[OPGELOST] mijn acer laptop start niet opnieuw op

[axel321]

waarom krijg ik geen andwoord terug???

wij mogen al blij zijn dat we gratis en met plezier worden geholpen door de pch:-)

anders konden we ergens anders hulp gaan zoeken

[misteragga]

oke zal ik doen nog sorry van me ongeduldig heid zal e rmeer rekening mee houde:$

[misteragga]

dit isComboFix 09-10-11.03 - missbollywood 12-10-2009 14:15.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2814.1833 [GMT 2:00]

Gestart vanuit: c:\users\missbollywood\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Installer\1a03ab.msi

c:\windows\Suyin.reg

F:\Autorun.inf

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-09-12 to 2009-10-12 ))))))))))))))))))))))))))))))

.

2009-10-12 12:23 . 2009-10-12 12:23 -------- d-----w- c:\users\missbollywood\AppData\Local\temp

2009-10-12 12:23 . 2009-10-12 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-10-11 20:46 . 2009-10-11 20:46 -------- d-----w- c:\programdata\Messenger Plus!

2009-10-11 18:44 . 2009-10-11 18:44 -------- d-----w- c:\users\missbollywood\AppData\Roaming\Malwarebytes

2009-10-11 18:44 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-11 18:44 . 2009-10-11 18:44 -------- d-----w- c:\programdata\Malwarebytes

2009-10-11 18:44 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-06 20:10 . 2009-10-11 20:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-10-02 23:28 . 2009-10-02 23:28 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-10-01 19:13 . 2009-10-01 19:13 -------- d-----w- c:\users\missbollywood\AppData\Local\Scansoft

2009-10-01 15:09 . 2009-10-01 15:10 -------- d-----w- c:\users\missbollywood\AppData\Roaming\Canon

2009-10-01 15:09 . 2009-10-01 15:09 -------- d-----w- c:\programdata\CanonIJPLM

2009-10-01 14:57 . 2009-10-01 14:57 -------- d-----w- c:\programdata\InstallShield

2009-10-01 14:57 . 2009-10-01 14:57 -------- d-----w- c:\users\missbollywood\AppData\Roaming\ScanSoft

2009-10-01 14:57 . 2009-10-01 14:57 -------- d-----w- c:\programdata\ScanSoft

2009-10-01 14:57 . 2009-10-01 14:57 -------- d-----w- c:\program files\Common Files\ScanSoft Shared

2009-10-01 14:56 . 2009-10-01 14:56 -------- d-----w- c:\program files\ScanSoft

2009-10-01 14:54 . 2009-10-01 14:54 -------- d-----w- c:\program files\Common Files\CANON

2009-10-01 14:51 . 2009-10-01 14:51 -------- d--h--w- c:\programdata\CanonBJ

2009-10-01 14:51 . 2009-10-01 14:51 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2009-10-01 14:49 . 2007-03-18 20:00 215040 ----a-w- c:\windows\system32\CNMLM8S.DLL

2009-10-01 14:49 . 2007-03-23 07:30 1400832 ----a-w- c:\windows\system32\CNC210C.DLL

2009-10-01 14:49 . 2007-03-23 07:29 98304 ----a-w- c:\windows\system32\CNC210I.DLL

2009-10-01 14:49 . 2007-03-19 01:16 200704 ----a-w- c:\windows\system32\CNC210L.DLL

2009-10-01 14:49 . 2007-03-15 05:12 188416 ----a-w- c:\windows\system32\CNC210O.DLL

2009-10-01 14:49 . 2009-10-01 14:49 -------- d--h--w- c:\program files\CanonBJ

2009-10-01 14:48 . 2009-10-01 15:09 -------- d-----w- c:\program files\Canon

2009-09-30 00:04 . 2009-09-30 00:04 -------- d-----w- c:\users\missbollywood\AppData\Local\CyberLink

2009-09-30 00:04 . 2009-09-30 00:05 -------- d-----w- c:\users\missbollywood\AppData\Local\SoftDMA

2009-09-30 00:04 . 2009-09-30 00:04 -------- d-----w- c:\users\missbollywood\AppData\Local\Acer Arcade Deluxe

2009-09-30 00:04 . 2009-09-30 00:04 -------- d-----w- c:\users\missbollywood\AppData\Roaming\CyberLink

