Mededeling

Collapse
No announcement yet.

popups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • popups

    Hierode staat mijn log-file. Ik kan niet meer internetten, zonder dat er allemaal popups verschijnen. Hoop en al dat ik deze site heb kunnen bereiken.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:04:59, on 18-4-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Acer\Empowering Technology\eDSMSNfix.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Windows\system32\igfxext.exe
    C:\ProgramData\U3\U3Launcher\LaunchU3.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJYPhgf.dll,#1
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\PETERP~1\AppData\Local\Temp\byXpqpoM.dll,c
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\PETERP~1\AppData\Local\Temp\vtUmMcCR.dll,#1
    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\PETERP~1\AppData\Local\Temp\lcvdjhtc.dll",run
    O4 - HKCU\..\Run: [90b66752] rundll32.exe "C:\Users\PETERP~1\AppData\Local\Temp\qdpuiqxm.dll",b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: LaunchU3.exe.lnk = ?
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11683 bytes

  • #2
    Hallo

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJYPhgf.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\PETERP~1\AppData\Local\Temp\byXpqpoM.dll,c
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\PETERP~1\AppData\Local\Temp\vtUmMcCR.dll,#1
    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\PETERP~1\AppData\Local\Temp\lcvdjhtc.dll",run
    O4 - HKCU\..\Run: [90b66752] rundll32.exe "C:\Users\PETERP~1\AppData\Local\Temp\qdpuiqxm.dll",b

    Klik op 'Fix checked' om de items te verwijderen.


    Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

    Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
    Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    succes

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Hieronder staan beide logfiles:

      ComboFix 08-04-18.3 - Peter Poell 2008-04-19 15:43:41.2 - NTFSx86
      Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1035 [GMT 2:00]
      Gestart vanuit: C:\Users\Peter Poell\Desktop\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\kmd.exe
      C:\Windows\system32\ljJYPhgf.dll

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))
      .

      Geen nieuwe bestanden aangemaakt in deze periode

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-19 10:57 --------- d-----w C:\Users\Peter Poell\AppData\Roaming\skypePM
      2008-04-18 20:00 --------- d-----w C:\Users\Peter Poell\AppData\Roaming\uTorrent
      2008-04-18 18:51 --------- d-----w C:\Program Files\Hitman Pro
      2008-04-18 17:24 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
      2008-04-18 16:13 --------- d-----w C:\ProgramData\Symantec
      2008-04-18 16:12 --------- d-----w C:\Program Files\SpywareBlaster
      2008-04-17 18:17 --------- d-----w C:\Program Files\NeroInstall.bak
      2008-04-17 18:08 --------- d-----w C:\Users\Peter Poell\AppData\Roaming\Nero
      2008-04-17 18:05 --------- d-----w C:\Program Files\Common Files\Nero
      2008-04-17 18:02 --------- d-----w C:\ProgramData\Nero
      2008-04-17 18:02 --------- d-----w C:\Program Files\Nero
      2008-04-13 12:10 --------- d-----w C:\Program Files\DOSBox-0.65
      2008-04-13 09:49 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
      2008-04-13 09:49 --------- d-----w C:\Program Files\AutoCAD Architecture 2008
      2008-04-13 09:39 --------- d-----w C:\ProgramData\Autodesk
      2008-04-12 20:42 --------- d-----w C:\Users\Peter Poell\AppData\Roaming\FileZilla
      2008-04-10 12:45 --------- d-----w C:\Program Files\Windows Mail
      2008-04-10 09:58 --------- d-----w C:\ProgramData\Microsoft Help
      2008-04-03 08:47 --------- d-----w C:\Users\Peter Poell\AppData\Roaming\Skype
      2008-03-25 17:19 --------- d-----w C:\Program Files\FileZilla Client
      2008-03-22 18:33 --------- d-----w C:\ProgramData\Hallmark
      2008-03-22 18:33 --------- d-----w C:\Program Files\Hallmark
      2008-03-09 15:11 --------- d-----w C:\ProgramData\MyPhotoFun
      2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
      2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
      2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
      2008-03-04 21:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-04 21:53 --------- d-----w C:\Program Files\Maxtor
      2008-03-04 21:12 --------- d-----w C:\Program Files\Microsoft Silverlight
      2008-03-02 17:51 --------- d-----w C:\ProgramData\Maxtor
      2008-03-01 18:17 --------- d-----w C:\Program Files\Google
      2008-02-29 11:17 --------- d-----w C:\Users\Peter Poell\AppData\Roaming\Apple Computer
      2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
      2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
      2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
      2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
      2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
      2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
      2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
      2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2008-02-28 15:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
      2008-02-26 14:14 972,072 ----a-w C:\Windows\UNRecode.exe
      2008-02-21 19:21 --------- d-----w C:\Program Files\PENTAX
      2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
      2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
      2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
      2008-02-18 14:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
      2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
      2008-02-14 08:01 194,560 ----a-w C:\Windows\System32\WebClnt.dll
      2008-02-14 07:56 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2008-02-14 07:56 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
      2008-02-14 07:55 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-02-14 07:55 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-02-14 07:55 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-02-14 07:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-02-14 07:54 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-02-14 07:54 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-02-14 07:54 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
      2008-02-14 07:54 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-02-14 07:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-02-14 07:54 1,686,528 ----a-w C:\Windows\System32\gameux.dll
      2008-02-08 19:45 148 ----a-w C:\Users\Peter Poell\BackupResult.DAT
      2007-12-13 18:10 32 ----a-w C:\Users\All Users\ezsid.dat
      2007-12-13 18:10 32 ----a-w C:\ProgramData\ezsid.dat
      2007-08-30 07:27 174 --sha-w C:\Program Files\desktop.ini
      2007-10-06 18:36 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.da t
      2007-10-06 18:36 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      2007-10-06 18:36 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 22:00 1232896]
      "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 09:01 151552]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
      "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 16:08 21686568]
      "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-29 20:33 1006264]
      "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 03:02 98304]
      "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 03:05 106496]
      "Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 03:02 81920]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 05:00 815104]
      "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
      "Acer Tour"=""
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
      "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:18 22696]
      "eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 10:40 13312]
      "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
      "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-09 05:35 614400]
      "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
      "eRecoveryService"=""
      "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 09:01 151552]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
      "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

      C:\Users\Peter Poell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      LaunchU3.exe.lnk - C:\Users\Peter Poell\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-10-08 21:17:35 22486]
      OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
      Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-09 11:27:16 528384]

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UacDisableNotify"=dword:00000001
      "InternetSettingsDisableNotify"=dword:00000001
      "AutoUpdateDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{2AB76D8F-D1C7-4BC7-B8A8-37B9887713A0}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
      "{FC19A6ED-E5D2-464C-ADE1-B7BD65DECF0C}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine
      "{ADAD1361-4419-4AD0-BDAB-B6733D4FC132}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\MagicDirector.exe:CyberLink MagicDirector
      "{56496D2E-886C-4D01-BEBC-4D602A5B037F}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\PowerDV.exe:CyberLink PowerDV
      "{68131F8D-195D-4B2C-A997-EECBD7B2ADCA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{09805B43-E72F-478B-97FF-6B8D2A12390E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{385A1387-B227-45D9-8126-B988C05B4CDA}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
      "{9DF30A3F-1419-46EB-A2E0-8979A9E566B9}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
      "{28A2EBCC-8B8A-4CC4-80B2-9B304E89A3C1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
      "TCP Query User{2B189965-5BAA-49E9-9883-13B1851AEBF4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
      "UDP Query User{2FCE0BC6-FF2C-45BA-AE61-E68A386F78CD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
      "TCP Query User{3C35ACC6-E462-4EEA-8D5D-FBC72AFF3CE7}C:\\program files\\myphotofun\\editor.exe"= UDP:C:\program files\myphotofun\editor.exe:MyPhotoFun Editor
      "UDP Query User{B019F5D3-8EF9-495B-B69E-3C054557628C}C:\\program files\\myphotofun\\editor.exe"= TCP:C:\program files\myphotofun\editor.exe:MyPhotoFun Editor
      "TCP Query User{3AF4CF61-2402-43CC-AE7E-BD7F22198930}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
      "UDP Query User{DAC179A3-0369-4C89-9AA6-44E99AED70B5}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
      "TCP Query User{9EE490AF-FBA0-4FD8-AA42-641E7C0DCF7F}C:\\users\\peter poell\\appdata\\local\\temp\\wzc028\\keygen.exe"= UDP:C:\users\peter poell\appdata\local\temp\wzc028\keygen.exe:keygen.exe
      "UDP Query User{6F9C75D9-7CAF-4FD6-B0CB-9D709BE844C6}C:\\users\\peter poell\\appdata\\local\\temp\\wzc028\\keygen.exe"= TCP:C:\users\peter poell\appdata\local\temp\wzc028\keygen.exe:keygen.exe
      "TCP Query User{5218F5D2-7EFB-4650-8179-B079D924C269}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
      "UDP Query User{E95DEE63-28DE-4906-8863-C07D64333F14}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
      "TCP Query User{566286CA-0BF1-4EDA-A2A9-CF86308CFCCF}C:\\program files\\google\\google sketchup 6\\sketchup.exe"= UDP:C:\program files\google\google sketchup 6\sketchup.exe:SketchUp Application
      "UDP Query User{95F19E69-A8D1-4481-8204-98D5F8992243}C:\\program files\\google\\google sketchup 6\\sketchup.exe"= TCP:C:\program files\google\google sketchup 6\sketchup.exe:SketchUp Application
      "TCP Query User{31B7164C-C77D-4C1F-BCA5-B7BA0F38CB99}C:\\program files\\google\\google sketchup 6\\layout\\layout.exe"= UDP:C:\program files\google\google sketchup 6\layout\layout.exe:LayOut
      "UDP Query User{42AB26BC-2093-4C51-B123-E83319CF1CCB}C:\\program files\\google\\google sketchup 6\\layout\\layout.exe"= TCP:C:\program files\google\google sketchup 6\layout\layout.exe:LayOut

