geïnfecteerde laptop

**slicky** · 21 November 2012, 20:34

de laptop van mijn ma deed raar bij het opstraten
graag eens controle van volgend log
ik heb Mbam reeds laten lopen en heeft 30 infecties verwijderd

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Databaseversie: v2012.11.20.04
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Rita :: NOTEBOOK_V_RITA [administrator]
20/11/2012 20:46:12
mbam-log-2012-11-20 (20-46-12).txt
Scantype: Volledige scan (C:\|)
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 350838
Verstreken tijd: 46 minuut/minuten, 34 seconde

Geheugenprocessen gedetecteerd: 1
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> 3572 -> Zal worden verwijderd tijdens het herstarten.
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 20
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |Browser companion helper (PUP.Blabbers) -> Data: C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 8
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Zal worden verwijderd tijdens het herstarten.
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Rita\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\APOIJE23\installer_scrabble[1].exe (PUP.BundleInstaller.BT) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Rita\AppData\LocalLow\bbrs_002.tb\content \BCHelper.exe (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Rita\Downloads\installer_scrabble (1).exe (PUP.BundleInstaller.BT) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Rita\Downloads\installer_scrabble.exe (PUP.BundleInstaller.BT) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)

hierna het log van hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:29:00, on 21/11/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8721 bytes

alvast bedankt

**Juisterr** · 22 November 2012, 13:59

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

**slicky** · 22 November 2012, 17:20

alvast bedankt.
ik zit nu nog op mijn werk,zal rond 18u30 het bovenste eens uitvoeren.

**Juisterr** · 22 November 2012, 20:30

19:30 hr

Ik w8 met spanning.

**slicky** · 22 November 2012, 20:51

Oorspronkelijk geplaatst door Juisterr

19:30 hr

Ik w8 met spanning.

ben hier eindelijk
ter info de laptop was niet geupdate, en ik heb nu reeds alle updates geïnstalleerd incl SP1
hierbij het combofix log

ComboFix 12-11-22.03 - Rita 22/11/2012 19:36:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4078.2291 [GMT 1:00]
Gestart vanuit: c:\users\Rita\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Rita\Desktop\Internet Explorer.lnk
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-10-22 to 2012-11-22 ))))))))))))))))))))))))))))))
.
.
2012-11-22 18:41 . 2012-11-22 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-22 18:33 . 2012-11-22 18:33 -------- d-----w- c:\users\Rita\AppData\Roaming\AVG9
2012-11-21 20:31 . 2012-11-21 20:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-21 20:31 . 2012-11-22 18:30 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-11-21 20:30 . 2012-11-21 20:30 -------- d-----w- c:\users\Rita\AppData\Local\Programs
2012-11-21 19:29 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-11-21 19:29 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-11-21 19:29 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-11-21 18:53 . 2012-11-21 18:53 -------- d-----w- c:\windows\system32\SPReview
2012-11-21 18:52 . 2012-11-21 18:52 -------- d-----w- c:\windows\system32\EventProviders
2012-11-21 18:34 . 2010-11-20 13:33 376192 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-21 18:33 . 2010-11-20 13:27 812032 ----a-w- c:\windows\system32\wpccpl.dll
2012-11-21 18:32 . 2010-11-20 13:27 53248 ----a-w- c:\windows\system32\odbcconf.dll
2012-11-21 18:31 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-11-21 18:31 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-11-21 18:31 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-11-21 18:28 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-11-21 18:28 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-11-21 18:28 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-11-21 18:27 . 2012-11-21 18:27 388096 ----a-r- c:\users\Rita\AppData\Roaming\Microsoft\Installer\ {45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-21 18:27 . 2012-11-21 18:27 -------- d-----w- c:\program files (x86)\Trend Micro
2012-11-21 18:24 . 2012-11-22 18:29 -------- d-----w- c:\programdata\boost_interprocess
2012-11-21 18:10 . 2012-11-21 18:10 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-11-21 18:10 . 2012-11-21 18:10 -------- d-----w- c:\windows\system32\wbem\en-US
2012-11-21 17:30 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-11-20 21:04 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui
2012-11-20 21:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-20 21:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-20 21:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-20 20:49 . 2012-10-29 20:04 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-20 20:49 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-20 20:49 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-20 20:49 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-20 20:49 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-20 20:49 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-20 20:49 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-20 20:49 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-20 20:47 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-11-20 20:47 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-11-20 20:47 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-11-20 20:47 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-11-20 20:47 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-11-20 20:18 . 2012-11-20 20:18 -------- d-----w- c:\program files\CCleaner
2012-11-20 20:07 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-11-20 20:06 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-20 20:06 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-20 20:06 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-20 20:04 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-11-20 20:03 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-11-20 20:03 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-11-20 20:03 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-20 20:03 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-20 20:02 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-11-20 20:02 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-11-20 20:02 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-11-20 20:02 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-11-20 20:02 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-11-20 20:02 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
2012-11-20 20:02 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-11-20 20:02 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-11-20 20:02 . 2010-11-20 13:25 296960 ----a-w- c:\windows\system32\rstrui.exe
2012-11-20 20:01 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-11-20 20:01 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-11-20 20:01 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-11-20 20:01 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-11-20 19:59 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-11-20 19:56 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-11-20 19:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-11-20 19:56 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-11-20 19:45 . 2012-11-20 19:45 -------- d-----w- c:\users\Rita\AppData\Roaming\Malwarebytes
2012-11-20 19:44 . 2012-11-20 19:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-20 19:44 . 2012-11-20 19:44 -------- d-----w- c:\programdata\Malwarebytes
2012-11-20 19:44 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-11-21 19:11 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-11-21 19:11 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-09 1025616]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 13280]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-20 247400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-16 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [2011-05-15 269904]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [2011-09-13 35664]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [2011-05-15 317520]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIV ERS\mwlPSDFilter.sys [2010-12-10 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVER S\mwlPSDNServ.sys [2010-12-10 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVER S\mwlPSDVDisk.sys [2010-12-10 62584]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-28 203264]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2011-05-15 308136]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-12-09 311376]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 868224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sy s [2010-09-27 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1186684406-819473139-4275297957-1000Core.job
- c:\users\Rita\AppData\Local\Google\Update\GoogleUp date.exe [2012-08-01 15:41]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1186684406-819473139-4275297957-1000UA.job
- c:\users\Rita\AppData\Local\Google\Update\GoogleUp date.exe [2012-08-01 15:41]
.
.
--------- X64 Entries -----------
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.130.141 195.130.131.141
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1186684406-819473139-4275297957-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1186684406-819473139-4275297957-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-11-22 19:45:25
ComboFix-quarantined-files.txt 2012-11-22 18:45
.
Pre-Run: 268.661.809.152 bytes beschikbaar
Post-Run: 268.780.011.520 bytes beschikbaar
.
- - End Of File - - 28D6CDE10A612E7A48A5F5A0794F3A6E

**Juisterr** · 22 November 2012, 20:58

Enige verbetering ?

**slicky** · 22 November 2012, 21:01

ik ondervind niet echt problemen meer
is het logje schoon?

ik geef hem morgen terug en zal het wel dan wel horen als ze nog problemen heeft

alvast bedankt.

**slicky** · 22 November 2012, 21:09

kheb nog eens een logje gemaakt met hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:07:52, on 22/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10s_Ac tiveX.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8218 bytes

**Juisterr** · 23 November 2012, 23:25

Je hoeft geen HijackThis te plaatsen hoor, daar hebben we niks meer aan.

Hallo, we gaan de volgende tool inzetten. zoek.exe ®by smeenk

De scan kan een tijdje duren omdat je hele schijf afgezocht wordt naar recent geplaatste bestanden.

"zoek.exe" gebruiken:

Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens het gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Download daarna zoek.exe naar het bureaublad.
Start de tool middels dubbelklik op "zoek.exe".
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande code en plak die in het grote invulvenster:

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
Code:
```
skipstartpage-iedefaults;
emptyclsid;
emptyjava;
emptyflash;
emptyiecache;
emptytemp;
filesrcm;
startupall;
emptyIEcache; 
iedefaults;http://www.google.com
```
Sluit nu eerst alle overige nog openstaande programmavensters!
Klik daarna op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.

**slicky** · 24 November 2012, 10:13

goeiemorgen,

ik heb de laptop reeds terug bij mijn ma afgeleverd.
als ze nog problemen zou hebben laat ik het dan wel horen.

alvast nog eens bedankt voor de ingezette tijd

Discussie: geïnfecteerde laptop

Discussietools

Discussie doorzoeken

Weergave

geïnfecteerde laptop

De volgende gebruiker bedankt Juisterr voor deze nuttige post:

De volgende gebruiker bedankt Juisterr voor deze nuttige post:

Discussie informatie

Users Browsing this Thread

Soortgelijke discussies

tegelijkertijd surfen op laptop én vaste pc ?

IR poort op laptop

laptop

Laptop

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten