1 heb:S ,heb ff aan me dochter gevraagd die leent steeds mijn lap ,die heeft een herstelpunt gemaakt ik denk dat ze ergens mee de fout in is gegaan ,ik probeer nu ff updates te downloaden eerste melde die mislukt en nu blijft ie bij 0% hangen ik ,probeer t zo nog ff en dan als t lukt doe ik het ff geupdate opnieuw(
fazantje

23-01-2012 15:00

Hoi Es,
Verwijder vanuit: C - configuratiescherm - programma's en onderdelen:
Ask Toolbar
SweetIM
Babylon
Start HijackThis, klik op scan en vink de volgende regels aan:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: “C:\Program Files\Ask.com\Updater\Updater.exe”
O8 - Extra context menu item: Zoek op het web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} -
Sluit alle vensters, behalve HijackThis en klik op Fix checked.
Verwijder, indien nog aanwezig de volgende vet gedrukte bestanden/mappen:
C:\Program Files\Ask.com\ <—– Deze map.
C:\Program Files\SweetIM\ <—– Deze map.
Start je computer opnieuw op en doe het volgende:
Download combofix Hier.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Het kan enige tijd duren voordat het logje van combofix komt, dus denk niet van hij is op tilt.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Denk niet van combo is op tilt, want het kan soms enige tijd duren, dus wacht geduldig af.
Plaats deze combo log in je volgende post samen met een nieuw HijackThis logje.
Succes,
Huib;)
es

23-01-2012 15:17

hoi dank je wel voor je reactie!
ik ga er vanavond mee aan de gang en dan plaats ik een nieuwe logfile,moet nu even de dagelijkse dingen doen ,en ff kijken of de windows updates willen lukken ,t gaat goed tot het installeren en dan krijg ik de melding mislukt! tot zover bedankt ,de rest volgt vanavond!
gr es
es

