• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

problemen startpagina

Status
Niet open voor verdere reacties.

metoyou'ke

Junior lid
Lid geworden
14 sep 2005
Berichten
54
Waarderingsscore
1
na opstarten pc heb ik iedere dag telkens terug een andere startpagina. namelijk http://www.smartwebsearch.net/index.php?from=3
ik stel telkens terug google in, toch deze blijft niet behouden. ook bij het lopen van spybot krijg ik bij problemen de melding CoolWWWSearch.WCADW
na herstel en verwijderen blijkt dit op de pc te blijven zitten.
wat zou het probleem kunnen zijn, gaat over een laptop met windows 7.
mvg. kris
ps. cws shredder kan ook niks vinden
 
Hoi metoyou'ke, welkom weer eens keer.

Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:
  • Lees alle instrukties goed door.
  • Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken.
  • Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken.
  • Gebruik altijd n scanner per keer, nooit meerdere tegelijk gebruiken.
  • Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
  • De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.

Stap 1
Welk programma: Trend Micro Hijack This Versie 2.0.4
Waarvoor/waarom: maakt een duidelijk overzicht van Windows door middel van een scan.
Moeilijkheidsgraad: geen, enkel Vista- en Win 7 gebruikers dienen even extra aandacht te geven.

Download de HijackThis Installer

Installatie:
  • Installeer HijackThis op de aangegeven lokatie - daarmee wordt voorkomen dat eventuele back-ups niet terugvindbaar zijn!
Gebruikers van Windows Vista en Windows 7 gaan daarna naar de installatielokatie van HijackThis.
  • Vervolgens met rechts "hijackthis.exe" aanklikken en dan "Eigenschappen" kiezen.
  • Klik nu op de tab "Comptabiliteit" en zet dan een vinkje bij "Als Administrator uitvoeren".
  • Als laatste wordt dan nog op Toepassen en OK geklikt

Hijack This gebruiken:
  • Sluit eerst alle openstaande programma's en de webbrowsers.
  • Start nu 'Hijack This' en klik vervolgens op de knop 'Do a system scan and save a logfile'
    • Start HijackThis op met het scanvenster, klik dan eerst op de knop 'Main Menu'
  • Sluit nu alle openstaande vensters en start vervolgens 'HijackThis' en kies voor 'Do a system scan and save a logfile'.
  • Ga naar DDRMMR's kleurcodeerder (Klik)
  • Kopieer en plak de inhoud van het Hijack This-logfile in het webvenster en klik op de knop 'Converteer'.
  • Kopieer en plak de inhoud van de kleurcodeerder in je aansluitende bericht.
  • Hierna mag je Hijack This weer sluiten
Stap 2
Welk programma: Microsoft Safety Scanner
Waarvoor/waarom: specialistische scanner van Microsoft om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.
Opmerking: Microsoft Safety Scanner verloopt 10 dagen nadat het is gedownload.
Als u opnieuw een scan wilt uitvoeren met de nieuwste definities ter voorkoming van schadelijke software,
downloadt u Microsoft Safety Scanner opnieuw en voert u het opnieuw uit.
Dowload de Microsoft Safety Scanner hier.

Windows 2000 en Windows XP: start Microsoft's Safety Scanner middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start Microsoft's Safety Scanner middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
Zet vervolgens een vinkje bij "Ik accepteer de voorwaarden van de bovenstaande gebruiksovereenkomst".

Scannen:
  • Bij het starten van 'Microsoft's Safety Scanner', klik op de knop "Volgende", vervolgens kies je voor 'Snelle Scan'.
  • Het scannen duurt wel even, dus wees geduldig.

Stap 3
Welk programma: Malwarebytes MBAM
Waarvoor/waarom: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.

Download Malwarebytes MBAM via n van deze locaties:
Allereerst:
  • Al meteen na de installatie wil 'MBAM' zijn database opwaarderen toestaan dus.
  • Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
Malwarebytes MBAM opstarten:
Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
  • Let op:
    • Malwarebytes verstrekt nu de volledige versie van MBAM.
    • Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
    • Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
    • Zodoende zal MBAM als gratis versie verder te gebruiken zijn
mbam2.png


  • Doe ook nog het volgende:
    • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".

Scannen:
  • Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
  • Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
  • Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.
Infecties gevonden:
  • Klik nu eerst op OK om de melding weg te klikken
  • Klik vervolgens rechtsonder op de knop Bekijk resultaten.
  • Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  • Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven dan telkens op 'OK' klikken!
  • Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.
MBAM-Log:
  • Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.
Post aansluitend in je volgende bericht de inhoud van het MBAM-log.


Stap 4
Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:
  • een nieuw Hijackthis-log
  • MBAM scanlog
Tevens een Uninstall-lijst posten:
  • start HijackThis,
  • klik op de knop Open the Misc Tools section,
  • klik op de knop Open Uninstall Manager,
  • Klik op de knop Save.
 
