Archief - Laptop doet raar sinds deze morgend ...

Ik zet daarnet mijn laptop aan en het eerste dat me opvalt is dat firefox geen nieuwe tabbladen meer wil openen.

Ook krijg ik plots op willekeurig tijdstip een pornsite op mijn firefox te zien als ik om het even welke link aanklik. :doh::doh:

Ben momenteel een scan aan het doen met malwarebytes, maar tot hiertoe nog geen geinfecteerde bestanden gevonden.

Ik heb gisteren mij "temp" folder wel leeggemaakt, maar dit heb ik nog al gedaan dus ik twijfel of het daar iets mee te maken heeft. Eergisteren heb ik enkele afleveringen van "smallville" gedownload via utorrent, maar dat heb ik ook al eerder gedaan dus dat denk ik ook niet dat het is ....

Hieronder een hijackthis logje :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:58, on 25/03/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\BelgianEvo\AppData\Roaming\dwm.exe
C:\Windows\system32\taskeng.exe
C:\Users\BelgianEvo\AppData\Roaming\Microsoft\conhost.exe
C:\Users\BELGIA~1\AppData\Local\Temp\csrss.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\ExtraWebcam\ExtraWebcamLauncher.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\EVEMon\EVEMon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\BELGIA~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\Taskmgr.exe
d:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dutch.toggle.com/nl/index.php?rvs=google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.toggle.com/nl/index.php?rvs=google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://dutch.toggle.com/nl/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.toggle.com/nl/index.php?rvs=google
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:60101
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\prxtbTogg.dll
F3 - REG:win.ini: load=C:\Users\BELGIA~1\AppData\Local\Temp\csrss.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: ToggleDU - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\prxtbTogg.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LeapFTP Internet Explorer Hook - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - C:\PROGRA~1\LEAPFT~1.0\lftpie.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\prxtbTogg.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [ExtraWebcam] "C:\Program Files\ExtraWebcam\ExtraWebcamLauncher.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
O4 - HKCU\..\Run: [EVEMon] "C:\Program Files\EVEMon\EVEMon.exe" -startMinimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\WebcamMax.exe" -a
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [conhost] C:\Users\BelgianEvo\AppData\Roaming\Microsoft\conhost.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TVService - Team MediaPortal - C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 14978 bytes

Heb reeds met malwarebytes gescanned, en die heeft 2 infecties verwijderd, alsook met combofix en hieronder is het logje van combofix.

Die tabbladen van firefox zijn nog altijd niet in orde. Op zich niet zo erg, maar ik denk dat met dat probleem ook een hoop andere problemen er zijn bijgekomen zoals die ongevraagde pornsites die openen als ik op een link klik enz ....

