Ga naar inhoud

PC bevriest atlijd wanneer op netstroom, en de CPU ietwat harder moet werken

Danny87

Door Danny87
in Archief Hardware algemeen

 Delen

Aanbevolen berichten

Danny87 Leerling

Danny87

Geplaatst:
Geplaatst:

Ik heb reeds 2.5 jar een acer aspire 6930, Windows Vista. Deze heeft het een tijdje perfect gedaan, maar de laatste maanden wordt ik geconfronteerd met een vervelend probleem, en gisteren is dit probleem problematisch geworden :-) :

Het PC scherm bevriest vanaf wanneer de laptop iets meer dan de minimale inspanningen moet gaan doen. Hierdoor moet ik de stroomknop altijd 5 sec induwen om hem uit te zetten. Dit komt alleen voor wanneer de laptop is aangesloten op de netstroom. Wanneer ik met de batterij werk, gebeurd dit nooit. Nu is de batterij niet meer optimaal, waardoor het probleem dus zeer vervelend wordt. Ik had het een lange tijd alleen wanneer ik de pc opstartte via de netstroom. Maar dat was niet zo erg, dan startte ik hem gewoon altijd met de batterij op. Gisteren zag ik echter, dat de acer ePower Management de CPU snelheid onder netstroom op het laagste niveau had staan, even laag als wanneer ik werk met de batterij. Aangezien ik al lang het gevoel heb dat de laptop zwaar onder zijn prestaties werkt, heb ik dit naar het middelste niveau verzet. En vandaar zijn de problemen gekomen. Hij bevriest nu ook tijdens het werken, wanneer ik bijvoorbeeld en op word zit en op het internet. Of gisteren heb ik Civilization V geïnstalleerd (maar dat heeft niets met het bevriezen te maken), en na ongeveer 2 minuten spelen bevriest hij. Eén maal heeft hij het een half uurtje uitgehouden. Ik heb de instelling dan maar teruggezet naar het laagste niveau, maar het probleem blijft.

Nu was ik zelfs gewoon tijdens ik aan het typen was, de bevestigingslink aan het invoeren voor pc-helpforum.be, wat genoeg was voor mn laptop om weeral te bevriezen. Ik dacht dat het misschien kwam omdat er teveel stof inzit, en heb hem zeer voorzichtig opengedaan, blijkt dat dit nog goed meeviel. De temperaturen zijn ook vrij hoog denk ik, maar toch nog altijd normaal.

Kort gezegd: hij onderpresteert zwaar, bevriest direct wanneer de CPU taken ietwat zwaarder worden, en dit komt alleen voor bij de aansluiting op de netstroom.

Wie kan mij helpen?

Ik heb wel enig inzicht in PC's, maar ik vrees dat ik toch als een rookie mag beschouwd worden

Alvast hartelijk dank.

Danny

Link naar reactie
Delen op andere sites
clarkie Grootmeester

clarkie

Geplaatst:
Geplaatst:

Voer onderstaande uit, nadien zal een expert je verder helpen.

Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Link naar reactie
Delen op andere sites
Danny87 Leerling

Danny87

Geplaatst:
  • Auteur
Geplaatst:

Bedankt! Ik heb geen adminstratormeldingen gekregen, dus ik denk dat dit ok is:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:00:09, on 30/01/2011

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18999)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Veoh Web Player Toolbar - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo1.dll

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: Veoh Web Player Toolbar - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: Veoh Web Player Toolbar - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo1.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Google Updateservice (gupdate1c98ee976a6d920) (gupdate1c98ee976a6d920) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11618 bytes

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Start Hijackthis op. Ben je gebruiker van Vista of windows 7 kies dan voor “Run as administrator" of "Uitvoeren als administrator".

Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Veoh Web Player Toolbar - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo1.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Veoh Web Player Toolbar - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo1.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Veoh Web Player Toolbar - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo1.dll

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
Danny87 Leerling

Danny87

Geplaatst:
  • Auteur
Geplaatst:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Databaseversie: 5647

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18999

31/01/2011 15:40:18

mbam-log-2011-01-31 (15-40-18).txt

Scantype: Snelle scan

Objecten gescand: 157691

Verstreken tijd: 48 minuut/minuten, 42 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 1

Mappen geïnfecteerd: 7

Bestanden geïnfecteerd: 6

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:

c:\Windows\System32\bycool (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\Windows\System32\bycool1 (Worm.AutoIT) -> Quarantined and deleted successfully.

c:\Windows\System32\f\d (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\Windows\System32\f\d\e (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\Windows\System32\f\d\e\d (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\Windows\System32\f\d\e\d\h (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\Windows\System32\f\d\e\d\h\danny_17_01_2009_12_43_00 (Worm.AutoRun) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

c:\programdata\iexplorer.exe (Worm.Autorun) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\iexplorer.exe (Worm.Autorun) -> Quarantined and deleted successfully.

c:\Windows\System32\bycool\my.dll (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\Windows\System32\bycool\r.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\Windows\System32\f\d\e\d\h\danny_17_01_2009_12_43_00\17_01_2009.k (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\Windows\System32\f\d\e\d\h\danny_17_01_2009_12_43_00\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.

-------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:44:19, on 31/01/2011

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18999)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Google Updateservice (gupdate1c98ee976a6d920) (gupdate1c98ee976a6d920) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11100 bytes

-----------------

U bent hartelijk bedankt voor de moeite! ik heb een microsoft security essentials, en wist niet dat ik nog zoveel virussen had. Nu is het maar hopen dat dit de oorzaak van het probleem is.

bedankt! wat doe ik vervolgens?

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Malwarebytes heeft flink opgeruimd en het logje van Hijackthis ziet er nu ook goed uit.

Microsoft Security Essentials is wel een goede virusscanner maar wat wij nu verwijderd hebben, zijn niet echt virussen en daarom worden ze niet altijd gevonden door de virusscanner.

Voor de volledigheid mag je nog het volgende doen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

  • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
    Klik hier
    Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
    **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
  • Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Al deze acties gaan je systeem wel vrij maken van virussen en malware maar ik vrees dat ze het eigenlijke probleem niet gaan oplossen.

Volgens mij zit het probleem bij de batterij die niet meer 100% is, zoals je zelf zegt.

Een defecte of slecht werkende batterij kan rare dingen doen met je laptop.

Ik raad je aan om een nieuwe batterij aan te schaffen en veel kans dat daarmee het probleem van vastlopen wel opglost is.

Link naar reactie
Delen op andere sites
Danny87 Leerling

Danny87

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 11-01-31.02 - Danny 02/02/2011 13:54:46.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3066.1864 [GMT 1:00]

Gestart vanuit: c:\users\Danny\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Acer\Acer Bio Protection\PwdFilter.dll

c:\users\Danny\AppData\Roaming\.#

c:\windows\system32\f

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-01-02 to 2011-02-02 ))))))))))))))))))))))))))))))

.

2011-02-02 12:34 . 2011-02-02 12:34 -------- d-----w- c:\users\Danny\AppData\Local\PackageAware

2011-02-01 14:36 . 2011-02-01 14:36 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A85A691E-3F77-464C-8861-8535DB87D409}\gapaengine.dll

2011-02-01 14:36 . 2011-01-13 00:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4CAE9E4-1DBB-4680-B96B-E0A3C1708667}\mpengine.dll

2011-02-01 14:20 . 2011-02-01 14:20 -------- d-----w- c:\windows\TempCBE6AE3C-C6AB-D494-8572-DEE94DB37BC0-Signatures

2011-02-01 14:18 . 2011-02-01 14:22 -------- d-----w- c:\program files\Microsoft Security Client

2011-01-31 13:40 . 2011-01-31 13:40 -------- d-----w- c:\users\Danny\AppData\Roaming\Malwarebytes

2011-01-31 13:39 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-31 13:39 . 2011-01-31 13:39 -------- d-----w- c:\programdata\Malwarebytes

2011-01-31 13:39 . 2011-01-31 13:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-31 13:39 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-30 12:58 . 2011-01-30 12:58 388096 ----a-r- c:\users\Danny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-30 12:58 . 2011-01-30 12:58 -------- d-----w- c:\program files\Trend Micro

2011-01-30 09:57 . 2011-01-30 09:57 -------- d-----w- C:\found.003

2011-01-29 23:34 . 2011-02-01 14:15 -------- d-----w- c:\program files\SpeedFan

2011-01-29 22:08 . 2011-01-29 22:08 -------- d-----w- c:\users\Danny\AppData\Local\SKIDROW

2011-01-29 19:09 . 2011-01-29 19:09 -------- d-----w- c:\users\Danny\AppData\Local\My Games

2011-01-29 18:53 . 2011-02-01 14:17 -------- d-----w- c:\program files\Sid Meier's Civilization V

2011-01-26 12:27 . 2011-01-26 12:27 -------- d-----w- c:\programdata\Age of Empires 3

2011-01-26 12:24 . 2006-08-30 22:03 34304 ------r- c:\program files\Microsoft Games\Age of Empires III\SetupENU2.dll

2011-01-26 12:15 . 2011-01-26 12:24 -------- d-----w- c:\program files\Common Files\Microsoft Games

2011-01-12 10:33 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

2011-01-12 10:33 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll

2011-01-12 10:33 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-01-12 10:33 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll

2011-01-12 10:33 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-01-12 10:33 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-01-12 10:33 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-01-11 19:18 . 2011-01-11 19:21 -------- d-----w- c:\users\Danny\AppData\Roaming\SmartDraw

2011-01-10 14:01 . 1997-05-29 14:25 315904 ----a-w- c:\windows\IsUn0413.exe

2011-01-10 14:01 . 2011-01-10 14:02 -------- d-----w- c:\windows\system32\E177E04D548C4006A465EEB92D3DE021

2011-01-03 17:05 . 2011-01-19 23:16 -------- d-----w- C:\temp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-23 19:56 . 2010-12-23 19:56 658696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-06 11:10 . 2010-12-16 13:59 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-06 11:10 . 2010-12-16 13:59 357376 ----a-w- c:\windows\system32\taskschd.dll

2010-11-06 11:10 . 2010-12-16 13:59 270336 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-06 11:09 . 2010-12-16 13:59 603648 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-05 00:53 . 2010-12-16 13:59 171520 ----a-w- c:\windows\system32\taskeng.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-14 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-12 3676160]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]

2008-10-12 12:18 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]

2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk

backup=c:\windows\pss\Acer VCM.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Danny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 07:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]

2008-04-25 19:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2008-07-20 09:45 182808 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-11-10 04:43 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-02-14 21:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

R1 MpKsl061a892d;MpKsl061a892d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsl061a892d.sys [x]

R1 MpKsl31ab6844;MpKsl31ab6844;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsl31ab6844.sys [x]

R1 MpKsl3306aa58;MpKsl3306aa58;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsl3306aa58.sys [x]

R1 MpKsl45d6610a;MpKsl45d6610a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsl45d6610a.sys [x]

R1 MpKsl5ddcdedc;MpKsl5ddcdedc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsl5ddcdedc.sys [x]

R1 MpKsl8c2cb156;MpKsl8c2cb156;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4CAE9E4-1DBB-4680-B96B-E0A3C1708667}\MpKsl8c2cb156.sys [x]

R1 MpKsl9cbf7085;MpKsl9cbf7085;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsl9cbf7085.sys [x]

R1 MpKslb0facd19;MpKslb0facd19;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9981F184-BFB9-4A65-B851-552B824D186E}\MpKslb0facd19.sys [x]

R1 MpKslb805e55e;MpKslb805e55e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKslb805e55e.sys [x]

R1 MpKsld14123a8;MpKsld14123a8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsld14123a8.sys [x]

R1 MpKsld4fa9316;MpKsld4fa9316;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4CAE9E4-1DBB-4680-B96B-E0A3C1708667}\MpKsld4fa9316.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c98ee976a6d920;Google Updateservice (gupdate1c98ee976a6d920);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]

R3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]

R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-02-03 23096]

R3 MusCVideo;MusCVideo;c:\windows\system32\DRIVERS\MusCVideo.sys [2009-02-03 3768]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-05-26 81704]

R4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

R4 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-10-12 3602432]

R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]

R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]

R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]

S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-10-12 42608]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-17 691696]

S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]

S3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-05 3658752]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]

S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Inhoud van de 'Gedeelde Taken' map

2011-02-02 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 21:08]

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 21:15]

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 21:15]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://nl.intl.acer.yahoo.com

uInternet Settings,ProxyOverride = local;*.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe

FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\rzkbju6l.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

HKLM-Run-eRecoveryService - (no file)

MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe

MSConfigStartUp-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe

**************************************************************************

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden:

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2898258238-976231752-3870984009-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:29,6e,04,4d,4f,b9,c1,ab,37,87,cf,40,80,79,c4,f5,e8,1d,a9,42,0c,73,9c,

74,9c,e1,cb,07,8b,5f,e8,54,1d,a1,2d,e5,4d,c3,0f,58,79,53,b8,b4,5a,22,69,6a,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-2898258238-976231752-3870984009-1000\Software\SecuROM\License information*]

"datasecu"=hex:36,5f,7b,df,00,e4,be,15,6a,57,0a,7f,4b,27,63,9c,be,1f,37,73,47,

e7,4c,b3,4c,02,a7,98,85,6d,c3,3d,3f,8b,41,dd,79,d1,ae,29,06,1d,2f,96,2a,c1,\

"rkeysecu"=hex:e9,c4,af,ed,e0,f0,36,6f,55,e2,ab,71,6e,7b,79,81

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(5020)

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\windows\System32\SysHook.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\SPBA\upeksvr.exe

c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\conime.exe

c:\program files\Launch Manager\QtZgAcer.EXE

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\windows\ehome\ehmsas.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Voltooingstijd: 2011-02-02 14:27:37 - machine werd herstart

ComboFix-quarantined-files.txt 2011-02-02 13:27

Pre-Run: 42.673.020.928 bytes beschikbaar

Post-Run: 44.449.337.344 bytes beschikbaar

- - End Of File - - 5410995E7C1CD775DAC78F1FCC925BB4

------------------------------------------------------------------------

Heel hartelijk bedankt!!! Ik had niet verwacht dat er vandaag de dag nog mensen waren die onbekenden willen helpen zonder tegenprestatie. Respect! Ik heb mijn batterij er uit gehaald, en werk nu alleen op netstroom, en hij werkt terug perfect! Ook zijn de prestaties terug veel beter. Misschien moet ik de batterij er eens terug insteken om te kijken of hij terug bevriest, zodat ik 100% zeker weet dat het aan de batterij lag.

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\hitmanpro3.sys

Folder::

C:\found.003

C:\found.002

C:\found.001

Driver::

hitmanpro3

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
Danny87 Leerling

Danny87

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 11-01-31.02 - Danny 05/02/2011 14:53:04.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3066.1885 [GMT 1:00]

Gestart vanuit: c:\users\Danny\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Danny\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::

"c:\windows\system32\drivers\hitmanpro3.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\found.001

