Mededeling

Collapse
No announcement yet.

IE opent zich herhaaldelijk

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • IE opent zich herhaaldelijk

    Allereerst de beste wensen voor jullie allemaal!

    Het probleem:
    Wanneer er op deze laptop internet-explore wordt gebruikt, gebeurd het momenteel soms dat er aan de lopende band IE schermpjes worden geopend. Typisch iets voor een virus dacht ik, maar mijn virusscanner vind niks. Ook met Adware alleen maar wat cookies gevonden meer niet.

    Heeft iemand van jullie een idee hoe dit kan? Hieronder mijn log bestand:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:57:58, on 4-1-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\WButton.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: McAfee Application Installer Cleanup (0067551199469404) (0067551199469404mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\006755~1.EXE
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

    --
    End of file - 10765 bytes


    Alvast bedankt!

  • #2
    Hallo,


    Schakel tijdelijk Windows Defender uit
    Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken ed., wat zo te zien nu gebeurd is omdat de gefixte regels er nog/terug in staan)
    * Open Windows Defender > Klik Tools
    * Klik "General Settings"
    * Scroll naar "Real Time Protection Options"
    * Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
    * Sluit Windows Defender
    (als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Download Combofix naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
    • Dubbelklik op Combofix.exe
      Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post samen met een nieuw HijackThis log.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Bedankt voor al deze informatie. Ik heb het allemaal uitgevoerd, bij deze de logs:

      ComboFix 08-01-11.3 - Bas 2008-01-12 1:39:49.1 - NTFSx86
      Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1206 [GMT 1:00]
      Gestart vanuit: C:\Users\Bas\Desktop\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))
      .

      2008-01-12 01:38 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
      2008-01-09 14:37 . 2008-01-09 14:37 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
      2008-01-09 14:37 . 2008-01-09 14:37 216,760 --a------ C:\Windows\System32\drivers\netio.sys
      2008-01-09 14:37 . 2008-01-09 14:37 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
      2008-01-09 14:37 . 2008-01-09 14:37 24,064 --a------ C:\Windows\System32\netcfg.exe
      2008-01-09 14:37 . 2008-01-09 14:37 22,016 --a------ C:\Windows\System32\netiougc.exe
      2008-01-09 14:36 . 2008-01-09 14:36 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-01-09 14:36 . 2008-01-09 14:36 1,686,016 --a------ C:\Windows\System32\gameux.dll
      2008-01-09 14:36 . 2008-01-09 14:36 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
      2008-01-09 14:36 . 2008-01-09 14:36 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
      2008-01-09 14:36 . 2008-01-09 14:36 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
      2008-01-09 14:36 . 2008-01-09 14:36 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
      2008-01-09 14:36 . 2008-01-09 14:36 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
      2008-01-09 14:36 . 2008-01-09 14:36 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
      2008-01-09 14:36 . 2008-01-09 14:36 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
      2008-01-09 14:35 . 2008-01-09 14:35 11,776 --a------ C:\Windows\System32\sbunattend.exe
      2008-01-04 23:56 . 2008-01-04 23:56 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-01 13:31 . 2008-01-12 01:42 12,063 --a------ C:\Windows\System32\Config.MPF
      2008-01-01 13:30 . 2006-03-03 11:07 143,360 --a------ C:\Windows\System32\dunzip32.dll
      2008-01-01 13:28 . 2007-07-21 09:08 201,288 --a------ C:\Windows\System32\drivers\mfehidk.sys
      2008-01-01 13:28 . 2007-07-13 09:21 125,728 --a------ C:\Windows\System32\drivers\Mpfp.sys
      2008-01-01 13:28 . 2007-07-24 07:40 79,304 --a------ C:\Windows\System32\drivers\mfeavfk.sys
      2008-01-01 13:28 . 2007-07-21 09:08 40,488 --a------ C:\Windows\System32\drivers\mfesmfk.sys
      2008-01-01 13:28 . 2007-07-21 09:08 35,240 --a------ C:\Windows\System32\drivers\mfebopk.sys
      2008-01-01 13:28 . 2007-07-24 12:02 33,800 --a------ C:\Windows\System32\drivers\mferkdk.sys
      2008-01-01 13:27 . 2008-01-01 13:27 <DIR> d-------- C:\Program Files\McAfee.com
      2008-01-01 13:27 . 2008-01-11 21:36 <DIR> d-------- C:\Program Files\McAfee
      2008-01-01 13:27 . 2008-01-01 13:28 <DIR> d-------- C:\Program Files\Common Files\McAfee
      2008-01-01 13:26 . 2008-01-01 13:31 <DIR> d-------- C:\Users\All Users\McAfee
      2008-01-01 13:26 . 2008-01-01 13:31 <DIR> d-------- C:\ProgramData\McAfee
      2007-12-30 13:02 . 2007-12-30 13:02 <DIR> d-------- C:\Windows\System32\loveearth Hot Air Balloon dir
      2007-12-30 13:02 . 2007-12-30 13:02 503,808 --a------ C:\Windows\System32\loveearth Hot Air Balloon.scr
      2007-12-29 23:00 . 2007-12-29 23:00 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
      2007-12-29 23:00 . 2007-12-29 23:00 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
      2007-12-18 19:07 . 2007-12-18 19:07 <DIR> d-------- C:\Program Files\mcesoft
      2007-12-14 18:59 . 2008-01-06 18:10 952 --ahs---- C:\Windows\System32\KGyGaAvL.sys
      2007-12-14 18:09 . 2007-12-14 18:59 <DIR> d-------- C:\Users\Bas\AppData\Roaming\Corel
      2007-12-14 18:08 . 2007-12-31 08:50 <DIR> d-------- C:\Users\All Users\Corel
      2007-12-14 18:08 . 2007-12-31 08:50 <DIR> d-------- C:\ProgramData\Corel
      2007-12-14 18:01 . 2007-12-14 18:01 <DIR> d-------- C:\Program Files\Corel
      2007-12-14 18:01 . 2007-12-14 18:04 <DIR> d-------- C:\Program Files\Common Files\Corel
      2007-12-12 21:13 . 2007-12-12 21:13 1,327,104 --a------ C:\Windows\System32\quartz.dll
      2007-12-12 21:13 . 2007-12-12 21:13 223,232 --a------ C:\Windows\System32\WMASF.DLL
      2007-12-12 21:13 . 2007-12-12 21:13 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
      2007-12-12 21:13 . 2007-12-12 21:13 2,048 --a------ C:\Windows\System32\asferror.dll
      2007-12-12 21:11 . 2007-12-12 21:11 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
      2007-12-12 21:11 . 2007-12-12 21:11 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
      2007-12-12 21:11 . 2007-12-12 21:11 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
      2007-12-12 21:11 . 2007-12-12 21:11 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
      2007-12-12 21:10 . 2007-12-12 21:10 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
      2007-12-12 21:10 . 2007-12-12 21:10 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
      2007-12-12 21:09 . 2007-12-12 21:09 2,048 --a------ C:\Windows\System32\tzres.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-09 13:43 --------- d-----w C:\Program Files\Windows Mail
      2008-01-09 13:36 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-01-09 13:36 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-01-09 13:36 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-01-09 13:36 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-01-09 13:35 --------- d-----w C:\Program Files\Windows Sidebar
      2008-01-01 12:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-01-01 12:45 --------- d-----w C:\ProgramData\Symantec
      2007-12-14 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-12-14 16:48 --------- d-----w C:\Program Files\Atari
      2007-12-14 16:47 --------- d-----w C:\Users\Bas\AppData\Roaming\Atari
      2007-12-14 16:44 --------- d-----w C:\Program Files\PokerTH
      2007-12-12 20:14 --------- d-----w C:\ProgramData\Microsoft Help
      2007-12-12 20:12 824,832 ----a-w C:\Windows\System32\wininet.dll
      2007-12-12 20:12 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2007-12-12 20:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2007-12-12 20:12 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2007-12-10 17:45 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
      2007-12-05 18:24 --------- d-----w C:\Users\Bas\AppData\Roaming\pokerth
      2007-12-03 15:21 --------- d-----w C:\Program Files\MSECache
      2007-11-26 19:31 9 ----a-w C:\Users\Bas\AppData\Roaming\mdb.bin
      2007-11-24 16:39 --------- d-----w C:\Program Files\Picasa2
      2007-11-24 16:36 --------- d-----w C:\Program Files\Google
      2007-11-17 10:07 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
      2007-11-17 06:56 --------- d-----w C:\Program Files\Logitech
      2007-11-15 19:55 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2007-11-15 19:55 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
      2007-11-15 19:55 542,720 ----a-w C:\Windows\System32\sysmain.dll
      2007-11-15 19:55 502,784 ----a-w C:\Windows\System32\wlansvc.dll
      2007-11-15 19:55 47,104 ----a-w C:\Windows\System32\wlanapi.dll
      2007-11-15 19:55 297,984 ----a-w C:\Windows\System32\wlansec.dll
      2007-11-15 19:55 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
      2007-11-15 19:55 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
      2007-11-15 19:55 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
      2007-11-15 19:55 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
      2007-11-15 19:55 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
      2007-11-15 19:55 2,923,520 ----a-w C:\Windows\explorer.exe
      2007-11-15 19:55 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2007-11-15 19:55 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
      2007-11-15 19:55 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
      2007-11-15 16:18 12,464 ----a-w C:\Windows\system32\drivers\SECDRV.SYS
      2007-10-12 21:06 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
      2007-10-03 07:03 0 ----a-w C:\Users\Bas\AppData\Roaming\wklnhst.dat
      2007-10-02 18:09 174 --sha-w C:\Program Files\desktop.ini
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 14:35 1232896]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
      "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 07:18 307200]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-02 18:59 1006264]
      "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 19:57 3784704 C:\Windows\RtHDVCpl.exe]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
      "Acer Tour"=""
      "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 17:02 98304]
      "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 17:05 106496]
      "Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 17:02 81920]
      "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
      "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 12:36 32768]
      "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [ ]
      "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2007-01-10 10:34 200704]
      "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2006-08-29 08:26 241664]
      "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 13:37 86016]
      "eRecoveryService"=""
      "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
      "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 08:01 151552]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
      "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 13:17 188416]
      "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-08-29 13:20 77824]
      "WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 13:35 176128]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
      "Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" [ ]
      "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200]
      "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
      "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]

      C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
      Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-17 07:46:34]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 01:05:56]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "LogonHoursAction"= 2 (0x2)
      "DontDisplayLogonHoursWarnings"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "LoadAppInit_DLLs"=1 (0x1)

      R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
      R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
      R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
      R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 10:27]
      R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
      R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-03-22 17:21]
      R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-24 18:17]
      R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
      R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
      R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 08:33]
      R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 18:29]
      R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 08:30]
      R3 WisLMSvc;WisLMSvc;"C:\Program Files\Launch Manager\WisLMSvc.exe" [2006-11-17 19:45]
      S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
      S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 20:18]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

      *Newly Created Service* - PROCEXP90
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-01 16:31:49 C:\Windows\Tasks\McDefragTask.job"
      - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
      "2008-01-01 16:31:49 C:\Windows\Tasks\McQcTask.job"
      - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-12 01:42:51
      Windows 6.0.6000 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-01-12 1:44:14
      .
      2008-01-11 13:45:16 --- E O F ---




      En het Hijackthis logje:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 1:45:33, on 12-1-2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16575)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      C:\Program Files\Launch Manager\LaunchAp.exe
      C:\Program Files\Launch Manager\HotkeyApp.exe
      C:\Program Files\Launch Manager\OSDCtrl.exe
      C:\Program Files\Launch Manager\WButton.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Windows\System32\wpcumi.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
      C:\Program Files\McAfee.com\Agent\mcagent.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
      C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
      C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\conime.exe
      C:\Windows\explorer.exe
      C:\Windows\system32\notepad.exe
      c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
      O1 - Hosts: ::1 localhost
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
      O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
      O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
      O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
      O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
      O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
      O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
      O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
      O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
      O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
      O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
      O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Empowering Technology Launcher.lnk = ?
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O13 - Gopher Prefix:
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
      O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
      O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
      O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
      O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
      O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
      O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

      --
      End of file - 10271 bytes



      Ben benieuwd wat nu de conclusie is.....

      Groeten

      Comment


      • #4
        Zeg jij het maar, het logje is schoon.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Vreemd... naja.. aan de andere kant natuurlijk fijn dat er niks (meer) is.

          Bedankt voor de aandacht en de hulp tot zo ver!

          Succes met alles! Groeten Bas

          Comment


          • #6
            Toch nog wat proberen.

            Download: RVAXO.exe
            Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
            Je kunt het programma laten uitpakken naar je bureaublad.
            Open nu de map RVAXO op je bureaublad en dubbelklik RVAXO.cmd
            Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
            Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze zijn werk doen.

            Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
            Laat deze lopen en wacht tot er een logfile opent.
            Deze is eventueel ook hier te vinden: C:\RVAXO-results.log
            Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

            Herstart je PC niet?

            Laat RVAXO nog een keer lopen en post dan het nieuwe logje: C:\rvaxo-results.log

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Ik heb bovenstaande uitgevoerd, maar:
              - die uninstaller start niet
              - de PC herstart niet
              - Het RVAXO-logje is nergens te vinden op mijn pc. Hij geeft zelf ook aan dat hij het niet kan vinden (in dat RVAXO - scherm).

              Is dit allemaal normaal? Moet ik nu een gewoon logje posten?

              Comment


              • #8
                Neen , verwijder maar, windows vista he, de tool werkt daar tijdelijk niet op.

                Download en installeer AVG Anti-Spyware 7.5
                • Scroll iets naar beneden, klik ?download now? en sla het programma op.
                • Klik tweemaal ?uitvoeren? en selecteer een taal.
                • Doorloop enkele vensters en klik op ?installeren?.
                • Als het niet automatisch gebeurt klik je op ?updates?
                • Selecteer "Scanner" bovenin het scherm en selecteer dan "Settings"
                • Eenmaal in het Settings gedeelte klik je "Recommended actions" en vervolgens "Quarantine"
                • Sluit Ewido. Laat het nog niet scannen




                Start AVG Anti-Spyware, (er is een icon op je desktop
                • klik op Scanner
                • Klik op Complete System Scan
                • Laat het programma je pc scannen, dit kan even duren.
                • Als er ge?nfecteerde bestanden zijn gevonden, klik dan op "Apply all actions"
                  Daarna zal je een knop zien Save report
                • Klik op Save Report
                • Klik daarna op Save Report as en bewaar het rapport op op je bureaublad.
                • Sluit AVG Anti-spyware af en herstart de computer in normale mode.

                Post het log tesamen met een nieuw hijackthis log.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Alles uitgevoerd en de volgende logjes, volgens mij is het allemaal schoon of niet? Toch blijft IE 7 raar doen, met afsluiten reageerd hij vaak niet meer en soms nog opent hij vaker.

                  Logje scan:
                  ---------------------------------------------------------
                  AVG Anti-Spyware - Scan Report
                  ---------------------------------------------------------

                  + Created at: 13:31:56 20-1-2008

                  + Scan result:



                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Adtech : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Bfast : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt -> TrackingCookie.Bluestreak : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Estat : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Etracker : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Gemius : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Information : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Ivwbox : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected]s[1].txt -> TrackingCookie.Masterstats : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Netflame : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Oewabox : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Revsci : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Smartadserver : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Weborama : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt -> TrackingCookie.Weborama : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Webtrends : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
                  C:\Users\Bas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.


                  ::Report end

                  Hijackthis logje:

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 1:45:33, on 12-1-2008
                  Platform: Windows Vista (WinNT 6.00.1904)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16575)
                  Boot mode: Normal

                  Running processes:
                  C:\Windows\system32\Dwm.exe
                  C:\Windows\system32\taskeng.exe
                  C:\Program Files\Windows Defender\MSASCui.exe
                  C:\Windows\RtHDVCpl.exe
                  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                  C:\Windows\System32\hkcmd.exe
                  C:\Windows\System32\igfxpers.exe
                  C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
                  C:\Program Files\Launch Manager\LaunchAp.exe
                  C:\Program Files\Launch Manager\HotkeyApp.exe
                  C:\Program Files\Launch Manager\OSDCtrl.exe
                  C:\Program Files\Launch Manager\WButton.exe
                  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                  C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
                  C:\Program Files\Logitech\Video\LogiTray.exe
                  C:\Windows\System32\wpcumi.exe
                  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                  C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
                  C:\Program Files\McAfee.com\Agent\mcagent.exe
                  C:\Program Files\Windows Sidebar\sidebar.exe
                  C:\Windows\ehome\ehtray.exe
                  C:\Program Files\Windows Media Player\wmpnscfg.exe
                  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  C:\Windows\ehome\ehmsas.exe
                  C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
                  C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
                  C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
                  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                  C:\Windows\system32\taskeng.exe
                  C:\Windows\system32\conime.exe
                  C:\Windows\explorer.exe
                  C:\Windows\system32\notepad.exe
                  c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
                  C:\Program Files\Internet Explorer\ieuser.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
                  O1 - Hosts: ::1 localhost
                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
                  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
                  O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
                  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                  O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
                  O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
                  O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
                  O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
                  O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
                  O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
                  O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
                  O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
                  O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
                  O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
                  O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
                  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
                  O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
                  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                  O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
                  O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
                  O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                  O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                  O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
                  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                  O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  O4 - Global Startup: Empowering Technology Launcher.lnk = ?
                  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                  O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O13 - Gopher Prefix:
                  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
                  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                  O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
                  O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
                  O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
                  O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
                  O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                  O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                  O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
                  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                  O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
                  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
                  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                  O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
                  O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

                  --
                  End of file - 10271 bytes

                  Comment


                  • #10
                    probeer de stappen op deze pagina eens.

                    Windows 10 opstarten in Veilige Modus

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X