resultaten stap 1
[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:45:02, on 22/08/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
c:\program files (x86)\youtubedownloader.org\youtubedownloader\youtubedownloader updater.exe
c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\program files (x86)\launch manager\lmworker.exe
c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe
c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe
c:\program files (x86)\egistec mywinlockersuite\x86\suitetray.exe
c:\program files (x86)\egistec ips\pmmupdate.exe
c:\program files (x86)\nti\acer backup manager\backupmanagertray.exe
c:\program files (x86)\launch manager\lmanager.exe
c:\program files (x86)\acer\clear.fi\movie\clear.fimovieservice.exe
c:\program files (x86)\avg\avg10\avgtray.exe
c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe
c:\program files (x86)\egistec ips\egisupdate.exe
c:\program files (x86)\avg\avg10\identity protection\agent\bin\avgidsmonitor.exe
c:\windows\syswow64\macromed\flash\flashutil10v_activex.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\google\google toolbar\googletoolbaruser_32.exe
c:\program files (x86)\trend micro\hijackthis\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,default_page_url = [noparse]http://acer.msn.com[/noparse]
r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.smartwebsearch.net/index.php?from=3[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://acer.msn.com[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://acer.msn.com[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
r3 - urlsearchhook: utorrentbar_nl toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files (x86)\utorrentbar_nl\prxtbutor.dll
f2 - reg:system.ini: userinit=userinit.exe
o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg10\avgssie.dll
o2 - bho: avg security toolbar bho - {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg10\toolbar\ietoolbar.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: avg security toolbar - {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg10\toolbar\ietoolbar.dll
o4 - hklm\..\run: [iastoricon] c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe
o4 - hklm\..\run: [suitetray] c:\program files (x86)\egistec mywinlockersuite\x86\suitetray.exe
o4 - hklm\..\run: [egistecpmmupdate] c:\program files (x86)\egistec ips\pmmupdate.exe
o4 - hklm\..\run: [egisupdate] c:\program files (x86)\egistec ips\egisupdate.exe -d
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [backupmanagertray] c:\program files (x86)\nti\acer backup manager\backupmanagertray.exe -h -k
o4 - hklm\..\run: [lmanager] c:\program files (x86)\launch manager\lmanager.exe
o4 - hklm\..\run: [arcademovieservice] c:\program files (x86)\acer\clear.fi\movie\clear.fimovieservice.exe
o4 - hklm\..\run: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [groovemonitor] c:\program files (x86)\microsoft office\office12\groovemonitor.exe
o4 - hklm\..\run: [avg_tray] c:\program files (x86)\avg\avg10\avgtray.exe
o4 - hkcu\..\run: [ntservicemanager] c:\program files (x86)\youtubedownloader.org\youtubedownloader\youtubedownloader updater.exe
o4 - hkcu\..\run: [swg] c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'network service')
o4 - hkus\s-1-5-18\..\runonce: [ismywinlockerreboot] msiexec.exe /qn /x{voidguid} (user 'system')
o4 - hkus\.default\..\runonce: [ismywinlockerreboot] msiexec.exe /qn /x{voidguid} (user 'default user')
o8 - extra context menu item: e&xport to microsoft excel - res://c:\progra~2\micros~4\office12\excel.exe/3000
o8 - extra context menu item: google sidewiki... - res://c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_7461b1589e8b4fb7.dll/cmsidewiki.html
o9 - extra button: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1004 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1003 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra button: send to onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~2\micros~4\office12\onbttnie.dll
o9 - extra 'tools' menuitem: s&end to onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~2\micros~4\office12\onbttnie.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~2\micros~4\office12\refiebar.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o11 - options group: [accelerated_graphics] accelerated graphics
o18 - protocol: avgsecuritytoolbar - {f2dde6b2-9684-4a55-86d4-e255e237b77c} - c:\program files (x86)\avg\avg10\toolbar\ietoolbar.dll
o18 - protocol: groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files (x86)\microsoft office\office12\groovesystemservices.dll
o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files (x86)\avg\avg10\avgpp.dll
o18 - protocol: wlpg - {e43ef6cd-a37a-4a9b-9e6f-83f89b8e6324} - c:\program files (x86)\windows live\photo gallery\albumdownloadprotocolhandler.dll
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: avg security toolbar service - unknown owner - c:\program files (x86)\avg\avg10\toolbar\toolbarbroker.exe
o23 - service: avgidsagent - avg technologies cz, s.r.o. - c:\program files (x86)\avg\avg10\identity protection\agent\bin\avgidsagent.exe
o23 - service: avg watchdog (avgwd) - avg technologies cz, s.r.o. - c:\program files (x86)\avg\avg10\avgwdsvc.exe
o23 - service: dritek wmi service (dsiwmiservice) - dritek system inc. - c:\program files (x86)\launch manager\dsiwmis.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: egistec ticket service - egis technology inc. - c:\program files (x86)\common files\egistec\services\egisticketservice.exe
o23 - service: acer epower service (epowersvc) - acer incorporated - c:\program files\acer\acer epower management\epowersvc.exe
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: flexnet licensing service - acresso software inc. - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: gregservice - acer incorporated - c:\program files (x86)\acer\registration\gregsvc.exe
o23 - service: google updateservice (gupdate) (gupdate) - google inc. - c:\program files (x86)\google\update\googleupdate.exe
o23 - service: google update-service (gupdatem) (gupdatem) - google inc. - c:\program files (x86)\google\update\googleupdate.exe
o23 - service: google software updater (gusvc) - google - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
o23 - service: intel(r) rapid storage technology (iastordatamgrsvc) - intel corporation - c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: live updater service - acer incorporated - c:\program files\acer\acer updater\updaterservice.exe
o23 - service: intel(r) management and security application local management service (lms) - intel corporation - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: nti ischedulesvc - nti corporation - c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: intel(r) management & security application user notification service (uns) - intel corporation - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wat\watux.exe,-601 (watadminsvc) - unknown owner - c:\windows\system32\wat\watadminsvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
--
end of file - 12092 bytes
[/hjt]

2de stap Microsoft Safety Scanner heeft niks gevonden
 
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Databaseversie: 7538
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
22/08/2011 23:14:07
mbam-log-2011-08-22 (23-14-07).txt
Scantype: Snelle scan
Objecten gescand: 173364
Verstreken tijd: 3 minuut/minuten, 11 seconde(n)
Geheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 1
Registerwaarden genfecteerd: 0
Registerdata genfecteerd: 0
Mappen genfecteerd: 0
Bestanden genfecteerd: 0
Geheugenprocessen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels genfecteerd:
HKEY_CURRENT_USER\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.
Registerwaarden genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
 
Jij mag het volgende gaan doen:

Welk programma: ComboFix
Waarvoor/waarom: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
Moeilijkheidsgraad: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden!
Download ComboFix via n van deze locaties:
Hier zie je hoe je ComboFix moet gebruiken.

Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
Hier en hier
vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Let op: voor alle duidelijkheid nogmaals: ComboFix dient vanaf het bureaublad gestart te worden.
Windows Vista en Windows 7 gebruikers verplaatsen (NIET: kopiren) desgewenst ComboFix.exe uit de map Downloads naar het bureaublad.

Opmerkingen:
  • Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
ComboFix opstarten:
  • Windows 2000 en Windows XP: start ComboFix.exe middels dubbelklik op ComboFix.exe.
  • Windows Vista en Windows 7: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor "Als Administrator uitvoeren".
ComboFix is opgestart:
  • Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
  • Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
  • Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
  • Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
  • Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
  • Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt
Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
    Illegal operation attempted on a registery key that has been marked for deletion.
    [*]Start dan de computer opnieuw op.
 