c:\found.001\dir0000.chk\GrooveMUI.XML

c:\found.001\dir0000.chk\GrooveMUISet.XML

c:\found.001\dir0000.chk\SETUP.XML

c:\found.001\dir0001.chk\ANALYS32.XLL

c:\found.001\dir0001.chk\ATPVBAEN.XLAM

c:\found.001\dir0001.chk\FUNCRES.XLAM

c:\found.001\dir0001.chk\PROCDB.XLAM

c:\found.001\dir0002.chk\OCT.CHM

c:\found.001\dir0002.chk\OfficeMUISet.XML

c:\found.001\dir0002.chk\OSETUPUI.DLL

c:\found.001\dir0002.chk\PSCONFIG.CHM

c:\found.001\dir0002.chk\PSS10O.CHM

c:\found.001\dir0002.chk\PSS10R.CHM

c:\found.001\dir0002.chk\SETUP.CHM

c:\found.001\dir0002.chk\SETUP.XML

c:\found.001\dir0003.chk\SOLVER.XLAM

c:\found.001\dir0003.chk\SOLVER32.DLL

c:\found.001\dir0004.chk\1043\CMDDEFUI.DLL

c:\found.001\dir0004.chk\1043\compsvcspkgui.dll

c:\found.001\dir0004.chk\1043\CSSMetaData.xml

c:\found.001\dir0004.chk\1043\CSSPKGUI.DLL

c:\found.001\dir0004.chk\1043\DISCO.XSL

c:\found.001\dir0004.chk\1043\EMPTY.HTM

c:\found.001\dir0004.chk\1043\HelpWatermark.htm

c:\found.001\dir0004.chk\1043\htmdlgsUI.dll

c:\found.001\dir0004.chk\1043\HTMEDUI.DLL

c:\found.001\dir0004.chk\1043\MSENVUI.DLL

c:\found.001\dir0004.chk\1043\VisualStudioTeamCoreUI.dll

c:\found.001\dir0004.chk\1043\vsbrowseUI.dll

c:\found.001\dir0004.chk\ATL70.DLL

c:\found.001\dir0004.chk\CMDDEF.DLL

c:\found.001\dir0004.chk\Compsvcspkg.dll

c:\found.001\dir0004.chk\CSSMetaDataSchema.xml

c:\found.001\dir0004.chk\CSSPKG.DLL

c:\found.001\dir0004.chk\DISCO.GIF

c:\found.001\dir0004.chk\HTMDLGS.DLL

c:\found.001\dir0004.chk\HTMED.DLL

c:\found.001\dir0004.chk\MSENV.DLL

c:\found.001\dir0004.chk\MSVCP70.DLL

c:\found.001\dir0004.chk\MSVCR70.DLL

c:\found.001\dir0004.chk\MSVCR71.DLL

c:\found.001\dir0004.chk\SCHEMA.GIF

c:\found.001\dir0004.chk\SCHEMAS\HTML\HTM32DOM.TLB

c:\found.001\dir0004.chk\SCHEMAS\HTML\HTM40DOM.TLB

c:\found.001\dir0004.chk\SCHEMAS\HTML\HTML32.XSD

c:\found.001\dir0004.chk\SCHEMAS\HTML\HTML40.XSD

c:\found.001\dir0004.chk\SCHEMAS\HTML\NSC40DOM.TLB

c:\found.001\dir0004.chk\SCHEMAS\HTML\NSCP40.XSD

c:\found.001\dir0004.chk\SCHEMAS\XML\adrotator.xsd

c:\found.001\dir0004.chk\SCHEMAS\XML\ASP.XSD

c:\found.001\dir0004.chk\SCHEMAS\XML\WSHMETA.XSD

c:\found.001\dir0004.chk\SCHEMAS\XML\xsdschema.xsd

c:\found.001\dir0004.chk\SERVICE.GIF

c:\found.001\dir0004.chk\TRIDSN.DLL

c:\found.001\dir0004.chk\VisualStudioTeamCore.dll

c:\found.001\dir0004.chk\VSBROWSE.DLL

c:\found.001\dir0004.chk\VSTLBINF.DLL

c:\found.001\dir0005.chk\context.html

c:\found.001\dir0005.chk\ctxhelp_cls.gif

c:\found.001\dir0005.chk\ctxhelp_opn.gif

c:\found.001\dir0005.chk\ctxmsc_cls.gif

c:\found.001\dir0005.chk\ctxmsc_opn.gif

c:\found.001\dir0005.chk\ctxtrain_cls.gif

c:\found.001\dir0005.chk\ctxtrain_opn.gif

c:\found.001\dir0005.chk\ctxwiz_cls.gif

c:\found.001\dir0005.chk\ctxwiz_opn.gif

c:\found.001\dir0006.chk\1043\CONTEXT.XML

c:\found.001\dir0006.chk\1043\CSDEBUG.XML

c:\found.001\dir0006.chk\1043\CSENVIR.XML

c:\found.001\dir0006.chk\1043\MSDNTRN.XML

c:\found.001\dir0006.chk\1043\OFFICE.XML

c:\found.001\dir0006.chk\DEF_CTX.XML

c:\found.001\dir0007.chk\CSDEBUG.XML

c:\found.001\dir0007.chk\CSENVIR.XML

c:\found.001\dir0007.chk\OFFICE.XML

c:\found.001\dir0008.chk\ACEINTL.DLL

c:\found.001\dir0008.chk\ACEWSTR.DLL

c:\found.001\dir0008.chk\ALRTINTL.DLL

c:\found.001\dir0008.chk\MSEINTL.DLL

c:\found.001\dir0008.chk\MSOINTL.DLL

c:\found.001\dir0008.chk\MSSOAPR3.DLL

c:\found.001\dir0008.chk\xlsrvintl.dll

c:\found.001\dir0009.chk\_Setup.dll

c:\found.001\dir0009.chk\data1.cab

c:\found.001\dir0009.chk\data1.hdr

c:\found.001\dir0009.chk\ISSetup.dll

c:\found.001\dir0009.chk\setup.exe

c:\found.001\dir0009.chk\setup.ilg

c:\found.001\dir0009.chk\setup.ini

c:\found.001\dir0009.chk\setup.inx

c:\found.001\dir0011.chk\swf\flvplayer-sapo.swf\sapo_video_player.sol

c:\found.001\dir0011.chk\swf\flvplayer.swf\sapo_video_player.sol

c:\found.001\file0000.chk

c:\found.001\file0001.chk

c:\found.001\file0002.chk

C:\found.002

c:\found.002\file0000.chk

C:\found.003

c:\found.003\file0000.chk

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_HITMANPRO3

-------\Service_hitmanpro3

(((((((((((((((((((( Bestanden Gemaakt van 2011-01-05 to 2011-02-05 ))))))))))))))))))))))))))))))

.

2011-02-05 14:09 . 2011-02-05 14:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-05 13:37 . 2011-01-13 00:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43B2DD71-E822-4A0F-8E41-112D567D8899}\mpengine.dll

2011-02-02 12:34 . 2011-02-02 12:34 -------- d-----w- c:\users\Danny\AppData\Local\PackageAware

2011-02-01 14:36 . 2011-02-01 14:36 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A85A691E-3F77-464C-8861-8535DB87D409}\gapaengine.dll

2011-02-01 14:20 . 2011-02-01 14:20 -------- d-----w- c:\windows\TempCBE6AE3C-C6AB-D494-8572-DEE94DB37BC0-Signatures

2011-02-01 14:18 . 2011-02-01 14:22 -------- d-----w- c:\program files\Microsoft Security Client

2011-01-31 13:40 . 2011-01-31 13:40 -------- d-----w- c:\users\Danny\AppData\Roaming\Malwarebytes

2011-01-31 13:39 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-31 13:39 . 2011-01-31 13:39 -------- d-----w- c:\programdata\Malwarebytes

2011-01-31 13:39 . 2011-01-31 13:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-31 13:39 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-30 12:58 . 2011-01-30 12:58 388096 ----a-r- c:\users\Danny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-30 12:58 . 2011-01-30 12:58 -------- d-----w- c:\program files\Trend Micro

2011-01-29 23:34 . 2011-02-01 14:15 -------- d-----w- c:\program files\SpeedFan

2011-01-29 22:08 . 2011-01-29 22:08 -------- d-----w- c:\users\Danny\AppData\Local\SKIDROW

2011-01-29 19:09 . 2011-01-29 19:09 -------- d-----w- c:\users\Danny\AppData\Local\My Games

2011-01-29 18:53 . 2011-02-01 14:17 -------- d-----w- c:\program files\Sid Meier's Civilization V

2011-01-26 12:27 . 2011-01-26 12:27 -------- d-----w- c:\programdata\Age of Empires 3

2011-01-26 12:24 . 2006-08-30 22:03 34304 ------r- c:\program files\Microsoft Games\Age of Empires III\SetupENU2.dll

2011-01-26 12:15 . 2011-01-26 12:24 -------- d-----w- c:\program files\Common Files\Microsoft Games

2011-01-12 10:33 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

2011-01-12 10:33 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll

2011-01-12 10:33 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-01-12 10:33 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll

2011-01-12 10:33 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-01-12 10:33 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-01-12 10:33 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-01-11 19:18 . 2011-01-11 19:21 -------- d-----w- c:\users\Danny\AppData\Roaming\SmartDraw

2011-01-10 14:01 . 1997-05-29 14:25 315904 ----a-w- c:\windows\IsUn0413.exe

2011-01-10 14:01 . 2011-01-10 14:02 -------- d-----w- c:\windows\system32\E177E04D548C4006A465EEB92D3DE021

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-13 00:41 . 2010-01-17 20:54 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-12-23 19:56 . 2010-12-23 19:56 658696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-14 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-12 3676160]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]

2008-10-12 12:18 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]

2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk

backup=c:\windows\pss\Acer VCM.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Danny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 07:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]

2008-04-25 19:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2008-07-20 09:45 182808 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-11-10 04:43 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-02-14 21:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