23-01-2012 20:10

goedenavond,hierbij nog ff gedaan wat ik moest doen:
ComboFix 12-01-23.02 - esther 23-01-2012 19:36:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3068.1638
Gestart vanuit: c:\users\esther\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\esther\mbam-setup-1.60.0.1800.exe
c:\windows\system32\fldlckun.exe
c:\windows\system32\Mlkf.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-23 to 2012-01-23 ))))))))))))))))))))))))))))))
.
.
2012-01-23 18:46 . 2012-01-23 18:46 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-01-23 14:05 . 2012-01-23 14:05 ——– d—–w- c:\program files\Common Files\Java
2012-01-23 14:05 . 2011-11-10 04:54 472808 —-a-w- c:\windows\system32\deployJava1.dll
2012-01-23 10:37 . 2012-01-23 10:37 ——– d—–w- c:\users\esther\AppData\Roaming\Malwarebytes
2012-01-23 10:37 . 2012-01-23 10:37 ——– d—–w- c:\programdata\Malwarebytes
2012-01-23 10:37 . 2012-01-23 10:37 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2012-01-23 10:37 . 2011-12-10 14:24 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-01-23 10:27 . 2012-01-23 10:27 ——– d—–w- c:\program files\Trend Micro
2012-01-23 10:25 . 2012-01-23 10:25 ——– d—–w- c:\users\esther\AppData\Local\APN
2012-01-22 23:24 . 2012-01-05 19:19 6557240 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B28D3C1-44E1-4214-8BFF-2EABE8CBD357}\mpengine.dll
2012-01-20 13:11 . 2012-01-22 22:29 ——– d—–w- C:\61a43970e1f0bbc22d9c
2012-01-18 14:09 . 2012-01-18 19:39 ——– d—–w- c:\program files\BrowserCompanion
2012-01-18 14:09 . 2012-01-18 14:09 ——– d—–w- c:\program files\Conduit
2012-01-18 14:09 . 2012-01-23 10:17 ——– d—–w- c:\users\esther\AppData\Local\Conduit
2012-01-17 10:20 . 2004-01-11 15:03 36864 —-a-w- c:\windows\system32\LckFldService.exe
2012-01-17 10:20 . 2001-03-13 13:49 140288 —-a-w- c:\windows\system32\COMDLG32.OCX
2012-01-17 10:20 . 1998-04-23 23:00 368912 —-a-w- c:\windows\system32\vbar332.dll
2012-01-10 15:57 . 2012-01-10 15:57 ——– d—–w- c:\users\esther\AppData\Roaming\SumatraPDF
2012-01-10 15:57 . 2012-01-18 14:09 2983 —-a-w- C:\user.js
2012-01-10 15:57 . 2012-01-10 15:57 ——– d—–w- c:\users\esther\AppData\Local\Babylon
2012-01-10 15:56 . 2012-01-10 15:56 ——– d—–w- c:\users\esther\AppData\Roaming\Babylon
2012-01-10 15:56 . 2012-01-10 15:56 ——– d—–w- c:\programdata\Babylon
2012-01-10 15:56 . 2012-01-10 15:56 ——– d—–w- c:\program files\PDFReader
2012-01-05 18:19 . 2012-01-05 18:19 ——– d—–w- C:\Disney
2012-01-05 18:19 . 1996-07-18 12:06 297472 —-a-w- c:\windows\uninst.exe
2011-12-29 17:18 . 2011-12-29 17:19 ——– d—–w- c:\users\esther\AppData\Roaming\vlc
2011-12-29 17:18 . 2011-12-29 17:18 ——– d—–w- c:\users\esther\AppData\Local\Ilivid Player
2011-12-29 17:17 . 2011-12-29 18:25 ——– d—–w- c:\program files\iLivid
2011-12-29 17:16 . 2011-12-29 17:16 ——– d—–w- c:\programdata\boost_interprocess
2011-12-29 17:16 . 2011-12-29 17:16 ——– d—–w- c:\users\esther\AppData\Local\PackageAware
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 14:02 . 2011-12-23 14:04 9 —-a-w- c:\users\esther\AppData\Roaming\mdb.bin
2011-12-15 10:18 . 2011-12-15 10:18 913168 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}”
2008-07-29 16:52 121392 —-a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“MyTomTomSA.exe”=“c:\program files\MyTomTom 3\MyTomTomSA.exe”
“TomTomHOME.exe”=“c:\program files\TomTom HOME 2\TomTomHOMERunner.exe”
“NokiaPCInternetAccess”=“c:\program files\Nokia\PC Internet Access\NPCIA.exe”
.
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“ePower_DMC”=“c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe”
“eDataSecurity Loader”=“c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe”
“eAudio”=“c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe”
“BkupTray”=“c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“PLFSetI”=“c:\windows\PLFSetI.exe”
“ArcadeDeluxeAgent”=“c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”
“CLMLServer”=“c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe”
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe”
“Windows Mobile-based device management”=“c:\windows\WindowsMobile\wmdSync.exe”
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe”
“HTC Sync Loader”=“c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe”
.
c:\users\esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
.
“EnableUIADesktopToggle”= 0 (0x0)
.
2009-11-06 18:05 3162624 —-a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
“AppInit_DLLs”=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
@=“”
.
@=“Service”
.
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
path=c:\users\esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
.
2009-01-12 18:15 30192 —-a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
2008-06-16 09:58 809480 —-a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
2008-07-18 15:04 167936 ——w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
2009-11-06 18:05 3719680 —-a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe
.
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
.
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-01-23 c:\windows\Tasks\User_Feed_Synchronization-{A9EBCAB7-3E68-4847-995A-41BA0A09D85E}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.a2sp.nl/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1109&m=aspire_8930
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden:
.
**************************************************************************
.
“ImagePath”=“\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘Explorer.exe’(3344)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\vfsFPService.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Acer\Acer Bio Protection\BASVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Acer\Acer VCM\RS_Service.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
.
**************************************************************************
.
Voltooingstijd: 2012-01-23 19:57:25 - machine werd herstart
ComboFix-quarantined-files.txt 2012-01-23 18:56
.
Pre-Run: 80.955.494.400 bytes beschikbaar
Post-Run: 84.801.421.312 bytes beschikbaar
.
- - End Of File - - 124A9FA95EE8D5436195C244F97444FD
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:09:33, on 23-1-2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Nokia\PC Internet Access\NPCIA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Windows\ehome\ehmsas.exe
C:\Users\esther\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.a2sp.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1109&m=aspire_8930
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: “C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe”
O4 - HKLM\..\Run: “C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe” -startup
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: C:\Program Files\MyTomTom 3\MyTomTomSA.exe
O4 - HKCU\..\Run: “C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKCU\..\Run: “C:\Program Files\Nokia\PC Internet Access\NPCIA.exe” /b
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra ‘Tools’ menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
–
End of file - 12262 bytes
fazantje

23-01-2012 20:44
Hoi Esther,
Doe het volgende:
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Folder::
c:\program files\Conduit
c:\users\esther\AppData\Local\Conduit
c:\users\esther\AppData\Local\Babylon
c:\users\esther\AppData\Roaming\Babylon
c:\programdata\Babylon
C:\61a43970e1f0bbc22d9c
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Succes,
Huib;)
es

23-01-2012 21:41

hoiii daar ben ik weer!
ComboFix 12-01-23.02 - esther 23-01-2012 21:22:29.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3068.1587
Gestart vanuit: c:\users\esther\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\esther\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\61a43970e1f0bbc22d9c
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\acres.dll
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ar-sa\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ar-sa\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ar-sa\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ar-sa\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\bg-bg\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\bg-bg\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\bg-bg\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\bg-bg\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\cs-cz\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\cs-cz\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\cs-cz\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\cs-cz\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\da-dk\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\da-dk\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\da-dk\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\da-dk\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\de-de\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\de-de\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\de-de\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\de-de\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\drvmain.sdb
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\el-gr\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\el-gr\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\el-gr\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\el-gr\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\en-us\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\en-us\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\en-us\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\en-us\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\es-es\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\es-es\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\es-es\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\es-es\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\et-ee\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\et-ee\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\et-ee\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\et-ee\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\fi-fi\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\fi-fi\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\fi-fi\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\fi-fi\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\fr-fr\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\fr-fr\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\fr-fr\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\fr-fr\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\he-il\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\he-il\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\he-il\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\he-il\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\hr-hr\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\hr-hr\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\hr-hr\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\hr-hr\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\hu-hu\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\hu-hu\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\hu-hu\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\hu-hu\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\it-it\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\it-it\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\it-it\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\it-it\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ja-jp\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ja-jp\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ja-jp\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ja-jp\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ko-kr\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ko-kr\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ko-kr\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ko-kr\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\lt-lt\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\lt-lt\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\lt-lt\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\lt-lt\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\lv-lv\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\lv-lv\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\lv-lv\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\lv-lv\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\nb-no\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\nb-no\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\nb-no\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\nb-no\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\nl-nl\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\nl-nl\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\nl-nl\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\nl-nl\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\pl-pl\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\pl-pl\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\pl-pl\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\pl-pl\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\pt-br\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\pt-br\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\pt-br\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\pt-br\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\pt-pt\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\pt-pt\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\pt-pt\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\pt-pt\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ro-ro\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ro-ro\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ro-ro\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ro-ro\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ru-ru\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ru-ru\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ru-ru\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\ru-ru\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sdbapiu.dll
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sk-sk\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sk-sk\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sk-sk\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sk-sk\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sl-si\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sl-si\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sl-si\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sl-si\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\spc.cat
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\spcmsg.dll
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sperror.dll
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\spwizui.dll
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sr-latn-cs\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sr-latn-cs\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sr-latn-cs\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sr-latn-cs\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sv-se\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sv-se\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sv-se\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sv-se\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\sysmain.sdb