ComboFix 11-03-24.06 - BelgianEvo 25/03/2011 16:33:50.4.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.32.1043.18.3068.1655 [GMT 1:00]
Gestart vanuit: c:\users\BelgianEvo\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee VirusScan *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Aanwezig AV is actief
.
.
ADS - system32: deleted 40 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\BelgianEvo\AppData\Roaming\dwm.exe
c:\users\BelgianEvo\AppData\Roaming\Microsoft\conhost.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-02-25 to 2011-03-25 ))))))))))))))))))))))))))))))
.
.
2011-03-25 15:46 . 2011-03-25 15:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-03-25 15:46 . 2011-03-25 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2011-02-06 15:19 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27 . 2011-02-06 15:19 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-02-06 15:19 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-02-06 15:19 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-02-06 15:19 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-06 15:19 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-02-06 15:19 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-02-06 15:19 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-02-06 15:19 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-02-06 15:19 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-02-06 15:19 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2009-03-24 16:28 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2009-03-24 16:28 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 288872 ----a-w- c:\windows\system32\nvhotkey.dll
2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-12 07:46 . 2010-07-12 07:46 36868 ----a-w- c:\program files\uninst-Starglow.exe
2010-07-12 07:46 . 2010-07-12 07:46 36868 ----a-w- c:\program files\uninst-Echospace.exe
2010-07-12 07:46 . 2010-07-12 07:46 36868 ----a-w- c:\program files\uninst-3DStroke.exe
2003-11-03 15:07 . 2004-04-23 15:06 499712 ----a-w- c:\program files\msvcp71.dll
2003-11-03 15:07 . 2004-04-23 15:06 348160 ----a-w- c:\program files\msvcr71.dll
2003-05-30 07:22 . 2003-09-08 07:09 344064 ----a-r- c:\program files\msvcr70.dll
2002-01-05 01:40 . 2003-09-08 07:09 487424 ----a-w- c:\program files\msvcp70.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}"= "c:\program files\ToggleDU\prxtbTogg.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-03 09:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]
2011-01-03 09:16 175400 ----a-w- c:\program files\ToggleDU\prxtbTogg.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 18:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}"= "c:\program files\ToggleDU\prxtbTogg.dll" [2011-01-03 175400]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1}"= "c:\program files\ToggleDU\prxtbTogg.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"StatBar"="c:\program files\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872]
"EVEMon"="c:\program files\EVEMon\EVEMon.exe" [2011-02-12 1724928]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2009-12-30 1561232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]
"ExtraWebcam"="c:\program files\ExtraWebcam\ExtraWebcamLauncher.exe" [2010-05-31 1590584]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
.
c:\users\BelgianEvo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-10-19 13:57 3162624 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-07-24 13:54 147456 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 20:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-24 13:54 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-06-16 09:58 809480 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2009-09-17 12:29 645328 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 20:06 111208 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OWCWebCamDV]
2004-05-20 06:59 1056768 ----a-w- c:\windows\system\wcdvtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
2009-12-30 21:50 1561232 ----a-w- c:\program files\WebcamMax\webcammax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
2009-10-19 13:56 3719680 ----a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-679545730-3735131634-3253712446-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DVDRIVER;DVDRIVER;c:\windows\system32\DRIVERS\dvdriver.sys [2009-11-18 35016]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 135664]
R2 TVService;TVService;c:\program files\Team MediaPortal\MediaPortal TV Server\TVService.exe [2009-05-08 192512]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2010-04-30 35712]
R3 BlurayDR;BlurayDR;c:\windows\system32\Drivers\BlurayDR.sys [2009-11-05 109056]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
R3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [2010-06-17 52432]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 TridDev;USB Hybrid TV Device (TM6000);c:\windows\system32\DRIVERS\Triddev.sys [2005-04-26 3584]
R3 TridVid;USB Hybrid TV Receiver (TM6000);c:\windows\system32\DRIVERS\TridVid.sys [2007-05-11 190208]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-03-11 210216]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2009-10-19 43184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-30 691696]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2009-10-19 3520512]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-11-27 185640]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-05-26 599344]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys [2004-05-11 212608]
S3 EWC321024;ExtraWebcam 1024x768;c:\windows\system32\DRIVERS\ExtraWebcam_x32_1024.sys [2010-04-12 22912]
S3 EWC32320;ExtraWebcam 320x240;c:\windows\system32\DRIVERS\ExtraWebcam_x32_320.sys [2010-04-12 22912]
S3 EWC32640;ExtraWebcam 640x480;c:\windows\system32\DRIVERS\ExtraWebcam_x32_640.sys [2010-04-12 22912]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-05-26 40752]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-01-30 12672]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhoud van de 'Gedeelde Taken' map
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 11:07]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 11:07]
.
2010-06-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 10:22]
.
2010-12-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 10:22]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=google
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=google
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:60101
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\BelgianEvo\AppData\Roaming\Mozilla\Firefox\Profiles\yrycnzgb.default\
FF - prefs.js: browser.startup.homepage - hxxp://dutch.toggle.com/nl/index.php?rvs=google
FF - prefs.js: keyword.URL - hxxp://dutch.toggle.com/nl/index.php?rvs=google
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60101
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Belgium eID: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Ask Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Exif Viewer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: ToggleDU Community Toolbar: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - %profile%\extensions\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-conhost - c:\users\BelgianEvo\AppData\Roaming\Microsoft\conhost.exe
HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
SafeBoot-klmd23.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-25 16:51
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(13700)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
.
**************************************************************************
.
Voltooingstijd: 2011-03-25 16:59:21 - machine werd herstart
ComboFix-quarantined-files.txt 2011-03-25 15:59
.
Pre-Run: 90.123.370.496 bytes beschikbaar
Post-Run: 93.826.932.736 bytes beschikbaar
.
- - End Of File - - 12937F83B42A24DAF70BB039262C65B9

Voer even de onderstaande fix uit.

Download ProxyFix naar het bureaublad.

• Dubbelklik op "ProxyFix.exe" om de tool te starten.
• Geef ik het keuzescherm de letter "A" op en druk op enter.
• Plaats het logje wat nu opent in het volgende bericht samen met een nieuw logje van combofix.

"registersleutel : waarde" not deleted
"registersleutel : waarde" not deleted
"registersleutel : waarde" deleted successfully
"registersleutel : waarde" added successfully

ComboFix 11-03-25.01 - BelgianEvo 26/03/2011 9:19.5.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.32.1043.18.3068.1810 [GMT 1:00]
Gestart vanuit: c:\users\BelgianEvo\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee VirusScan *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Aanwezig AV is actief
.
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-02-26 to 2011-03-26 ))))))))))))))))))))))))))))))
.
.
2011-03-26 08:31 . 2011-03-26 08:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-03-26 08:31 . 2011-03-26 08:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-25 16:14 . 2011-03-18 18:03 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-25 16:14 . 2011-03-18 18:03 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-25 16:14 . 2011-03-18 18:03 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-25 16:14 . 2011-03-18 18:03 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-25 16:14 . 2011-03-18 18:03 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-25 16:14 . 2011-03-18 18:03 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-25 16:14 . 2011-03-18 18:03 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-25 16:14 . 2011-03-18 18:03 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2011-02-06 15:19 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27 . 2011-02-06 15:19 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-02-06 15:19 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-02-06 15:19 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-02-06 15:19 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-06 15:19 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-02-06 15:19 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-02-06 15:19 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-02-06 15:19 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-02-06 15:19 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-02-06 15:19 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2009-03-24 16:28 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2009-03-24 16:28 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 288872 ----a-w- c:\windows\system32\nvhotkey.dll
2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-12 07:46 . 2010-07-12 07:46 36868 ----a-w- c:\program files\uninst-Starglow.exe
2010-07-12 07:46 . 2010-07-12 07:46 36868 ----a-w- c:\program files\uninst-Echospace.exe
2010-07-12 07:46 . 2010-07-12 07:46 36868 ----a-w- c:\program files\uninst-3DStroke.exe
2003-11-03 15:07 . 2004-04-23 15:06 499712 ----a-w- c:\program files\msvcp71.dll
2003-11-03 15:07 . 2004-04-23 15:06 348160 ----a-w- c:\program files\msvcr71.dll
2003-05-30 07:22 . 2003-09-08 07:09 344064 ----a-r- c:\program files\msvcr70.dll
2002-01-05 01:40 . 2003-09-08 07:09 487424 ----a-w- c:\program files\msvcp70.dll
2011-03-18 18:03 . 2011-03-25 16:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}"= "c:\program files\ToggleDU\prxtbTogg.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-03 09:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]
2011-01-03 09:16 175400 ----a-w- c:\program files\ToggleDU\prxtbTogg.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 18:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}"= "c:\program files\ToggleDU\prxtbTogg.dll" [2011-01-03 175400]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1}"= "c:\program files\ToggleDU\prxtbTogg.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"StatBar"="c:\program files\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872]
"EVEMon"="c:\program files\EVEMon\EVEMon.exe" [2011-02-12 1724928]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2009-12-30 1561232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]
"ExtraWebcam"="c:\program files\ExtraWebcam\ExtraWebcamLauncher.exe" [2010-05-31 1590584]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
.
c:\users\BelgianEvo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-10-19 13:57 3162624 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-07-24 13:54 147456 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 20:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-24 13:54 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-06-16 09:58 809480 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2009-09-17 12:29 645328 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 20:06 111208 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OWCWebCamDV]
2004-05-20 06:59 1056768 ----a-w- c:\windows\system\wcdvtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
2009-12-30 21:50 1561232 ----a-w- c:\program files\WebcamMax\webcammax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
2009-10-19 13:56 3719680 ----a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-679545730-3735131634-3253712446-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DVDRIVER;DVDRIVER;c:\windows\system32\DRIVERS\dvdriver.sys [2009-11-18 35016]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 135664]
R2 TVService;TVService;c:\program files\Team MediaPortal\MediaPortal TV Server\TVService.exe [2009-05-08 192512]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2010-04-30 35712]
R3 BlurayDR;BlurayDR;c:\windows\system32\Drivers\BlurayDR.sys [2009-11-05 109056]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
R3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [2010-06-17 52432]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 TridDev;USB Hybrid TV Device (TM6000);c:\windows\system32\DRIVERS\Triddev.sys [2005-04-26 3584]
R3 TridVid;USB Hybrid TV Receiver (TM6000);c:\windows\system32\DRIVERS\TridVid.sys [2007-05-11 190208]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-03-11 210216]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2009-10-19 43184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-30 691696]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2009-10-19 3520512]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-11-27 185640]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-05-26 599344]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys [2004-05-11 212608]
S3 EWC321024;ExtraWebcam 1024x768;c:\windows\system32\DRIVERS\ExtraWebcam_x32_1024.sys [2010-04-12 22912]
S3 EWC32320;ExtraWebcam 320x240;c:\windows\system32\DRIVERS\ExtraWebcam_x32_320.sys [2010-04-12 22912]
S3 EWC32640;ExtraWebcam 640x480;c:\windows\system32\DRIVERS\ExtraWebcam_x32_640.sys [2010-04-12 22912]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-05-26 40752]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-01-30 12672]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhoud van de 'Gedeelde Taken' map
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 11:07]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 11:07]
.
2010-06-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 10:22]
.
2010-12-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 10:22]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=google
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=google
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {8CF24F1D-72A7-4672-8BC7-ACB28473F77C} = 81.169.60.107 81.169.60.107
FF - ProfilePath - c:\users\BelgianEvo\AppData\Roaming\Mozilla\Firefox\Profiles\yrycnzgb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://dutch.toggle.com/nl/index.php?rvs=google
FF - prefs.js: keyword.URL - hxxp://dutch.toggle.com/nl/index.php?rvs=google
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60101
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-26 09:34
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(13400)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Voltooingstijd: 2011-03-26 09:42:02 - machine werd herstart
ComboFix-quarantined-files.txt 2011-03-26 08:41
ComboFix2.txt 2011-03-25 15:59
.
Pre-Run: 93.465.141.248 bytes beschikbaar
Post-Run: 93.327.273.984 bytes beschikbaar
.
- - End Of File - - 513565120C5B884CC48ECE09862F192A

Beter nu ?

Juisterr zei:

Beter nu ?

Klik om te vergroten...

Yep, ik denk het wel.
Hij start ook een stuk sneller op

mercikes he !

Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.

Voorbeeld:



Uitvoeren kan ook gestart worden door de toetsencombinatie

ok cava,

Maar waarom moet dat ge-uninstalled worden?

Overbodig geworden en daar hij toch met grote regelmaat wordt geupdate moet hij er anders later toch ook weer af.