resultaten 2de log

[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:28:13, on 22/08/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
c:\program files (x86)\youtubedownloader.org\youtubedownloader\youtubedownloader updater.exe
c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\program files (x86)\launch manager\lmworker.exe
c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe
c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe
c:\program files (x86)\egistec mywinlockersuite\x86\suitetray.exe
c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe
c:\program files (x86)\egistec ips\pmmupdate.exe
c:\program files (x86)\nti\acer backup manager\backupmanagertray.exe
c:\program files (x86)\launch manager\lmanager.exe
c:\program files (x86)\acer\clear.fi\movie\clear.fimovieservice.exe
c:\program files (x86)\avg\avg10\avgtray.exe
c:\program files (x86)\egistec ips\egisupdate.exe
c:\program files (x86)\avg\avg10\identity protection\agent\bin\avgidsmonitor.exe
c:\windows\syswow64\macromed\flash\flashutil10v_activex.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\google\google toolbar\googletoolbaruser_32.exe
c:\program files (x86)\trend micro\hijackthis\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,default_page_url = [noparse]http://acer.msn.com[/noparse]
r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.smartwebsearch.net/index.php?from=3[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://acer.msn.com[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://acer.msn.com[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
r3 - urlsearchhook: utorrentbar_nl toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files (x86)\utorrentbar_nl\prxtbutor.dll
f2 - reg:system.ini: userinit=userinit.exe,
o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg10\avgssie.dll
o2 - bho: avg security toolbar bho - {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg10\toolbar\ietoolbar.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: avg security toolbar - {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg10\toolbar\ietoolbar.dll
o4 - hklm\..\run: [iastoricon] c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe
o4 - hklm\..\run: [suitetray] c:\program files (x86)\egistec mywinlockersuite\x86\suitetray.exe
o4 - hklm\..\run: [egistecpmmupdate] c:\program files (x86)\egistec ips\pmmupdate.exe
o4 - hklm\..\run: [egisupdate] c:\program files (x86)\egistec ips\egisupdate.exe -d
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [backupmanagertray] c:\program files (x86)\nti\acer backup manager\backupmanagertray.exe -h -k
o4 - hklm\..\run: [lmanager] c:\program files (x86)\launch manager\lmanager.exe
o4 - hklm\..\run: [arcademovieservice] c:\program files (x86)\acer\clear.fi\movie\clear.fimovieservice.exe
o4 - hklm\..\run: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [groovemonitor] c:\program files (x86)\microsoft office\office12\groovemonitor.exe
o4 - hklm\..\run: [avg_tray] c:\program files (x86)\avg\avg10\avgtray.exe
o4 - hkcu\..\run: [ntservicemanager] c:\program files (x86)\youtubedownloader.org\youtubedownloader\youtubedownloader updater.exe
o4 - hkcu\..\run: [swg] c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'network service')
o4 - hkus\s-1-5-18\..\runonce: [ismywinlockerreboot] msiexec.exe /qn /x{voidguid} (user 'system')
o4 - hkus\.default\..\runonce: [ismywinlockerreboot] msiexec.exe /qn /x{voidguid} (user 'default user')
o8 - extra context menu item: e&xport to microsoft excel - res://c:\progra~2\micros~4\office12\excel.exe/3000
o8 - extra context menu item: google sidewiki... - res://c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_7461b1589e8b4fb7.dll/cmsidewiki.html
o9 - extra button: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1004 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1003 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra button: send to onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~2\micros~4\office12\onbttnie.dll
o9 - extra 'tools' menuitem: s&end to onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~2\micros~4\office12\onbttnie.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~2\micros~4\office12\refiebar.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o11 - options group: [accelerated_graphics] accelerated graphics
o18 - protocol: avgsecuritytoolbar - {f2dde6b2-9684-4a55-86d4-e255e237b77c} - c:\program files (x86)\avg\avg10\toolbar\ietoolbar.dll
o18 - protocol: groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files (x86)\microsoft office\office12\groovesystemservices.dll
o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files (x86)\avg\avg10\avgpp.dll
o18 - protocol: wlpg - {e43ef6cd-a37a-4a9b-9e6f-83f89b8e6324} - c:\program files (x86)\windows live\photo gallery\albumdownloadprotocolhandler.dll
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: avg security toolbar service - unknown owner - c:\program files (x86)\avg\avg10\toolbar\toolbarbroker.exe
o23 - service: avgidsagent - avg technologies cz, s.r.o. - c:\program files (x86)\avg\avg10\identity protection\agent\bin\avgidsagent.exe
o23 - service: avg watchdog (avgwd) - avg technologies cz, s.r.o. - c:\program files (x86)\avg\avg10\avgwdsvc.exe
o23 - service: dritek wmi service (dsiwmiservice) - dritek system inc. - c:\program files (x86)\launch manager\dsiwmis.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: egistec ticket service - egis technology inc. - c:\program files (x86)\common files\egistec\services\egisticketservice.exe
o23 - service: acer epower service (epowersvc) - acer incorporated - c:\program files\acer\acer epower management\epowersvc.exe
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: flexnet licensing service - acresso software inc. - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: gregservice - acer incorporated - c:\program files (x86)\acer\registration\gregsvc.exe
o23 - service: google updateservice (gupdate) (gupdate) - google inc. - c:\program files (x86)\google\update\googleupdate.exe
o23 - service: google update-service (gupdatem) (gupdatem) - google inc. - c:\program files (x86)\google\update\googleupdate.exe
o23 - service: google software updater (gusvc) - google - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
o23 - service: intel(r) rapid storage technology (iastordatamgrsvc) - intel corporation - c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: live updater service - acer incorporated - c:\program files\acer\acer updater\updaterservice.exe
o23 - service: intel(r) management and security application local management service (lms) - intel corporation - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: nti ischedulesvc - nti corporation - c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: intel(r) management & security application user notification service (uns) - intel corporation - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wat\watux.exe,-601 (watadminsvc) - unknown owner - c:\windows\system32\wat\watadminsvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
--
end of file - 12093 bytes
[/hjt]

en dit is de uninstall-lijst
Update for Microsoft Office 2007 (KB2508958)
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Torrent
1912 Titanic Mystery
Acer Backup Manager
Acer Crystal Eye Webcam
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.5 MUI
ArcSoft ShowBiz DVD 2
Backup Manager V3
Bejeweled 2 Deluxe
Belles Beauty Boutique
Boris Graffiti
Chicken Invaders 3
clear.fi
clear.fi
clear.fi
clear.fi Client
Conduit Engine
D3DX10
Dream Day First Home
Farm Frenzy 3 Ice Age
Flip Words
Fotogalerija Windows Live
Galapago
Galeria de Fotografias do Windows Live
Galera fotogrfica de Windows Live
Galeria fotogrfica del Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Identity Card
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware versie 1.51.1.1800
MediaEspresso
Mesh Runtime
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker 4
MyWinLocker Suite
MyWinLocker Suite
newsXpresso
newsXpresso
NTI Media Maker 9
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Winter Pack
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
proDAD Vitascene 1.0
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
S?????? f?t???af??? t?? Windows Live
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Shredder
Sprill and Ritchie
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
uTorrentBar_NL Toolbar
Visual Studio 2008 x64 Redistributables
Welcome Center
Windows Live
Windows Live ???
Windows Live ????
Windows Live Argazki Galeria
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Fotogalria
Windows Live Fotogalerie
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotograf Galerisi
Windows Live Fottr
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Paralar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Liven asennustykalu
Windows Liven shkposti
Windows Liven valokuvavalikoima
World of Goo
 