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\th-th\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\th-th\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\th-th\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\th-th\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\tr-tr\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\tr-tr\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\tr-tr\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\tr-tr\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\uk-ua\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\uk-ua\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\uk-ua\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\uk-ua\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\zh-cn\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\zh-cn\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\zh-cn\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\zh-cn\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\zh-hk\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\zh-hk\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\zh-hk\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\zh-hk\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\zh-tw\acres.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\zh-tw\spcmsg.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\zh-tw\sperror.dll.mui
c:\61a43970e1f0bbc22d9c\2934832d3efeaec3bf84\zh-tw\spwizui.dll.mui
c:\61a43970e1f0bbc22d9c\spclite.exe
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\programdata\Babylon
c:\users\esther\AppData\Local\Babylon
c:\users\esther\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\esther\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\esther\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\esther\AppData\Local\Babylon\Setup\BExternal.dll
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\common.js
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\page1.css
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\page1.html
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\page1.js
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\page2.js
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\page9.html
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\title1.png
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\title2.png
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\esther\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png
c:\users\esther\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\esther\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.19.zpb
c:\users\esther\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.34.zpb
c:\users\esther\AppData\Local\Babylon\Setup\Setup.exe
c:\users\esther\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\esther\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\esther\AppData\Local\Conduit
c:\users\esther\AppData\Roaming\Babylon
c:\users\esther\AppData\Roaming\Babylon\log_file.txt
c:\windows\iun6002.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-23 to 2012-01-23 ))))))))))))))))))))))))))))))
.
.
2012-01-23 20:35 . 2012-01-23 20:35 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-01-23 20:18 . 2012-01-23 20:18 29904 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B28D3C1-44E1-4214-8BFF-2EABE8CBD357}\MpKsl613c747d.sys
2012-01-23 18:57 . 2012-01-23 20:35 ——– d—–w- c:\users\esther\AppData\Local\temp
2012-01-23 14:05 . 2012-01-23 14:05 ——– d—–w- c:\program files\Common Files\Java
2012-01-23 14:05 . 2011-11-10 04:54 472808 —-a-w- c:\windows\system32\deployJava1.dll
2012-01-23 10:37 . 2012-01-23 10:37 ——– d—–w- c:\users\esther\AppData\Roaming\Malwarebytes
2012-01-23 10:37 . 2012-01-23 10:37 ——– d—–w- c:\programdata\Malwarebytes
2012-01-23 10:37 . 2012-01-23 10:37 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2012-01-23 10:37 . 2011-12-10 14:24 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-01-23 10:27 . 2012-01-23 10:27 ——– d—–w- c:\program files\Trend Micro
2012-01-23 10:25 . 2012-01-23 10:25 ——– d—–w- c:\users\esther\AppData\Local\APN
2012-01-22 23:24 . 2012-01-05 19:19 6557240 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B28D3C1-44E1-4214-8BFF-2EABE8CBD357}\mpengine.dll
2012-01-18 14:09 . 2012-01-18 19:39 ——– d—–w- c:\program files\BrowserCompanion
2012-01-17 10:20 . 2004-01-11 15:03 36864 —-a-w- c:\windows\system32\LckFldService.exe
2012-01-17 10:20 . 2001-03-13 13:49 140288 —-a-w- c:\windows\system32\COMDLG32.OCX
2012-01-17 10:20 . 1998-04-23 23:00 368912 —-a-w- c:\windows\system32\vbar332.dll
2012-01-10 15:57 . 2012-01-10 15:57 ——– d—–w- c:\users\esther\AppData\Roaming\SumatraPDF
2012-01-10 15:57 . 2012-01-18 14:09 2983 —-a-w- C:\user.js
2012-01-10 15:56 . 2012-01-10 15:56 ——– d—–w- c:\program files\PDFReader
2012-01-05 18:19 . 2012-01-05 18:19 ——– d—–w- C:\Disney
2012-01-05 18:19 . 1996-07-18 12:06 297472 —-a-w- c:\windows\uninst.exe
2011-12-29 17:18 . 2011-12-29 17:19 ——– d—–w- c:\users\esther\AppData\Roaming\vlc
2011-12-29 17:18 . 2011-12-29 17:18 ——– d—–w- c:\users\esther\AppData\Local\Ilivid Player
2011-12-29 17:17 . 2011-12-29 18:25 ——– d—–w- c:\program files\iLivid
2011-12-29 17:16 . 2011-12-29 17:16 ——– d—–w- c:\programdata\boost_interprocess
2011-12-29 17:16 . 2011-12-29 17:16 ——– d—–w- c:\users\esther\AppData\Local\PackageAware
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 14:02 . 2011-12-23 14:04 9 —-a-w- c:\users\esther\AppData\Roaming\mdb.bin
2011-12-15 10:18 . 2011-12-15 10:18 913168 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}”
2008-07-29 16:52 121392 —-a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“MyTomTomSA.exe”=“c:\program files\MyTomTom 3\MyTomTomSA.exe”
“TomTomHOME.exe”=“c:\program files\TomTom HOME 2\TomTomHOMERunner.exe”
“NokiaPCInternetAccess”=“c:\program files\Nokia\PC Internet Access\NPCIA.exe”
.
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“ePower_DMC”=“c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe”
“eDataSecurity Loader”=“c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe”
“eAudio”=“c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe”
“BkupTray”=“c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“PLFSetI”=“c:\windows\PLFSetI.exe”
“ArcadeDeluxeAgent”=“c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”
“CLMLServer”=“c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe”
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe”
“Windows Mobile-based device management”=“c:\windows\WindowsMobile\wmdSync.exe”
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe”
“HTC Sync Loader”=“c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe”
.
c:\users\esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
.
“EnableUIADesktopToggle”= 0 (0x0)
.
2009-11-06 18:05 3162624 —-a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
“AppInit_DLLs”=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
@=“”
.
@=“Service”
.
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
path=c:\users\esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
.
2009-01-12 18:15 30192 —-a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
2008-06-16 09:58 809480 —-a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
2008-07-18 15:04 167936 ——w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
2009-11-06 18:05 3719680 —-a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe
.
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - MPKSL613C747D
.
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-01-23 c:\windows\Tasks\User_Feed_Synchronization-{A9EBCAB7-3E68-4847-995A-41BA0A09D85E}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.a2sp.nl/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1109&m=aspire_8930
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-WYSIWYG_Web_Builder_5_NL - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-23 21:35
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
“ImagePath”=“\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Voltooingstijd: 2012-01-23 21:38:14
ComboFix-quarantined-files.txt 2012-01-23 20:38
ComboFix2.txt 2012-01-23 18:57
.
Pre-Run: 105.294.004.224 bytes beschikbaar
Post-Run: 105.381.371.904 bytes beschikbaar
.
- - End Of File - - 1973C49BCDB93EC515BCB0FCABDECC8F
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:40:14, on 23-1-2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Nokia\PC Internet Access\NPCIA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.a2sp.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1109&m=aspire_8930
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: “C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe”
O4 - HKLM\..\Run: “C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe”
O4 - HKLM\..\Run: “C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe” -startup
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: C:\Program Files\MyTomTom 3\MyTomTomSA.exe
O4 - HKCU\..\Run: “C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKCU\..\Run: “C:\Program Files\Nokia\PC Internet Access\NPCIA.exe” /b
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra ‘Tools’ menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
–
End of file - 12092 bytes
fazantje

23-01-2012 21:54

Hoi Esther,
Dat is mooi opgeruimd(tu)
A2SP is jou startpagina heh:S
Om combofix weer te verwijderen, doe het volgende:
Download OTC exe Hier.
Plaats het bestand op je bureaublad.
Zorg dat er een internetverbinding is.
Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
Lukt dat niet , dan dubbelklikken op het icoon.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.
Verwijder nu even al jou herstelpunten, dat doe je als volgt:
Ga naar: Start - Configuratiescherm - Systeem en Onderhoud en kies nu Systeem.
Klik links op Systeembeveiliging en bevestig de melding die je kijgt van Gebruikersaccountbeheer, door op "Doorgaan" te klikken.
Bij Automatische Systeemherselpunten krijg je een overzicht van alle beschikbare harde schijven.
Haal het vinkje weg bij elke harde schijf waar systeemherstel in ingeschakeld.
Bevestig de melding die je krijgt door op 'Systeemherstel uitschakelen' te klikken.
Herstart de computer.
Schakel systeemherstel weer opnieuw in!
De zelfde wijze als hierboven, maar dan weer de vinkjes plaatsen.
Hoe is het nu met jou probleem:S
Voer ook eens ons Schoonmaakplan uit.
Groetjes Huib;)

log file

es

Ben

es

es

fazantje

es

es

fazantje

es

fazantje