2009-09-29 15:51 . 2009-09-29 15:51 -------- d-----w- c:\program files\Microsoft

2009-09-27 22:21 . 2009-09-27 22:21 -------- d-----w- c:\windows\system32\eu-ES

2009-09-27 22:21 . 2009-09-27 22:21 -------- d-----w- c:\windows\system32\ca-ES

2009-09-27 22:21 . 2009-09-27 22:21 -------- d-----w- c:\windows\system32\vi-VN

2009-09-27 22:09 . 2009-09-27 22:09 -------- d-----w- c:\users\missbollywood\AppData\Roaming\eSobi

2009-09-27 19:02 . 2009-09-27 19:02 -------- d-----w- c:\windows\system32\EventProviders

2009-09-27 19:01 . 2009-10-06 16:37 -------- d-----w- c:\users\missbollywood\AppData\Roaming\vlc

2009-09-24 20:08 . 2009-04-11 06:32 3601896 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-09-24 20:07 . 2009-04-11 06:28 223744 ----a-w- c:\windows\system32\wscntfy.dll

2009-09-24 20:06 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll

2009-09-23 18:55 . 2009-09-23 18:55 -------- d-----w- c:\windows\Sun

2009-09-23 18:19 . 2009-09-23 18:19 -------- d-----w- c:\programdata\Office Genuine Advantage

2009-09-22 22:48 . 2009-09-22 22:48 -------- d-----w- c:\program files\Windows Live Safety Center

2009-09-22 22:46 . 2009-09-22 22:46 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-22 22:42 . 2009-09-22 22:42 -------- d-----w- c:\users\missbollywood\AppData\Local\Microsoft Help

2009-09-22 22:29 . 2009-09-22 22:29 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-22 22:29 . 2009-09-22 22:29 -------- d-----w- c:\program files\Java

2009-09-22 22:23 . 2009-09-22 22:24 -------- d-----w- c:\program files\Windows Live

2009-09-22 22:21 . 2009-09-22 22:21 -------- d-----w- c:\users\missbollywood\AppData\Roaming\UnH Solutions

2009-09-22 22:19 . 2009-10-09 23:22 -------- d-----w- c:\users\missbollywood\AppData\Local\Adobe

2009-09-22 22:10 . 2009-09-22 22:11 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller

2009-09-22 22:10 . 2009-10-11 20:37 -------- d-----w- c:\programdata\WLInstaller

2009-09-22 21:05 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll

2009-09-22 20:35 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin

2009-09-22 20:09 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll

2009-09-22 20:07 . 2009-09-22 20:07 -------- d-----w- c:\program files\MSXML 4.0

2009-09-22 20:07 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-09-22 20:07 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-09-22 20:07 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-09-22 20:07 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-09-22 20:07 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-09-22 20:07 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-09-22 20:07 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-09-22 20:07 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-09-22 20:07 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-09-22 20:07 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe

2009-09-22 20:06 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll

2009-09-22 20:03 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2009-09-22 20:03 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll

2009-09-22 20:03 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-22 20:03 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll

2009-09-22 20:03 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-09-22 20:03 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll

2009-09-22 20:03 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll

2009-09-22 20:03 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe

2009-09-22 20:01 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll

2009-09-22 20:01 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2009-09-22 20:01 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll

2009-09-22 20:01 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll

2009-09-22 20:01 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll

2009-09-22 20:01 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll

2009-09-22 20:01 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-09-22 20:01 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-09-22 20:01 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll

2009-09-22 20:01 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-09-22 20:01 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-09-22 20:01 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll

2009-09-22 20:01 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll

2009-09-22 20:00 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll

2009-09-22 20:00 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys

2009-09-22 20:00 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-09-22 20:00 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll

2009-09-22 20:00 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll

2009-09-22 20:00 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-09-22 20:00 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-09-22 19:51 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-09-22 19:46 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe

2009-09-22 19:46 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll

2009-09-22 19:46 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll

2009-09-22 19:46 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll

2009-09-22 19:45 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll

2009-09-22 19:45 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll

2009-09-22 19:45 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll

2009-09-22 19:45 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll

2009-09-22 19:45 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe

2009-09-22 19:28 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-22 19:28 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-22 19:28 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-22 19:28 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-22 19:28 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-22 19:28 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-09-22 19:28 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-22 18:35 . 2009-09-22 18:35 -------- d-----w- c:\program files\Winbond Electronics Corporation