resultaten van combifix
wel nog altijd hetzelfde probleem met startpagina

[hjt]
combofix 11-08-23.03 - kris 23/08/2011 21:29:47.1.2 - x64
microsoft windows 7 home premium 6.1.7601.1.1252.32.1043.18.3767.2251 [gmt 2:00]
gestart vanuit: c:\users\kris\desktop\combofix.exe
av: avg anti-virus free edition 2011 *disabled/updated* {5a2746b1-dee9-f85a-fbcd-adb11639c5f0}
sp: avg anti-virus free edition 2011 *disabled/updated* {e146a755-f8d3-f7d4-c17d-96c36dbe8f4d}
sp: windows defender *disabled/outdated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\fullremove.exe
c:\users\kris\taskmgr.exe
c:\windows\pl
c:\windows\pl\wlxpgss.scr.mui
.
.
(((((((((((((((((((( bestanden gemaakt van 2011-07-23 to 2011-08-23 ))))))))))))))))))))))))))))))
.
.
2011-08-23 19:34 . 2011-08-23 19:34 -------- d-----w- c:\users\default\appdata\local\temp
2011-08-23 19:17 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 19:17 . 2011-07-09 04:29 2048 ----a-w- c:\windows\syswow64\tzres.dll
2011-08-22 21:05 . 2011-08-22 21:05 -------- d-----w- c:\users\kris\appdata\roaming\malwarebytes
2011-08-22 21:04 . 2011-08-22 21:04 -------- d-----w- c:\programdata\malwarebytes
2011-08-22 21:04 . 2011-07-06 17:52 41272 ----a-w- c:\windows\syswow64\drivers\mbamswissarmy.sys
2011-08-22 21:04 . 2011-08-22 21:05 -------- d-----w- c:\program files (x86)\malwarebytes' anti-malware
2011-08-22 21:04 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 10:48 . 2011-08-21 10:48 -------- d-----w- c:\users\kris\appdata\roaming\avg10
2011-08-21 10:40 . 2011-08-21 10:41 -------- d-----w- c:\programdata\avg security toolbar
2011-08-21 10:40 . 2011-08-21 10:40 -------- d-----w- c:\windows\syswow64\drivers\avg
2011-08-21 10:39 . 2011-08-23 19:12 -------- d-----w- c:\windows\system32\drivers\avg
2011-08-21 10:39 . 2011-08-21 10:41 -------- d-----w- c:\programdata\avg10
2011-08-21 10:39 . 2011-08-21 10:39 -------- d-----w- c:\program files (x86)\avg
2011-08-21 10:32 . 2011-08-21 10:32 -------- d--h--w- c:\programdata\common files
2011-08-21 10:31 . 2011-08-21 10:39 -------- d-----w- c:\programdata\mfadata
2011-08-19 15:57 . 2011-08-19 15:57 -------- d-----w- c:\program files\ccleaner
2011-08-19 15:55 . 2011-08-22 20:19 -------- d-----w- c:\programdata\spybot - search & destroy
2011-08-19 15:47 . 2011-08-19 15:47 388096 ----a-r- c:\users\kris\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\hijackthis.exe
2011-08-19 15:47 . 2011-08-19 15:47 -------- d-----w- c:\program files (x86)\trend micro
2011-08-14 17:48 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-14 17:48 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-14 17:48 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-14 17:48 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-14 17:48 . 2011-06-15 09:59 126976 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-08-14 17:48 . 2011-06-15 08:55 86016 ----a-w- c:\windows\syswow64\odbccu32.dll
2011-08-14 17:48 . 2011-06-15 08:55 81920 ----a-w- c:\windows\syswow64\odbccr32.dll
2011-08-14 17:48 . 2011-06-15 08:55 319488 ----a-w- c:\windows\syswow64\odbcjt32.dll
2011-08-14 17:48 . 2011-06-15 08:55 163840 ----a-w- c:\windows\syswow64\odbctrac.dll
2011-08-14 17:48 . 2011-06-15 08:55 122880 ----a-w- c:\windows\syswow64\odbccp32.dll
2011-08-14 17:48 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\common files\system\ole db\msdaosp.dll
2011-08-14 17:43 . 2011-08-14 17:52 -------- d-----w- c:\programdata\farmfrenzy3_arctica
2011-07-29 19:11 . 2011-07-29 19:11 -------- d-----w- c:\program files (x86)\msxml 4.0
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-18 21:35 . 2011-07-13 19:36 404640 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2011-07-16 04:26 . 2011-08-14 17:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-11 20:46 . 2011-07-11 20:46 58664 ----a-r- c:\users\kris\appdata\roaming\microsoft\installer\{67330878-0617-41a9-a3b0-b5298e89e7bc}\arpproducticon.exe
2011-07-06 20:55 . 2011-07-06 20:55 0 ----a-w- c:\windows\syswow64\conduitengine.tmp
2011-07-02 13:30 . 2011-07-02 13:30 89088 ----a-w- c:\windows\system32\registeriepkeys.exe
2011-07-02 13:30 . 2011-07-02 13:30 86528 ----a-w- c:\windows\syswow64\iesysprep.dll
2011-07-02 13:30 . 2011-07-02 13:30 76800 ----a-w- c:\windows\syswow64\setieinstalleddate.exe
2011-07-02 13:30 . 2011-07-02 13:30 74752 ----a-w- c:\windows\syswow64\registeriepkeys.exe
2011-07-02 13:30 . 2011-07-02 13:30 74752 ----a-w- c:\windows\syswow64\iesetup.dll
2011-07-02 13:30 . 2011-07-02 13:30 63488 ----a-w- c:\windows\syswow64\tdc.ocx
2011-07-02 13:30 . 2011-07-02 13:30 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-07-02 13:30 . 2011-07-02 13:30 48640 ----a-w- c:\windows\syswow64\mshtmler.dll
2011-07-02 13:30 . 2011-07-02 13:30 420864 ----a-w- c:\windows\syswow64\vbscript.dll
2011-07-02 13:30 . 2011-07-02 13:30 367104 ----a-w- c:\windows\syswow64\html.iec
2011-07-02 13:30 . 2011-07-02 13:30 35840 ----a-w- c:\windows\syswow64\imgutil.dll
2011-07-02 13:30 . 2011-07-02 13:30 23552 ----a-w- c:\windows\syswow64\licmgr10.dll
2011-07-02 13:30 . 2011-07-02 13:30 222208 ----a-w- c:\windows\system32\msls31.dll
2011-07-02 13:30 . 2011-07-02 13:30 173056 ----a-w- c:\windows\system32\ieunatt.exe
2011-07-02 13:30 . 2011-07-02 13:30 161792 ----a-w- c:\windows\syswow64\msls31.dll
2011-07-02 13:30 . 2011-07-02 13:30 152064 ----a-w- c:\windows\syswow64\wextract.exe
2011-07-02 13:30 . 2011-07-02 13:30 150528 ----a-w- c:\windows\syswow64\iexpress.exe
2011-07-02 13:30 . 2011-07-02 13:30 142848 ----a-w- c:\windows\syswow64\ieunatt.exe
2011-07-02 13:30 . 2011-07-02 13:30 1427456 ----a-w- c:\windows\syswow64\inetcpl.cpl
2011-07-02 13:30 . 2011-07-02 13:30 12288 ----a-w- c:\windows\system32\mshta.exe
2011-07-02 13:30 . 2011-07-02 13:30 11776 ----a-w- c:\windows\syswow64\mshta.exe
2011-07-02 13:30 . 2011-07-02 13:30 114176 ----a-w- c:\windows\system32\admparse.dll
2011-07-02 13:30 . 2011-07-02 13:30 110592 ----a-w- c:\windows\syswow64\ieadvpack.dll
2011-07-02 13:30 . 2011-07-02 13:30 101888 ----a-w- c:\windows\syswow64\admparse.dll
2011-07-02 13:30 . 2011-07-02 13:30 91648 ----a-w- c:\windows\system32\setieinstalleddate.exe
2011-07-02 13:30 . 2011-07-02 13:30 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-07-02 13:30 . 2011-07-02 13:30 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-07-02 13:30 . 2011-07-02 13:30 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-07-02 13:30 . 2011-07-02 13:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-07-02 13:30 . 2011-07-02 13:30 448512 ----a-w- c:\windows\system32\html.iec
2011-07-02 13:30 . 2011-07-02 13:30 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-02 13:30 . 2011-07-02 13:30 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-07-02 13:30 . 2011-07-02 13:30 160256 ----a-w- c:\windows\system32\wextract.exe
2011-07-02 13:30 . 2011-07-02 13:30 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-02 13:30 . 2011-07-02 13:30 135168 ----a-w- c:\windows\system32\ieadvpack.dll
2011-07-02 13:30 . 2011-07-02 13:30 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-02 13:22 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2011-06-11 03:07 . 2011-07-13 20:07 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\internet explorer\urlsearchhooks]
"{87775fdb-6972-41f9-ae51-8326e38cb206}"= c:\program files (x86)\utorrentbar_nl\prxtbutor.dll [2011-03-28 176936]
.
[hkey_classes_root\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
.
[hkey_local_machine\wow6432node\~\browser helper objects\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
2011-07-26 08:15 2532680 ----a-w- c:\program files (x86)\avg\avg10\toolbar\ietoolbar.dll
.
[hkey_local_machine\software\wow6432node\microsoft\internet explorer\toolbar]
"{ccc7a320-b3ca-4199-b1a6-9f516dd69829}"= c:\program files (x86)\avg\avg10\toolbar\ietoolbar.dll [2011-07-26 2532680]
.
[hkey_classes_root\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"ntservicemanager"=c:\program files (x86)\youtubedownloader.org\youtubedownloader\youtubedownloader updater.exe [2011-07-01 436224]
"swg"=c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe [2011-07-14 39408]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"iastoricon"=c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe [2010-04-13 284696]
"suitetray"=c:\program files (x86)\egistec mywinlockersuite\x86\suitetray.exe [2010-09-28 340336]
"egistecpmmupdate"=c:\program files (x86)\egistec ips\pmmupdate.exe [2010-09-17 407920]
"egisupdate"=c:\program files (x86)\egistec ips\egisupdate.exe [2010-09-17 201584]
"adobe reader speed launcher"=c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe [2011-06-08 37296]
"backupmanagertray"=c:\program files (x86)\nti\acer backup manager\backupmanagertray.exe [2011-02-15 297280]
"lmanager"=c:\program files (x86)\launch manager\lmanager.exe [2011-03-31 1092688]
"arcademovieservice"=c:\program files (x86)\acer\clear.fi\movie\clear.fimovieservice.exe [2011-02-18 177448]
"adobe arm"=c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2011-03-30 937920]
"groovemonitor"=c:\program files (x86)\microsoft office\office12\groovemonitor.exe [2008-10-25 31072]
"avg_tray"=c:\program files (x86)\avg\avg10\avgtray.exe [2011-04-18 2334560]
.
[hkey_users\.default\software\microsoft\windows\currentversion\runonce]
"ismywinlockerreboot"="msiexec.exe" [2010-11-21 73216]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 5 (0x5)
"consentpromptbehavioruser"= 3 (0x3)
"enableuiadesktoptoggle"= 0 (0x0)
.
[hkey_local_machine\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[hkey_local_machine\system\currentcontrolset\control\session manager]
bootexecute reg_multi_sz autocheck autochk *\0c:\progra~2\avg\avg10\avgchsva.exe /sync\0c:\progra~2\avg\avg10\avgrsa.exe /sync /restart
.
[hkey_local_machine\system\currentcontrolset\control\lsa]
security packages reg_multi_sz kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\mcods]
@=""
.
r2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
r2 gupdate;google updateservice (gupdate);c:\program files (x86)\google\update\googleupdate.exe [2011-07-02 136176]
r3 avg security toolbar service;avg security toolbar service;c:\program files (x86)\avg\avg10\toolbar\toolbarbroker.exe [2011-07-26 1025352]
r3 egistec ticket service;egistec ticket service;c:\program files (x86)\common files\egistec\services\egisticketservice.exe [2010-09-28 172912]
r3 gupdatem;google update-service (gupdatem);c:\program files (x86)\google\update\googleupdate.exe [2011-07-02 136176]
r3 rsusbstor;rtsustor.sys realtek usb card reader;c:\windows\system32\drivers\rtsustor.sys [x]
r3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys [x]
r3 tsusbgd;remote desktop generic usb device;c:\windows\system32\drivers\tsusbgd.sys [x]
r3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe [x]
r4 wlcrasvc;windows live mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-09-23 57184]
s0 avgidseh;avgidseh;c:\windows\system32\drivers\avgidseh.sys [x]
s0 avgrkx64;avg anti-rootkit driver;c:\windows\system32\drivers\avgrkx64.sys [x]
s1 avgldx64;avg avi loader driver;c:\windows\system32\drivers\avgldx64.sys [x]
s1 avgmfx64;avg mini-filter resident anti-virus shield;c:\windows\system32\drivers\avgmfx64.sys [x]
s1 avgtdia;avg tdi driver;c:\windows\system32\drivers\avgtdia.sys [x]
s1 mwlpsdfilter;mwlpsdfilter;c:\windows\system32\drivers\mwlpsdfilter.sys [x]
s1 mwlpsdnserv;mwlpsdnserv;c:\windows\system32\drivers\mwlpsdnserv.sys [x]
s1 mwlpsdvdisk;mwlpsdvdisk;c:\windows\system32\drivers\mwlpsdvdisk.sys [x]
s1 vwififlt;virtual wifi filter driver;c:\windows\system32\drivers\vwififlt.sys [x]
s2 avgidsagent;avgidsagent;c:\program files (x86)\avg\avg10\identity protection\agent\bin\avgidsagent.exe [2011-04-18 7398752]
s2 avgwd;avg watchdog;c:\program files (x86)\avg\avg10\avgwdsvc.exe [2011-02-08 269520]
s2 dsiwmiservice;dritek wmi service;c:\program files (x86)\launch manager\dsiwmis.exe [2011-03-31 352848]
s2 epowersvc;acer epower service;c:\program files\acer\acer epower management\epowersvc.exe [2011-02-23 873064]
s2 gregservice;gregservice;c:\program files (x86)\acer\registration\gregsvc.exe [2010-01-08 23584]
s2 iastordatamgrsvc;intel(r) rapid storage technology;c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe [2010-04-13 13336]
s2 live updater service;live updater service;c:\program files\acer\acer updater\updaterservice.exe [2011-01-31 244624]
s2 nti ischedulesvc;nti ischedulesvc;c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe [2011-02-15 257344]
s2 uns;intel(r) management & security application user notification service;c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe [2010-03-18 2320920]
s3 avgidsdriver;avgidsdriver;c:\windows\system32\drivers\avgidsdriver.sys [x]
s3 avgidsfilter;avgidsfilter;c:\windows\system32\drivers\avgidsfilter.sys [x]
s3 hecix64;intel(r) management engine interface;c:\windows\system32\drivers\hecix64.sys [x]
s3 impcd;impcd;c:\windows\system32\drivers\impcd.sys [x]
s3 k57nd60a;broadcom netlink (tm) gigabit ethernet - ndis 6.0;c:\windows\system32\drivers\k57nd60a.sys [x]
.
.
inhoud van de 'gedeelde taken' map
.
2011-08-23 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files (x86)\google\update\googleupdate.exe [2011-07-02 21:17]
.
2011-08-22 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files (x86)\google\update\googleupdate.exe [2011-07-02 21:17]
.
.
--------- x86-64 -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"rthdvcpl"=c:\program files\realtek\audio\hda\ravcpl64.exe [2011-02-18 11779176]
"power management"=c:\program files\acer\acer epower management\epowertray.exe [2011-02-23 1796200]
"igfxtray"=c:\windows\system32\igfxtray.exe [2011-02-11 162328]
"hotkeyscmds"=c:\windows\system32\hkcmd.exe [2011-02-11 386584]
"persistence"=c:\windows\system32\igfxpers.exe [2011-02-11 417304]
.
[hkey_local_machine\software\microsoft\windows nt\currentversion\windows]
"loadappinit_dlls"=0x0
.
------- bijkomende scan -------
.
ulocal page = c:\windows\system32\blank.htm
ustart page = hxxp://www.smartwebsearch.net/index.php?from=3
mstart page = hxxp://acer.msn.com
mlocal page = c:\windows\syswow64\blank.htm
ie: e&xport to microsoft excel - c:\progra~2\micros~4\office12\excel.exe/3000
ie: google sidewiki... - c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_7461b1589e8b4fb7.dll/cmsidewiki.html
tcp: dhcpnameserver = 195.130.130.133 192.168.0.1
handler: avgsecuritytoolbar - {f2dde6b2-9684-4a55-86d4-e255e237b77c} - c:\program files (x86)\avg\avg10\toolbar\ietoolbar.dll
.
- - - - orphans verwijderd - - - -
.
toolbar-locked - (no file)
hklm-run-syntpenh - c:\program files (x86)\synaptics\syntp\syntpenh.exe
.
.
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\syswow64\\macromed\\flash\\flashutil10v_activex.exe,-101"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\localserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flashutil10v_activex.exe
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="shockwave flash object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash10v.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\miscstatus]
@="0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\progid]
@="shockwaveflash.shockwaveflash.10"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash10v.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="shockwaveflash.shockwaveflash"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="macromedia flash factory object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash10v.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\progid]
@="flashfactory.flashfactory.1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash10v.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="flashfactory.flashfactory"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}]
@denied: (a 2) (everyone)
@="iflashbroker4"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\software\mcafee]
"symboliclinkvalue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[hkey_local_machine\system\controlset001\control\pcw\security]
@denied: (full) (everyone)
.
------------------------ andere aktieve processen ------------------------
.
c:\program files (x86)\launch manager\lmworker.exe
c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
c:\program files (x86)\launch manager\lmutilps32.exe
c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe
c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe
.
**************************************************************************
.
voltooingstijd: 2011-08-23 21:41:07 - machine werd herstart
combofix-quarantined-files.txt 2011-08-23 19:41
.
pre-run: 401.043.886.080 bytes beschikbaar
post-run: 400.632.586.240 bytes beschikbaar
.
- - end of file - - 739af78b1a20ff07e39b69253fdbf7bd
[/hjt]