R1 MpKsl061a892d;MpKsl061a892d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsl061a892d.sys [x]

R1 MpKsl1e8be60e;MpKsl1e8be60e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7C732B0-1599-45BB-BE03-F547D3A5D318}\MpKsl1e8be60e.sys [x]

R1 MpKsl31ab6844;MpKsl31ab6844;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsl31ab6844.sys [x]

R1 MpKsl3306aa58;MpKsl3306aa58;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsl3306aa58.sys [x]

R1 MpKsl3ac96c6c;MpKsl3ac96c6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7C732B0-1599-45BB-BE03-F547D3A5D318}\MpKsl3ac96c6c.sys [x]

R1 MpKsl423e386c;MpKsl423e386c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43B2DD71-E822-4A0F-8E41-112D567D8899}\MpKsl423e386c.sys [x]

R1 MpKsl45d6610a;MpKsl45d6610a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsl45d6610a.sys [x]

R1 MpKsl5ddcdedc;MpKsl5ddcdedc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsl5ddcdedc.sys [x]

R1 MpKsl8c2cb156;MpKsl8c2cb156;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4CAE9E4-1DBB-4680-B96B-E0A3C1708667}\MpKsl8c2cb156.sys [x]

R1 MpKsl9cbf7085;MpKsl9cbf7085;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsl9cbf7085.sys [x]

R1 MpKslb0facd19;MpKslb0facd19;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9981F184-BFB9-4A65-B851-552B824D186E}\MpKslb0facd19.sys [x]

R1 MpKslb805e55e;MpKslb805e55e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKslb805e55e.sys [x]

R1 MpKsld14123a8;MpKsld14123a8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A4EAF4-8A59-4923-9282-56A944150554}\MpKsld14123a8.sys [x]

R1 MpKsld4fa9316;MpKsld4fa9316;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4CAE9E4-1DBB-4680-B96B-E0A3C1708667}\MpKsld4fa9316.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c98ee976a6d920;Google Updateservice (gupdate1c98ee976a6d920);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]

R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-02-03 23096]

R3 MusCVideo;MusCVideo;c:\windows\system32\DRIVERS\MusCVideo.sys [2009-02-03 3768]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-05-26 81704]

R4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

R4 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-10-12 3602432]

R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]

R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]

R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]

S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-10-12 42608]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-17 691696]

S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]

S3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-05 3658752]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]

S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Inhoud van de 'Gedeelde Taken' map

2011-02-05 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 21:08]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 21:15]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 21:15]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://nl.intl.acer.yahoo.com

uInternet Settings,ProxyOverride = local;*.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe

FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\rzkbju6l.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-02-05 15:14

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2898258238-976231752-3870984009-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:29,6e,04,4d,4f,b9,c1,ab,37,87,cf,40,80,79,c4,f5,e8,1d,a9,42,0c,73,9c,

74,9c,e1,cb,07,8b,5f,e8,54,1d,a1,2d,e5,4d,c3,0f,58,79,53,b8,b4,5a,22,69,6a,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-2898258238-976231752-3870984009-1000\Software\SecuROM\License information*]

"datasecu"=hex:36,5f,7b,df,00,e4,be,15,6a,57,0a,7f,4b,27,63,9c,be,1f,37,73,47,

e7,4c,b3,4c,02,a7,98,85,6d,c3,3d,3f,8b,41,dd,79,d1,ae,29,06,1d,2f,96,2a,c1,\

"rkeysecu"=hex:e9,c4,af,ed,e0,f0,36,6f,55,e2,ab,71,6e,7b,79,81

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(3296)

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\SPBA\upeksvr.exe

c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\conime.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Apple Software Update\SoftwareUpdate.exe

c:\windows\ehome\mcupdate.EXE

.

**************************************************************************

.

Voltooingstijd: 2011-02-05 15:22:15 - machine werd herstart

ComboFix-quarantined-files.txt 2011-02-05 14:22

ComboFix2.txt 2011-02-02 13:27

Pre-Run: 43.787.563.008 bytes beschikbaar

Post-Run: 44.397.527.040 bytes beschikbaar

- - End Of File - - 324FF6012E7CE65E44C2CE7CDF54EBCA

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.