Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Graag check laptop na virusverwijdering

None
7 antwoorden
  • Avast waarschuwde me dat er virussen op deze laptop stonden, vervolgens zijn ze door AVast verwijderd en/of in een kluis geparkeerd. Vervolgens MBAM gedraaid en ongeveer 95 besmettingen gevonden en succesvol verwijderd. Graag zou ik nog een controle willen of deze PC nu wel helemaal schoon is.
    Hieronder volgen dus de HiJackthis-file en de laatste MBAM-logfile.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:10:35, on 21-5-2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16766)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\QuickTime\qttask.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com
    dr.aspx?b=ACAW&l=0413&m=aspire_7551&r=273610105406l04d8z1i5t4781k456
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com
    dr.aspx?b=ACAW&l=0413&m=aspire_7551&r=273610105406l04d8z1i5t4781k456
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com
    dr.aspx?b=ACAW&l=0413&m=aspire_7551&r=273610105406l04d8z1i5t4781k456
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com
    dr.aspx?b=ACAW&l=0413&m=aspire_7551&r=273610105406l04d8z1i5t4781k456
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
    O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 9680 bytes


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 6633

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    21-5-2011 13:16:09
    mbam-log-2011-05-21 (13-16-09).txt

    Scantype: Snelle scan
    Objecten gescand: 159173
    Verstreken tijd: 3 minuut/minuten, 35 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    c:\Users\Jolein\downloads\installer_limewire_5_5_16_dutch.exe (PUP.SmsPay.PGen) -> Quarantined and deleted successfully.
  • Aanvullingen:
    * Op mijn advies Limewire en limewire toolbar verwijderd;
    * Computer bleek de laatste tijd wel steeds trager te werken, is nu al beter (volgens m'n dochter)
  • Hoi Goudpan, doe eerst het volgende:

    sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:ddeeb70468]Fix checked[/b:ddeeb70468] klikt!


    Start nu HijackThis middels rechtsklik met Administratorrechten (lukt dat niet ga dan naar de installatielokatie van HijackThis en start "hijackthis.exe" vervolgens met administratorrechten.)en klik op de knop [b:ddeeb70468]Do a Scan only,

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll[/b:ddeeb70468]
    [list:ddeeb70468][*:ddeeb70468] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen

    [*:ddeeb70468] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:ddeeb70468]Fix checked[/b:ddeeb70468]
    [*:ddeeb70468] Klik hierna HijackThis op uit.[/list:u:ddeeb70468]


    Daarna doe je onderstaande:

    [b:ddeeb70468]Welk programma[/b:ddeeb70468]: ComboFix
    [b:ddeeb70468]Waarvoor/waarom[/b:ddeeb70468]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:ddeeb70468]Moeilijkheidsgraad[/b:ddeeb70468]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:ddeeb70468]Downloadlokatie[/b:ddeeb70468]: Dit programma absoluut naar het bureaublad downloaden!
    [b:ddeeb70468]Download ComboFix via één van deze locaties[/b:ddeeb70468]:
    [list:ddeeb70468][*:ddeeb70468][b:ddeeb70468]Bleepingcomputer[/b:ddeeb70468]
    [*:ddeeb70468][b:ddeeb70468]ForoSpyware[/b:ddeeb70468]
    [*:ddeeb70468][b:ddeeb70468]Geekstogo[/b:ddeeb70468][/list:u:ddeeb70468]
    [b:ddeeb70468]Hier[/b:ddeeb70468] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:ddeeb70468]Hier[/b:ddeeb70468] en [b:ddeeb70468]hier[/b:ddeeb70468] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:ddeeb70468]Voor alle duidelijkheid nogmaals[/b:ddeeb70468]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:ddeeb70468]Opmerkingen[/b:ddeeb70468]:
    [list:ddeeb70468][*:ddeeb70468] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:ddeeb70468]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:ddeeb70468]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:ddeeb70468]
    [b:ddeeb70468]ComboFix is opgestart[/b:ddeeb70468]:
    [list:ddeeb70468][*:ddeeb70468]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:ddeeb70468]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:ddeeb70468]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:ddeeb70468]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:ddeeb70468]Post de inhoud van dit logbestand in je volgende bericht.
    [*:ddeeb70468]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:ddeeb70468]
    [b:ddeeb70468]Belangrijke opmerking[/b:ddeeb70468]:
    [list:ddeeb70468][*:ddeeb70468][b:ddeeb70468]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:ddeeb70468][/b:ddeeb70468]
    [*:ddeeb70468][b:ddeeb70468]Illegal operation attempted on a registery key that has been marked for deletion.[/color:ddeeb70468][/b:ddeeb70468]
    [*:ddeeb70468][b:ddeeb70468]Start dan de computer opnieuw op.[/color:ddeeb70468][/b:ddeeb70468][/list:u:ddeeb70468]
  • ComboFix 11-05-27.02 - Jolein 28-05-2011 14:57:08.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.1790.962 [GMT 2:00]
    Gestart vanuit: c:\users\Jolein\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\programdata\FullRemove.exe
    c:\users\Jolein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2 .lnk
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-28 to 2011-05-28 ))))))))))))))))))))))))))))))
    .
    .
    2011-05-28 13:03 . 2011-05-28 13:03 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-05-28 08:30 . 2011-05-09 22:00 8718160 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9E2C22B-8D37-4933-B79C-8184333D4392}\mpengine.dll
    2011-05-28 08:26 . 2011-05-28 08:26 ——– d—–w- c:\users\Jolein\AppData\Local\{0DA728BF-FDF7-497C-850B-CE9078647BAE}
    2011-05-27 16:19 . 2011-05-28 08:41 ——– d—–w- c:\programdata\VirtualizedApplications
    2011-05-27 14:07 . 2011-05-27 14:07 ——– d—–w- c:\users\Jolein\AppData\Local\SoftGrid Client
    2011-05-27 14:07 . 2011-05-27 20:16 ——– d—–w- c:\users\Jolein\AppData\Roaming\SoftGrid Client
    2011-05-27 14:06 . 2011-05-27 14:06 ——– d—–w- c:\program files (x86)\Microsoft Application Virtualization Client
    2011-05-27 14:05 . 2011-05-27 14:08 ——– d—–w- c:\users\Jolein\AppData\Roaming\TP
    2011-05-27 05:42 . 2011-05-27 05:42 ——– d—–w- c:\users\Jolein\AppData\Local\{B742390B-79C9-4AFE-9B98-51B51E2C2BE7}
    2011-05-26 14:59 . 2011-05-26 14:59 ——– d—–w- c:\users\Jolein\AppData\Local\{2D8F469D-044F-48B2-BF80-BBF529EE8A9D}
    2011-05-25 18:29 . 2011-05-25 18:29 ——– d—–w- c:\users\Jolein\AppData\Local\{CC6C0567-C26C-4EE5-908D-38935F9EB1F6}
    2011-05-25 06:35 . 2011-04-22 20:18 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-25 06:28 . 2011-05-25 06:29 ——– d—–w- c:\users\Jolein\AppData\Local\{6BAC16B2-DECD-4E25-B252-933146812C3F}
    2011-05-24 17:53 . 2011-05-24 17:53 ——– d—–w- c:\users\Jolein\AppData\Local\{88153366-8690-4E20-BF9D-C565E3CFFC57}
    2011-05-24 05:53 . 2011-05-24 05:53 ——– d—–w- c:\users\Jolein\AppData\Local\{F8819698-CA5A-4C1C-B55B-6F2B3A953F98}
    2011-05-22 21:59 . 2011-05-22 21:59 ——– d—–w- c:\windows\SysWow64\wbem\en-US
    2011-05-22 21:59 . 2011-05-22 21:59 ——– d—–w- c:\windows\system32\wbem\en-US
    2011-05-22 09:05 . 2011-05-22 09:05 ——– d—–w- c:\windows
    l
    2011-05-22 09:02 . 2011-05-22 09:02 ——– d—–w- c:\program files\Windows Live