mvg. kris
 
resultaten van combifix
wel nog altijd hetzelfde probleem met startpagina

[hjt]
HijackThis Log
Created with: Hijack This kleurcodering
Zelf een logje plaatsen? Klik eerst hier.

combofix 11-08-23.03 - kris 23/08/2011 21:29:47.1.2 - x64
microsoft windows 7 home premium 6.1.7601.1.1252.32.1043.18.3767.2251 [gmt 2:00]
gestart vanuit: c:\users\kris\desktop\combofix.exe
av: avg anti-virus free edition 2011 *disabled/updated* {5a2746b1-dee9-f85a-fbcd-adb11639c5f0}
sp: avg anti-virus free edition 2011 *disabled/updated* {e146a755-f8d3-f7d4-c17d-96c36dbe8f4d}
sp: windows defender *disabled/outdated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\fullremove.exe
c:\users\kris\taskmgr.exe
c:\windows\pl
c:\windows\pl\wlxpgss.scr.mui
.
.
(((((((((((((((((((( bestanden gemaakt van 2011-07-23 to 2011-08-23 ))))))))))))))))))))))))))))))
.
.
2011-08-23 19:34 . 2011-08-23 19:34 -------- d-----w- c:\users\default\appdata\local\temp
2011-08-23 19:17 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 19:17 . 2011-07-09 04:29 2048 ----a-w- c:\windows\syswow64\tzres.dll
2011-08-22 21:05 . 2011-08-22 21:05 -------- d-----w- c:\users\kris\appdata\roaming\malwarebytes
2011-08-22 21:04 . 2011-08-22 21:04 -------- d-----w- c:\programdata\malwarebytes
2011-08-22 21:04 . 2011-07-06 17:52 41272 ----a-w- c:\windows\syswow64\drivers\mbamswissarmy.sys
2011-08-22 21:04 . 2011-08-22 21:05 -------- d-----w- c:\program files (x86)\malwarebytes' anti-malware
2011-08-22 21:04 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 10:48 . 2011-08-21 10:48 -------- d-----w- c:\users\kris\appdata\roaming\avg10
2011-08-21 10:40 . 2011-08-21 10:41 -------- d-----w- c:\programdata\avg security toolbar
2011-08-21 10:40 . 2011-08-21 10:40 -------- d-----w- c:\windows\syswow64\drivers\avg
2011-08-21 10:39 . 2011-08-23 19:12 -------- d-----w- c:\windows\system32\drivers\avg
2011-08-21 10:39 . 2011-08-21 10:41 -------- d-----w- c:\programdata\avg10
2011-08-21 10:39 . 2011-08-21 10:39 -------- d-----w- c:\program files (x86)\avg
2011-08-21 10:32 . 2011-08-21 10:32 -------- d--h--w- c:\programdata\common files
2011-08-21 10:31 . 2011-08-21 10:39 -------- d-----w- c:\programdata\mfadata
2011-08-19 15:57 . 2011-08-19 15:57 -------- d-----w- c:\program files\ccleaner
2011-08-19 15:55 . 2011-08-22 20:19 -------- d-----w- c:\programdata\spybot - search & destroy
2011-08-19 15:47 . 2011-08-19 15:47 388096 ----a-r- c:\users\kris\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\hijackthis.exe
2011-08-19 15:47 . 2011-08-19 15:47 -------- d-----w- c:\program files (x86)\trend micro
2011-08-14 17:48 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-14 17:48 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-14 17:48 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-14 17:48 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-14 17:48 . 2011-06-15 09:59 126976 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-08-14 17:48 . 2011-06-15 08:55 86016 ----a-w- c:\windows\syswow64\odbccu32.dll
2011-08-14 17:48 . 2011-06-15 08:55 81920 ----a-w- c:\windows\syswow64\odbccr32.dll
2011-08-14 17:48 . 2011-06-15 08:55 319488 ----a-w- c:\windows\syswow64\odbcjt32.dll
2011-08-14 17:48 . 2011-06-15 08:55 163840 ----a-w- c:\windows\syswow64\odbctrac.dll
2011-08-14 17:48 . 2011-06-15 08:55 122880 ----a-w- c:\windows\syswow64\odbccp32.dll
2011-08-14 17:48 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\common files\system\ole db\msdaosp.dll
2011-08-14 17:43 . 2011-08-14 17:52 -------- d-----w- c:\programdata\farmfrenzy3_arctica
2011-07-29 19:11 . 2011-07-29 19:11 -------- d-----w- c:\program files (x86)\msxml 4.0
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-08-18 21:35 . 2011-07-13 19:36 404640 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2011-07-16 04:26 . 2011-08-14 17:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-11 20:46 . 2011-07-11 20:46 58664 ----a-r- c:\users\kris\appdata\roaming\microsoft\installer\{67330878-0617-41a9-a3b0-b5298e89e7bc}\arpproducticon.exe
2011-07-06 20:55 . 2011-07-06 20:55 0 ----a-w- c:\windows\syswow64\conduitengine.tmp
2011-07-02 13:30 . 2011-07-02 13:30 89088 ----a-w- c:\windows\system32\registeriepkeys.exe
2011-07-02 13:30 . 2011-07-02 13:30 86528 ----a-w- c:\windows\syswow64\iesysprep.dll
2011-07-02 13:30 . 2011-07-02 13:30 76800 ----a-w- c:\windows\syswow64\setieinstalleddate.exe
2011-07-02 13:30 . 2011-07-02 13:30 74752 ----a-w- c:\windows\syswow64\registeriepkeys.exe
2011-07-02 13:30 . 2011-07-02 13:30 74752 ----a-w- c:\windows\syswow64\iesetup.dll
2011-07-02 13:30 . 2011-07-02 13:30 63488 ----a-w- c:\windows\syswow64\tdc.ocx
2011-07-02 13:30 . 2011-07-02 13:30 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-07-02 13:30 . 2011-07-02 13:30 48640 ----a-w- c:\windows\syswow64\mshtmler.dll
2011-07-02 13:30 . 2011-07-02 13:30 420864 ----a-w- c:\windows\syswow64\vbscript.dll
2011-07-02 13:30 . 2011-07-02 13:30 367104 ----a-w- c:\windows\syswow64\html.iec
2011-07-02 13:30 . 2011-07-02 13:30 35840 ----a-w- c:\windows\syswow64\imgutil.dll
2011-07-02 13:30 . 2011-07-02 13:30 23552 ----a-w- c:\windows\syswow64\licmgr10.dll
2011-07-02 13:30 . 2011-07-02 13:30 222208 ----a-w- c:\windows\system32\msls31.dll
2011-07-02 13:30 . 2011-07-02 13:30 173056 ----a-w- c:\windows\system32\ieunatt.exe
2011-07-02 13:30 . 2011-07-02 13:30 161792 ----a-w- c:\windows\syswow64\msls31.dll
2011-07-02 13:30 . 2011-07-02 13:30 152064 ----a-w- c:\windows\syswow64\wextract.exe
2011-07-02 13:30 . 2011-07-02 13:30 150528 ----a-w- c:\windows\syswow64\iexpress.exe
2011-07-02 13:30 . 2011-07-02 13:30 142848 ----a-w- c:\windows\syswow64\ieunatt.exe
2011-07-02 13:30 . 2011-07-02 13:30 1427456 ----a-w- c:\windows\syswow64\inetcpl.cpl
2011-07-02 13:30 . 2011-07-02 13:30 12288 ----a-w- c:\windows\system32\mshta.exe
2011-07-02 13:30 . 2011-07-02 13:30 11776 ----a-w- c:\windows\syswow64\mshta.exe
2011-07-02 13:30 . 2011-07-02 13:30 114176 ----a-w- c:\windows\system32\admparse.dll
2011-07-02 13:30 . 2011-07-02 13:30 110592 ----a-w- c:\windows\syswow64\ieadvpack.dll
2011-07-02 13:30 . 2011-07-02 13:30 101888 ----a-w- c:\windows\syswow64\admparse.dll
2011-07-02 13:30 . 2011-07-02 13:30 91648 ----a-w- c:\windows\system32\setieinstalleddate.exe