2009-09-22 18:35 . 2009-09-22 18:35 -------- d---a-w- c:\windows\CIR

2009-09-22 18:35 . 2009-09-29 21:53 -------- d-----w- c:\programdata\NVIDIA

2009-09-22 17:59 . 2008-01-16 16:35 44544 ----a-w- c:\windows\system32\msxml4a.dll

2009-09-22 17:58 . 2009-09-30 16:19 -------- d-----w- c:\users\missbollywood\AppData\Local\PlayMovie

2009-09-22 17:57 . 2009-10-03 18:40 -------- d-----w- c:\users\missbollywood\AppData\Local\PowerCinema

2009-09-22 17:57 . 2009-09-24 00:34 -------- d-----w- c:\programdata\CyberLink

2009-09-22 17:54 . 2009-09-22 18:00 -------- d-----w- c:\program files\Acer Arcade Deluxe

2009-09-22 17:52 . 2009-09-22 17:52 -------- d-----w- c:\program files\Acer Inc

2009-09-22 17:50 . 2009-09-22 17:50 -------- d-----w- c:\program files\Launch Manager

2009-09-22 17:49 . 2008-06-30 15:56 200704 ----a-w- c:\windows\PLFSetI.exe

2009-09-22 17:49 . 2008-05-20 07:57 262144 ----a-w- c:\windows\Acer Crystal Eye webcam.EXE

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-11 20:13 . 2009-09-29 21:53 28599 ----a-w- c:\programdata\nvModes.dat

2009-10-09 23:21 . 2008-01-21 06:47 667352 ----a-w- c:\windows\system32\perfh013.dat

2009-10-09 23:21 . 2008-01-21 06:47 126854 ----a-w- c:\windows\system32\perfc013.dat

2009-10-06 20:06 . 2009-09-22 17:32 1356 ----a-w- c:\users\missbollywood\AppData\Local\d3d9caps.dat

2009-10-01 14:57 . 2008-04-07 12:00 -------- d-----w- c:\program files\Common Files\InstallShield

2009-09-27 22:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2009-09-27 22:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2009-09-27 22:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-09-27 22:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2009-09-27 22:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2009-09-27 22:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2009-09-27 22:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2009-09-22 22:57 . 2009-09-22 17:32 71280 ----a-w- c:\users\missbollywood\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-22 22:46 . 2008-04-07 12:49 -------- d-----w- c:\programdata\Microsoft Help

2009-09-22 22:45 . 2008-04-07 12:51 -------- d-----w- c:\program files\Microsoft Works

2009-09-22 18:00 . 2008-04-07 11:59 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-22 17:32 . 2008-04-07 12:11 -------- d-----w- c:\program files\Acer

2009-09-22 16:44 . 2009-09-22 16:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf

2009-09-05 12:25 . 2009-09-05 12:25 1183744 ----a-w- c:\windows\system32\drivers\athr.sys

2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-21 21:52 . 2009-09-22 20:44 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-09-22 20:44 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-09-22 20:44 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-09-22 20:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-15 12:40 . 2009-09-22 20:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-07-15 12:39 . 2009-09-22 20:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-15 12:39 . 2009-09-22 20:02 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-07-15 12:39 . 2009-09-22 20:02 7680 ----a-w- c:\windows\system32\spwmp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IE Privacy Keeper"="d:\program files\UnH SolutionsIE Privacy Keeper\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-12-03 1015808]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-16 821768]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]

"avast!"="d:\progra~1\ALWILS~1\ashDisp.exe" [2009-09-15 81000]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-22 149280]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-17 13552160]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-17 92704]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OpwareSE4"="c:\program files\ScanSoft\priter\OpwareSE4.exe" [2007-02-04 79400]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-20 6144000]

"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:79,93,5f,39,6a,40,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{6B5AD9BF-91E0-4227-B146-CDCC15A56207}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{C965CFC6-84A4-4F54-A71D-EE1122AAFB1A}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{1B93C2B8-03F2-41F9-9F3B-2484E7C3FD88}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{8D2A5454-7499-4136-814F-4B2DEC3146FC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{82818C65-230A-4FAC-9B6C-7B8E1DDC43B4}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{A0CAEF45-7D24-41E4-A2C0-B95C73FD446A}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{352E2D9B-F0CF-4160-BCE7-47AE6CD505AE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{8FCD6FBD-6043-433C-B082-4EA54E8F5C40}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{FA99614E-9079-47FD-B041-FA304F014EC4}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{A99E79CF-0F9E-4403-B258-D4FE7DE47D49}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{E1782699-DEEA-4682-9031-7D57D62123EE}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{A78A7BB3-762B-46C4-B527-80A320366E0F}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{F838EB95-9DA7-4536-AB14-9826E3131E90}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{343DA92B-E070-4D10-8C11-4E53A94F11C6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{04774619-BBBD-4552-9E96-B8F34FC8B478}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{6134C2EE-CD89-44C5-A23E-EFFCC0347346}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [22-9-2009 21:28 114768]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [22-9-2009 19:58 61424]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [22-9-2009 21:28 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [22-9-2009 21:28 53328]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3-3-2008 13:11 16384]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [22-9-2009 19:59 81504]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [7-4-2008 14:11 24576]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25-4-2008 21:36 45056]

R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [22-9-2009 20:00 122368]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [7-4-2008 23:21 210432]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [23-7-2008 8:24 44064]

R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28-3-2007 7:51 43008]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25-4-2008 21:36 131072]

S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30-3-2009 16:28 1533808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2009-10-12 c:\windows\Tasks\User_Feed_Synchronization-{67EB4E3E-CEC7-4233-A647-E5020555F09D}.job

- c:\windows\system32\msfeedssync.exe [2009-09-22 20:13]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

mStart Page = hxxp://nl.intl.acer.yahoo.com

.

- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-eRecoveryService - (no file)

AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-10-12 14:23

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2009-10-12 14:25

ComboFix-quarantined-files.txt 2009-10-12 12:25

Pre-Run: 95.684.366.336 bytes beschikbaar

Post-Run: 95.657.713.664 bytes beschikbaar

286 --- E O F --- 2009-10-02 23:28

de combofix file

---------- Post toegevoegd om 14:36 ---------- Vorige post was om 14:32 ----------

dit bestand kan ik niet vinden C:\PrograA

---------- Post toegevoegd om 14:38 ---------- Vorige post was om 14:36 ----------

en dit is de hijack file

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:37:33, on 12-10-2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

D:\program files\Alwil Software\ashDisp.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\ScanSoft\priter\OpWareSE4.exe

D:\program files\UnH SolutionsIE Privacy Keeper\IE Privacy Keeper\IEPrivacyKeeper.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

D:\program files\Nieuwe map\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE Systemboot

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\priter\OpwareSE4.exe"

O4 - HKCU\..\Run: [iE Privacy Keeper] "D:\program files\UnH SolutionsIE Privacy Keeper\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\program files\Alwil Software\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\program files\Alwil Software\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\program files\Alwil Software\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\program files\Alwil Software\ashWebSv.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 7837 bytes

[kape]

Combofix heeft weer wat "beestjes" opgeruimd. Maakt dat enig verschil ? Anders lijkt de fout niet te zoeken te zijn in malware ?

[misteragga]

hmm ik merk wel wat verschil maar ik weet niet of mij laptop opnieuw opstart kon het niet gezien woorde in de logjes waarom de laptop niet opnieuw opstart? of zal ik het proberen om te kijken of die nu wel opnieuw opstart?

---------- Post toegevoegd om 18:07 ---------- Vorige post was om 18:05 ----------

mij cpu gedraagt zich ook raar als ik explorer opstart dan gaat de cpu in een keer omhoog en omlaag ik weet dat explorer veel proces vermogen vraagt maar ik weet ook weer niet of het te veel is wat die nu neemt

[kape]

hmm ik merk wel wat verschil maar ik weet niet of mij laptop opnieuw opstart kon het niet gezien woorde in de logjes waarom de laptop niet opnieuw opstart? of zal ik het proberen om te kijken of die nu wel opnieuw opstart?

Om zeker te weten moet je natuurlijk opstarten, logjes zeggen niet alles.

[misteragga]

oke maar ik heb wel alles gedaan wat er werd gezegt ik vind wel resultaten het sneler reageren en dergelijke alles wat niet goed was is verwijderd registersleutels enz

maar ik had nog wel een vraagje ik heb een nog een laatste pc die na gekeken moet woorde met de hijack log enz maar moet ik daar weer een nieuwe forum voor openen

of kan ik dat gewoon hier doen?

[kape]

Daar maak je best een nieuw onderwerp voor aan, om duidelijk het verschil tussen de PC's te laten zien.

[misteragga]

oke dan ga ik dat nu evetjes doen en deze forum laten sluiten 1000 maal dank