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
      "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
      "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

      R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
      R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
      R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
      R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080415.002\IDSvix86.sys [2008-02-13 18:18]
      R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
      R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 20:07]
      R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-24 19:17]
      R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-09-28 13:24]
      R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
      R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 09:33]
      R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 02:39]
      R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 04:29]
      R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
      S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 06:18]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87988d51-7569-11dc-8d5a-0016d4d90458}]
      \shell\AutoRun\command - G:\LaunchU3.exe -a

      *Newly Created Service* - CATCHME
      *Newly Created Service* - COMHOST
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-04-18 18:03:08 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Peter Poell.job"
      - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-19 15:47:01
      Windows 6.0.6000 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-04-19 15:48:12
      ComboFix-quarantined-files.txt 2008-04-19 13:48:01
      ComboFix2.txt 2008-02-10 17:50:05

      Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
      Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

      207 --- E O F --- 2008-04-10 09:58:48

      Hieronder staat mijn Hijack this logfile na comifix te hebben uitgevoerd:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:51:31, on 19-4-2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16643)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\System32\igfxtray.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Acer\Empowering Technology\eDSMSNfix.exe
      C:\Program Files\Launch Manager\LManager.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
      C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\ProgramData\U3\U3Launcher\LaunchU3.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Windows\system32\igfxext.exe
      C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
      C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
      C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
      C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\sdclt.exe
      C:\Program Files\Internet Explorer\IEUser.exe
      C:\Windows\system32\conime.exe
      C:\Windows\Explorer.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
      O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
      O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
      O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
      O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
      O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
      O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - Startup: LaunchU3.exe.lnk = ?
      O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Empowering Technology Launcher.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: eNetHook.dll
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
      O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
      O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
      O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
      O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
      O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
      O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
      O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

      --
      End of file - 11098 bytes

      Comment


      • #4
        ziet er netjes uit , hoe gaat het nu >?

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          ziet er goed uit

          Het ziet eruit alsof het probleem is opgelost.

          Hartelijk dank hiervoor!!!

          Comment


          • #6
            Graag gedaan.

            Verwijder ComboFix, kopiëer het volgende commando:
            Combofix /U

            Klik Start -> Uitvoeren, en plak (Ctrl-V) het commando, toets vervolgens Ctrl + Shift + Enter.
            Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

            Groeten
            Juisterr

            Windows 10 opstarten in Veilige Modus

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X