2011-07-02 13:30 . 2011-07-02 13:30 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-07-02 13:30 . 2011-07-02 13:30 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-07-02 13:30 . 2011-07-02 13:30 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-07-02 13:30 . 2011-07-02 13:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-07-02 13:30 . 2011-07-02 13:30 448512 ----a-w- c:\windows\system32\html.iec
2011-07-02 13:30 . 2011-07-02 13:30 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-02 13:30 . 2011-07-02 13:30 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-07-02 13:30 . 2011-07-02 13:30 160256 ----a-w- c:\windows\system32\wextract.exe
2011-07-02 13:30 . 2011-07-02 13:30 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-02 13:30 . 2011-07-02 13:30 135168 ----a-w- c:\windows\system32\ieadvpack.dll
2011-07-02 13:30 . 2011-07-02 13:30 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-02 13:22 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2011-06-11 03:07 . 2011-07-13 20:07 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\internet explorer\urlsearchhooks]
"{87775fdb-6972-41f9-ae51-8326e38cb206}"= c:\program files (x86)\utorrentbar_nl\prxtbutor.dll [2011-03-28 176936]
.
[hkey_classes_root\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
.
[hkey_local_machine\wow6432node\~\browser helper objects\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
2011-07-26 08:15 2532680 ----a-w- c:\program files (x86)\avg\avg10\toolbar\ietoolbar.dll
.
[hkey_local_machine\software\wow6432node\microsoft\ internet explorer\toolbar]
"{ccc7a320-b3ca-4199-b1a6-9f516dd69829}"= c:\program files (x86)\avg\avg10\toolbar\ietoolbar.dll [2011-07-26 2532680]
.
[hkey_classes_root\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[hkey_current_user\software\microsoft\windows\curre ntversion\run]
"ntservicemanager"=c:\program files (x86)\youtubedownloader.org\youtubedownloader\youtubedownloader updater.exe [2011-07-01 436224]
"swg"=c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe [2011-07-14 39408]
.
[hkey_local_machine\software\wow6432node\microsoft\ windows\currentversion\run]
"iastoricon"=c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe [2010-04-13 284696]
"suitetray"=c:\program files (x86)\egistec mywinlockersuite\x86\suitetray.exe [2010-09-28 340336]
"egistecpmmupdate"=c:\program files (x86)\egistec ips\pmmupdate.exe [2010-09-17 407920]
"egisupdate"=c:\program files (x86)\egistec ips\egisupdate.exe [2010-09-17 201584]
"adobe reader speed launcher"=c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe [2011-06-08 37296]
"backupmanagertray"=c:\program files (x86)\nti\acer backup manager\backupmanagertray.exe [2011-02-15 297280]
"lmanager"=c:\program files (x86)\launch manager\lmanager.exe [2011-03-31 1092688]
"arcademovieservice"=c:\program files (x86)\acer\clear.fi\movie\clear.fimovieservice.exe [2011-02-18 177448]
"adobe arm"=c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2011-03-30 937920]
"groovemonitor"=c:\program files (x86)\microsoft office\office12\groovemonitor.exe [2008-10-25 31072]
"avg_tray"=c:\program files (x86)\avg\avg10\avgtray.exe [2011-04-18 2334560]
.
[hkey_users\.default\software\microsoft\windows\cur rentversion\runonce]
"ismywinlockerreboot"="msiexec.exe" [2010-11-21 73216]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\policies\system]
"consentpromptbehavioradmin"= 5 (0x5)
"consentpromptbehavioruser"= 3 (0x3)
"enableuiadesktoptoggle"= 0 (0x0)
.
[hkey_local_machine\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[hkey_local_machine\system\currentcontrolset\contro l\session manager]
bootexecute reg_multi_sz autocheck autochk *\0c:\progra~2\avg\avg10\avgchsva.exe /sync\0c:\progra~2\avg\avg10\avgrsa.exe /sync /restart
.
[hkey_local_machine\system\currentcontrolset\contro l\lsa]
security packages reg_multi_sz kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[hkey_local_machine\system\currentcontrolset\contro l\safeboot\minimal\mcods]
@=""
.
r2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
r2 gupdate;google updateservice (gupdate);c:\program files (x86)\google\update\googleupdate.exe [2011-07-02 136176]
r3 avg security toolbar service;avg security toolbar service;c:\program files (x86)\avg\avg10\toolbar\toolbarbroker.exe [2011-07-26 1025352]
r3 egistec ticket service;egistec ticket service;c:\program files (x86)\common files\egistec\services\egisticketservice.exe [2010-09-28 172912]
r3 gupdatem;google update-service (gupdatem);c:\program files (x86)\google\update\googleupdate.exe [2011-07-02 136176]
r3 rsusbstor;rtsustor.sys realtek usb card reader;c:\windows\system32\drivers\rtsustor.sys [x]
r3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys [x]
r3 tsusbgd;remote desktop generic usb device;c:\windows\system32\drivers\tsusbgd.sys [x]
r3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe [x]
r4 wlcrasvc;windows live mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-09-23 57184]
s0 avgidseh;avgidseh;c:\windows\system32\drivers\avgidseh.sys [x]
s0 avgrkx64;avg anti-rootkit driver;c:\windows\system32\drivers\avgrkx64.sys [x]
s1 avgldx64;avg avi loader driver;c:\windows\system32\drivers\avgldx64.sys [x]
s1 avgmfx64;avg mini-filter resident anti-virus shield;c:\windows\system32\drivers\avgmfx64.sys [x]
s1 avgtdia;avg tdi driver;c:\windows\system32\drivers\avgtdia.sys [x]
s1 mwlpsdfilter;mwlpsdfilter;c:\windows\system32\drivers\mwlpsdfilter.sys [x]
s1 mwlpsdnserv;mwlpsdnserv;c:\windows\system32\drivers\mwlpsdnserv.sys [x]
s1 mwlpsdvdisk;mwlpsdvdisk;c:\windows\system32\drivers\mwlpsdvdisk.sys [x]
s1 vwififlt;virtual wifi filter driver;c:\windows\system32\drivers\vwififlt.sys [x]
s2 avgidsagent;avgidsagent;c:\program files (x86)\avg\avg10\identity protection\agent\bin\avgidsagent.exe [2011-04-18 7398752]
s2 avgwd;avg watchdog;c:\program files (x86)\avg\avg10\avgwdsvc.exe [2011-02-08 269520]
s2 dsiwmiservice;dritek wmi service;c:\program files (x86)\launch manager\dsiwmis.exe [2011-03-31 352848]
s2 epowersvc;acer epower service;c:\program files\acer\acer epower management\epowersvc.exe [2011-02-23 873064]
s2 gregservice;gregservice;c:\program files (x86)\acer\registration\gregsvc.exe [2010-01-08 23584]