    2011-05-22 09:02 . 2009-09-04 15:44 69464 —-a-w- c:\windows\SysWow64\XAPOFX1_3.dll
    2011-05-22 09:02 . 2009-09-04 15:44 515416 —-a-w- c:\windows\SysWow64\XAudio2_5.dll
    2011-05-22 09:02 . 2009-09-04 15:29 453456 —-a-w- c:\windows\SysWow64\d3dx10_42.dll
    2011-05-22 09:02 . 2009-09-04 15:29 523088 —-a-w- c:\windows\system32\d3dx10_42.dll
    2011-05-21 11:03 . 2011-05-21 11:03 388096 —-a-r- c:\users\Jolein\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-21 11:03 . 2011-05-21 11:03 ——– d—–w- c:\program files (x86)\Trend Micro
    2011-05-16 08:03 . 2011-05-16 08:03 1409 —-a-w- c:\windows\QTFont.for
    2011-05-14 13:35 . 2011-04-09 06:58 142336 —-a-w- c:\windows\system32\poqexec.exe
    2011-05-14 13:35 . 2011-04-09 05:56 123904 —-a-w- c:\windows\SysWow64\poqexec.exe
    2011-05-11 07:14 . 2011-05-11 07:14 ——– d—–w- c:\programdata\Apple Computer
    2011-05-11 06:43 . 2011-04-09 06:45 5509504 —-a-w- c:\windows\system32
    toskrnl.exe
    2011-05-11 06:43 . 2011-04-09 06:13 3957632 —-a-w- c:\windows\SysWow64
    tkrnlpa.exe
    2011-05-11 06:43 . 2011-04-09 06:13 3901824 —-a-w- c:\windows\SysWow64
    toskrnl.exe
    2011-05-11 06:43 . 2011-03-29 03:32 343040 —-a-w- c:\windows\system32\drivers\usbhub.sys
    2011-05-11 06:43 . 2011-03-29 03:32 99328 —-a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-05-11 06:43 . 2011-03-29 03:32 324608 —-a-w- c:\windows\system32\drivers\usbport.sys
    2011-05-11 06:43 . 2011-03-29 03:32 52224 —-a-w- c:\windows\system32\drivers\usbehci.sys
    2011-05-11 06:43 . 2011-03-29 03:32 25600 —-a-w- c:\windows\system32\drivers\usbohci.sys
    2011-05-11 06:43 . 2011-03-29 03:32 30720 —-a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-05-11 06:43 . 2011-03-29 03:32 7936 —-a-w- c:\windows\system32\drivers\usbd.sys
    2011-05-04 10:26 . 2011-05-04 10:26 ——– d—–w- c:\windows\SysWow64\Adobe
    2011-05-04 08:33 . 2011-04-14 16:57 142296 —-a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-05-04 08:33 . 2011-04-14 16:57 89048 —-a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2011-05-04 08:33 . 2011-04-14 16:57 781272 —-a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-05-04 08:33 . 2011-04-14 16:57 465880 —-a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-05-04 08:33 . 2011-04-14 16:57 1874904 —-a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
    2011-05-04 08:33 . 2011-04-14 16:57 15832 —-a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
    2011-05-04 08:33 . 2010-01-01 08:00 1974616 —-a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    2011-05-04 08:33 . 2010-01-01 08:00 1892184 —-a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-22 09:02 . 2010-06-24 09:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-05-10 12:10 . 2010-10-09 17:21 40112 —-a-w- c:\windows\avastSS.scr
    2011-05-10 12:10 . 2010-10-09 17:21 199304 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2011-05-10 12:10 . 2011-04-17 21:23 253888 —-a-w- c:\windows\system32\aswBoot.exe
    2011-05-10 12:04 . 2011-04-17 21:23 600920 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-10 12:04 . 2010-10-09 17:25 287576 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-10 12:02 . 2010-10-09 17:25 53592 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-10 11:59 . 2010-10-09 17:25 31064 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-10 11:59 . 2010-10-09 17:25 64344 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-05-10 11:59 . 2010-10-09 17:25 22360 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-12 12:03 . 2011-04-27 18:18 662528 —-a-w- c:\windows\system32\XpsPrint.dll
    2011-03-12 11:31 . 2011-04-27 18:18 442880 —-a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-03-11 06:23 . 2011-04-27 18:17 187264 —-a-w- c:\windows\system32\drivers\storport.sys
    2011-03-11 06:23 . 2011-04-27 18:18 1657216 —-a-w- c:\windows\system32\drivers
    tfs.sys
    2011-03-11 06:23 . 2011-04-27 18:18 166272 —-a-w- c:\windows\system32\drivers
    vstor.sys
    2011-03-11 06:23 . 2011-04-27 18:18 148352 —-a-w- c:\windows\system32\drivers
    vraid.sys
    2011-03-11 06:23 . 2011-04-27 18:17 410496 —-a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-03-11 06:22 . 2011-04-27 18:18 107904 —-a-w- c:\windows\system32\drivers\amdsata.sys
    2011-03-11 06:22 . 2011-04-27 18:17 27008 —-a-w- c:\windows\system32\drivers\amdxata.sys
    2011-03-11 06:19 . 2011-04-13 06:00 1395712 —-a-w- c:\windows\system32\mfc42.dll
    2011-03-11 06:19 . 2011-04-13 06:00 1359872 —-a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 06:18 . 2011-04-27 18:18 2566144 —-a-w- c:\windows\system32\esent.dll
    2011-03-11 06:15 . 2011-04-27 18:17 96768 —-a-w- c:\windows\system32\fsutil.exe
    2011-03-11 05:40 . 2011-04-13 06:00 1164288 —-a-w- c:\windows\SysWow64\mfc42u.dll
    2011-03-11 05:40 . 2011-04-13 06:00 1137664 —-a-w- c:\windows\SysWow64\mfc42.dll
    2011-03-11 05:39 . 2011-04-27 18:18 1686016 —-a-w- c:\windows\SysWow64\esent.dll
    2011-03-11 05:37 . 2011-04-27 18:17 74240 —-a-w- c:\windows\SysWow64\fsutil.exe
    2011-03-08 06:14 . 2011-04-13 06:00 976896 —-a-w- c:\windows\system32\inetcomm.dll
    2011-03-08 05:38 . 2011-04-13 06:00 740864 —-a-w- c:\windows\SysWow64\inetcomm.dll
    2011-03-04 06:17 . 2011-04-27 18:18 135168 —-a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17 . 2011-04-27 18:18 347648 —-a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17 . 2011-04-13 06:00 182272 —-a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 06:14 . 2011-04-13 06:00 30208 —-a-w- c:\windows\system32\dnscacheugc.exe
    2011-03-03 05:27 . 2011-04-13 06:00 28672 —-a-w- c:\windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58 . 2011-04-13 06:01 3133440 —-a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-02-01 18:03 120176 —-a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
    "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
    "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
    "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-27 102400]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-05-11 282624]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
    R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 134384 —-a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-02-01 18:06 137584 —-a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
    "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://homepage.acer.com
    dr.aspx?b=ACAW&l=0413&m=aspire_7551&r=273610105406l04d8z1i5t4781k456
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.acer.com
    dr.aspx?b=ACAW&l=0413&m=aspire_7551&r=273610105406l04d8z1i5t4781k456
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Jolein\AppData\Roaming\Mozilla\Firefox\Profiles\klztszi9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: keyword.URL - hxxp://www.scanquery.com/?tmp=nemo_results_removelink&prt=ScnqryPB&keywords=
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-3410117251-1924067041-3159334283-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3410117251-1924067041-3159334283-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2011-05-28 15:06:26
    ComboFix-quarantined-files.txt 2011-05-28 13:06
    .
    Pre-Run: 187.976.482.816 bytes beschikbaar
    Post-Run: 187.644.743.680 bytes beschikbaar
    .
    - - End Of File - - D789FB378FE4EBFF90C3C6CB6D703277
  • Hoi goudpan, hoe draait jouw Windows nu.
    Zijn er nog problemen.
  • Mijn Windows draait prima nu, ter controle stuur ik nog even mijn laatste HijackThis log mee:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:14:06, on 29-5-2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\QuickTime\qttask.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com
    dr.aspx?b=ACAW&l=0413&m=aspire_7551&r=273610105406l04d8z1i5t4781k456
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com
    dr.aspx?b=ACAW&l=0413&m=aspire_7551&r=273610105406l04d8z1i5t4781k456
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 8383 bytes
  • Hoi goudpan, je log ziet er goed uit.

    Wel heb ik nu een vraag aan je: waarom heb jij jouw Windows nog niet op SP1 niveau gebracht?

    ComboFix mag nu verwijderd worden:
    [list:be24aac12c][*:be24aac12c] ga daarvoor naar Start - Uitvoeren
    [*:be24aac12c] kopieer en plak hierin het volgende: [b:be24aac12c]Combofix /Uninstall[/b:be24aac12c]
    [*:be24aac12c] klik daarna op [b:be24aac12c]OK[/b:be24aac12c].
    [*:be24aac12c] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:be24aac12c]

    Voorbeeld:

    [img:be24aac12c]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:be24aac12c]

    Uitvoeren kan ook gestart worden door de toetsencombinatie [img:be24aac12c]http://home.kpn.nl/stefsmeenk/W+R.jpg[/img:be24aac12c]

    [i:be24aac12c]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden,
    herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
    gaat verborgen bestanden en systeembestanden terug verbergen
    en reset je Systeemherstel opnieuw.[/i:be24aac12c]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.