s2 iastordatamgrsvc;intel(r) rapid storage technology;c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe [2010-04-13 13336]
s2 live updater service;live updater service;c:\program files\acer\acer updater\updaterservice.exe [2011-01-31 244624]
s2 nti ischedulesvc;nti ischedulesvc;c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe [2011-02-15 257344]
s2 uns;intel(r) management & security application user notification service;c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe [2010-03-18 2320920]
s3 avgidsdriver;avgidsdriver;c:\windows\system32\drivers\avgidsdriver.sys [x]
s3 avgidsfilter;avgidsfilter;c:\windows\system32\drivers\avgidsfilter.sys [x]
s3 hecix64;intel(r) management engine interface;c:\windows\system32\drivers\hecix64.sys [x]
s3 impcd;impcd;c:\windows\system32\drivers\impcd.sys [x]
s3 k57nd60a;broadcom netlink (tm) gigabit ethernet - ndis 6.0;c:\windows\system32\drivers\k57nd60a.sys [x]
.
.
inhoud van de 'gedeelde taken' map
.
2011-08-23 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files (x86)\google\update\googleupdate.exe [2011-07-02 21:17]
.
2011-08-22 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files (x86)\google\update\googleupdate.exe [2011-07-02 21:17]
.
.
--------- x86-64 -----------
.
.
[hkey_local_machine\software\microsoft\windows\curr entversion\run]
"rthdvcpl"=c:\program files\realtek\audio\hda\ravcpl64.exe [2011-02-18 11779176]
"power management"=c:\program files\acer\acer epower management\epowertray.exe [2011-02-23 1796200]
"igfxtray"=c:\windows\system32\igfxtray.exe [2011-02-11 162328]
"hotkeyscmds"=c:\windows\system32\hkcmd.exe [2011-02-11 386584]
"persistence"=c:\windows\system32\igfxpers.exe [2011-02-11 417304]
.
[hkey_local_machine\software\microsoft\windows nt\currentversion\windows]
"loadappinit_dlls"=0x0
.
------- bijkomende scan -------
.
ulocal page = c:\windows\system32\blank.htm
ustart page = hxxp://www.smartwebsearch.net/index.php?from=3
mstart page = hxxp://acer.msn.com
mlocal page = c:\windows\syswow64\blank.htm
ie: e&xport to microsoft excel - c:\progra~2\micros~4\office12\excel.exe/3000
ie: google sidewiki... - c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_7461b1589e8b4fb7.dll/cmsidewiki.html
tcp: dhcpnameserver = 195.130.130.133 192.168.0.1
handler: avgsecuritytoolbar - {f2dde6b2-9684-4a55-86d4-e255e237b77c} - c:\program files (x86)\avg\avg10\toolbar\ietoolbar.dll
.
- - - - orphans verwijderd - - - -
.
toolbar-locked - (no file)
hklm-run-syntpenh - c:\program files (x86)\synaptics\syntp\syntpenh.exe
.
.
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{a483c63a-cdbc-426e-bf93-872502e8144e}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\syswow64\\macromed\\flash\\flashutil10v_activex.exe,-101"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{a483c63a-cdbc-426e-bf93-872502e8144e}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{a483c63a-cdbc-426e-bf93-872502e8144e}\localserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flashutil10v_activex.exe
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{a483c63a-cdbc-426e-bf93-872502e8144e}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb6e-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="shockwave flash object"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash10v.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\miscstatus]
@="0"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\progid]
@="shockwaveflash.shockwaveflash.10"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash10v.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="shockwaveflash.shockwaveflash"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb70-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="macromedia flash factory object"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb70-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash10v.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb70-ae6d-11cf-96b8-444553540000}\progid]
@="flashfactory.flashfactory.1"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb70-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash10v.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb70-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb70-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\cl sid\{d27cdb70-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="flashfactory.flashfactory"
.
[hkey_local_machine\software\classes\wow6432node\in terface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}]
@denied: (a 2) (everyone)
@="iflashbroker4"
.
[hkey_local_machine\software\classes\wow6432node\in terface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\wow6432node\in terface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\software\mcafee]
"symboliclinkvalue"=hex(6):5c,00,72,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00 ,5c,00,53,00,6f,00,66,00,\
.
[hkey_local_machine\system\controlset001\control\pc w\security]
@denied: (full) (everyone)
.
------------------------ andere aktieve processen ------------------------
.
c:\program files (x86)\launch manager\lmworker.exe
c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
c:\program files (x86)\launch manager\lmutilps32.exe
c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe
c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe
.
************************************************** ************************
.
voltooingstijd: 2011-08-23 21:41:07 - machine werd herstart
combofix-quarantined-files.txt 2011-08-23 19:41
.
pre-run: 401.043.886.080 bytes beschikbaar
post-run: 400.632.586.240 bytes beschikbaar
.
- - end of file - - 739af78b1a20ff07e39b69253fdbf7bd

D Drmmr's HJT kleurcodering; gemaakt voor het NCF (www.nationaalcomputerforum.nl)[/hjt]


mvg. kris
 
Laatst bewerkt door een moderator:
Hoi Kris, nu volgt detailwerk: open een nieuw kladblok bestand, via "Start\Alle programmas\Bureau-accessoires\Kladblok".


Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


File::
c:\windows\syswow64\conduitengine.tmp

Folder::
c:\program files (x86)\utorrentbar_nl



Sla dit kladblokbestand op je bureaublad op als CFScript.txt.

Nu eerst de antivirus deaktiveren!


Sleep CFScript.txt in ComboFix.exe


CFScriptB-4.gif


Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan