Ga naar inhoud

windows bevriest pc loopt vast


heavyrijn

Aanbevolen berichten

Al een aardig tijdje heb ik het probleem dat mijn pc op willekeurige momenten vast loopt. Ik kan er geen enkele logica in vinden. Het maakt niet uit welk programma er draaid en ook na welke tijd hij vast loopt is niet te zeggen, soms na een uur soms na anderhalve dag.

Ik kan daarna alleen door de startknop lang vast te houden de pc uitzetten, muis en toetsenbord werken niet. Beeld staat vast.

Ik dacht eerst dat mijn voeding het misschien niet aan kon dus die is vervangen voor een zwaardere. Toen dacht ik dat het met de temperatuur te maken had, maar ook die zijn goed. Toen aan de grafische kaart gedacht dus ook die vervangen voor een ander exemplaar. Misschien een conflict? Dus ook de aanwezig Psyh kaart (grafische ondersteuning) eruit gehaald. Maar nog steeds het probleem.

iemand enig idee? ik ben door mijn optie's heen.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:40:36, on 12-11-2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Sun Java Applet Plugin - {E9B1FB08-BA8C-4CDA-AF62-54FF3BAF941D} - (no file)

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{92664CB2-0E87-434F-A18A-0AFAB11CE4E4}: NameServer = 83.80.1.236

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--

End of file - 8925 bytes

Link naar reactie
Delen op andere sites

heb je al eens in het logboek van windows gekeken of er van het moment dat de pc vast gelopen is fouten terug te vinden zijn?

het logboek open je door naar start > uitvoeren te gaan en eventvwr in te typen

Link naar reactie
Delen op andere sites

Dat van dat logboek, moet je zeker eens doen. Maar ook dit :

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REGystem.ini: UserInit=C:\Windows\system32\userinit.exe

O2 - BHO: Sun Java Applet Plugin - {E9B1FB08-BA8C-4CDA-AF62-54FF3BAF941D} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

Beide bedankt voor de tips ik heb ze allemaal gevolgd en ben benieuwd of jullie wijzer worden:

eerst de nieuwe hijack file:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:44:58, on 13-11-2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{92664CB2-0E87-434F-A18A-0AFAB11CE4E4}: NameServer = 83.80.1.236

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

Dan de MBAM file:

Malwarebytes' Anti-Malware 1.41

Database versie: 3159

Windows 6.0.6002 Service Pack 2

13-11-2009 11:38:30

mbam-log-2009-11-13 (11-38-30).txt

Scan type: Snelle Scan

Objecten gescand: 97511

Verstreken tijd: 6 minute(s), 16 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 10

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 6

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\firstbho.helloworldbho (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\firstbho.helloworldbho.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eaa3f1ff-f1cc-46bf-85fa-197eebf3b524} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{07d3626d-10c6-4d84-820c-2f4fdcafab02} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b1892f58-1116-4dec-92aa-577872ec3d3d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9b1fb08-ba8c-4cda-af62-54ff3baf941d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{B5BB60EE-125B-40AB-AAA5-A4E194973C95} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\FirstBHO.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

C:\Windows\System32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\TDSSfopt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Windows\System32\TDSSqycx.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Windows\System32\TDSSrfpp.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Windows\System32\TDSSsbxq.log (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Windows\System32\TDSStmei.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

En als laatste heb ik gekeken aan de hand van de tip van acidburn, ik kan zien dat mijn syssteem vannacht om 3:55:59 is vastgelopen met de volgende melding:

-Provider[ Name] EventLog

-EventID6008[ Qualifiers] 32768

Level2Task0Keywords0x80000000000000-TimeCreated[ SystemTime] 2009-11-13T07:25:55.000Z

EventRecordID143830ChannelSystemSecurity-EventData

3:55:5913-11-200927915D9070B0005000D00030037003B006C01D9070B0005000D00020037003B006C013C0000003Corden

0000: 000B07D9 000D0005 00370003 016C003B

0008: 000B07D9 000D0005 00370002 016C003B

0010: 0000003C 0000003C 00000000 00000000

0018: 00000000 00000000 00000001 00000000

In bytes

0000: D9 07 0B 00 05 00 0D 00 Ù.......

0008: 03 00 37 00 3B 00 6C 01 ..7.;.l.

0010: D9 07 0B 00 05 00 0D 00 Ù.......

0018: 02 00 37 00 3B 00 6C 01 ..7.;.l.

0020: 3C 00 00 00 3C 00 00 00 <...<...

0028: 00 00 00 00 00 00 00 00 ........

0030: 00 00 00 00 00 00 00 00 ........

0038: 01 00 00 00 00 00 00 00 ........

Alvast bedankt :pcguru:

aangepast door kape
Link naar reactie
Delen op andere sites

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie
Delen op andere sites

bij deze de logfile:

ComboFix 09-11-13.04 - Ronald 13-11-2009 13:44.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3071.1240 [GMT 1:00]

Gestart vanuit: c:\users\Ronald\Desktop\ComboFix.exe

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-4060813364-1588525921-3965868854-1000

c:\windows\patchw32.dll

c:\windows\pw32a.dll

c:\windows\system32\dumphive.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

G:\autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_OREANS32

-------\Service_oreans32

(((((((((((((((((((( Bestanden Gemaakt van 2009-10-13 to 2009-11-13 ))))))))))))))))))))))))))))))

.

2009-11-13 12:52 . 2009-11-13 12:57 -------- d-----w- c:\users\Ronald\AppData\Local\temp

2009-11-13 10:29 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-13 10:29 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-13 10:29 . 2009-11-13 10:29 4045528 ----a-w- C:\mbam-setup.exe

2009-11-13 08:40 . 2009-11-09 17:41 4026136 ----a-w- c:\programdata\avg9\update\backup\avgui.exe

2009-11-13 08:40 . 2009-11-09 17:41 2016536 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe

2009-11-13 08:40 . 2009-11-09 17:41 1257240 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe

2009-11-13 08:40 . 2009-11-04 15:37 600344 ----a-w- c:\programdata\avg9\update\backup\avgnsx.exe

2009-11-13 08:40 . 2009-11-09 17:41 3963672 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

2009-11-13 08:40 . 2009-11-04 15:37 496920 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll

2009-11-11 20:05 . 2009-11-11 20:05 -------- d-----w- c:\program files\NVIDIA Corporation

2009-11-11 19:54 . 2009-11-11 19:54 -------- d-----w- c:\users\Ronald\{afab2d04-2215-42cf-b4ca-94d3f2f312fe}

2009-11-11 19:44 . 2009-11-11 19:44 490088 ----a-w- c:\windows\system32\nvudisp.exe

2009-11-11 19:27 . 2009-11-11 19:27 -------- d-----w- c:\program files\SystemRequirementsLab

2009-11-11 17:54 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys

2009-11-11 17:52 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

2009-11-09 17:41 . 2009-11-04 15:37 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys

2009-11-09 17:40 . 2009-11-04 15:37 610072 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe

2009-11-09 17:40 . 2009-11-04 15:37 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll

2009-11-09 16:20 . 2009-11-13 12:56 4096 d-----w- c:\programdata\NVIDIA

2009-11-09 16:16 . 2009-11-11 20:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-11-09 16:13 . 2009-09-24 08:24 490088 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-11-09 16:12 . 2009-11-11 19:43 -------- d-----w- C:\NVIDIA

2009-11-07 13:43 . 2009-11-07 13:43 -------- d-----w- c:\programdata\WindowsSearch

2009-11-04 15:37 . 2009-11-06 19:44 -------- d-----w- C:\$AVG

2009-11-04 15:37 . 2009-11-04 15:37 4096 d-----w- c:\programdata\avg9

2009-11-01 15:55 . 2009-11-01 18:34 -------- d-----w- C:\Top 40 week 44

2009-10-29 13:44 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll

2009-10-29 13:44 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-10-29 13:44 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll

2009-10-29 13:44 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-10-29 13:44 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll

2009-10-29 13:44 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-10-29 13:44 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll

2009-10-29 13:44 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll

2009-10-29 13:44 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe

2009-10-28 16:42 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe

2009-10-28 16:42 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-10-26 19:52 . 2009-03-27 00:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

2009-10-26 19:52 . 2009-10-26 19:52 -------- d-----w- c:\program files\CPUID

2009-10-23 18:24 . 1996-08-23 18:11 384512 ----a-w- c:\windows\system32\MFCO40.DLL

2009-10-23 18:24 . 1995-05-22 04:37 151040 ----a-w- c:\windows\system32\MFCO30.DLL

2009-10-23 18:24 . 1995-05-22 04:37 358400 ----a-w- c:\windows\system32\MFC30.DLL

2009-10-23 18:24 . 1999-08-24 08:12 40960 ----a-w- c:\windows\photo express 3.scr

2009-10-23 18:24 . 2009-10-23 18:24 -------- d-----w- c:\program files\Ulead Systems

2009-10-23 18:24 . 1998-11-13 11:08 308224 ----a-w- c:\windows\IsUn0413.exe

2009-10-22 18:48 . 2009-10-22 19:01 4096 d-----w- c:\program files\Microsoft Visual Studio 8

2009-10-22 17:13 . 2009-10-22 17:13 -------- d-----w- C:\office '07 blue-edition Luna

2009-10-18 09:13 . 2009-10-18 09:13 942840 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-10-15 17:50 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-10-15 17:49 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-10-15 17:49 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-10-15 17:44 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll

2009-10-15 17:44 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2009-10-15 17:43 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-13 12:56 . 2009-11-12 02:18 52910 ----a-w- c:\programdata\nvModes.dat

2009-11-13 12:53 . 2009-01-24 19:25 12 ----a-w- c:\windows\bthservsdp.dat

2009-11-13 12:38 . 2008-04-28 12:14 16384 d-----w- c:\users\Ronald\AppData\Roaming\uTorrent

2009-11-13 10:29 . 2008-07-04 11:40 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-12 19:19 . 2006-11-02 16:11 667114 ----a-w- c:\windows\system32\perfh013.dat

2009-11-12 19:19 . 2006-11-02 16:11 126648 ----a-w- c:\windows\system32\perfc013.dat

2009-11-12 02:15 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail

2009-11-11 20:02 . 2008-04-24 23:08 12288 d-----w- c:\program files\AGEIA Technologies

2009-11-11 19:52 . 2007-05-06 08:38 24576 d-----w- c:\programdata\Microsoft Help

2009-11-09 17:41 . 2009-08-12 18:17 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-09 16:06 . 2008-04-24 23:03 2032 ----a-w- c:\users\Ronald\AppData\Local\d3d9caps.dat

2009-11-07 18:05 . 2008-11-15 16:53 4096 d-----w- c:\program files\Common Files\AVSMedia

2009-11-07 18:05 . 2009-04-14 16:46 -------- d-----w- c:\program files\AVS4YOU

2009-11-04 15:37 . 2008-11-03 20:17 -------- d-----w- c:\program files\AVG

2009-11-04 15:37 . 2009-08-12 18:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-04 15:37 . 2009-08-12 18:16 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-04 15:37 . 2009-08-12 18:16 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-10-24 12:16 . 2008-04-24 23:07 137480 ----a-w- c:\users\Ronald\AppData\Local\GDIPFONTCACHEV1.DAT

2009-10-24 12:15 . 2008-12-01 15:48 4096 d-----w- c:\programdata\FLEXnet

2009-10-24 12:01 . 2009-06-04 14:32 4096 d-----w- c:\program files\Common Files\PX Storage Engine

2009-10-24 11:51 . 2007-05-06 08:42 8192 d-----w- c:\program files\Common Files\Adobe

2009-10-22 18:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild

2009-10-17 11:20 . 2008-11-25 20:01 -------- d-----w- c:\program files\Java

2009-10-16 09:46 . 2007-05-06 08:39 40960 d-----w- c:\program files\Microsoft Works

2009-10-01 08:29 . 2009-10-03 12:11 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-09-29 18:48 . 2009-09-24 18:50 -------- d-----w- c:\program files\Microsoft

2009-09-29 18:48 . 2009-09-29 18:48 -------- d-----w- c:\program files\Windows Live

2009-09-29 18:48 . 2009-09-29 18:48 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-09-29 18:46 . 2009-09-29 18:46 -------- d-----w- c:\program files\Common Files\Windows Live

2009-09-27 16:46 . 2009-09-27 16:46 4942440 ----a-w- c:\windows\system32\nvdisps.dll

2009-09-27 16:46 . 2009-09-27 16:46 13949544 ----a-w- c:\windows\system32\nvcpl.dll

2009-09-27 15:12 . 2009-09-27 15:12 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2009-09-27 15:12 . 2009-09-27 15:12 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll

2009-09-27 15:12 . 2009-09-27 15:12 2169448 ----a-w- c:\windows\system32\nvcuvid.dll

2009-09-27 15:12 . 2009-09-27 15:12 1997416 ----a-w- c:\windows\system32\nvcuda.dll

2009-09-27 15:12 . 2009-09-27 15:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcod167.dll

2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcod.dll

2009-09-27 15:12 . 2009-09-27 15:12 11197032 ----a-w- c:\windows\system32\nvoglv32.dll

2009-09-27 15:12 . 2009-09-27 15:12 10984 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2009-09-27 15:12 . 2009-02-09 12:18 7614056 ----a-w- c:\windows\system32\nvd3dum.dll

2009-09-27 15:12 . 2009-02-09 12:18 1074280 ----a-w- c:\windows\system32\nvapi.dll

2009-09-25 11:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2009-09-25 11:43 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar

2009-09-25 11:43 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration

2009-09-25 11:43 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal

2009-09-25 11:43 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery

2009-09-25 11:43 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender

2009-09-25 11:40 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-09-25 07:55 . 2009-09-25 07:55 -------- d-----w- c:\programdata\Office Genuine Advantage

2009-09-06 03:48 . 2009-09-06 03:48 1586528 ----a-w- c:\programdata\Adobe\Elements Organizer\8.0\Flash Galleries\Dynamic\flashplayer\windows\SAFlashPlayer.exe

2009-09-06 03:48 . 2009-09-06 03:48 83296 ----a-w- c:\programdata\Adobe\Elements Organizer\8.0\Slideshow Templates\yahoomap\resources\AuthSWF.exe

2009-08-29 00:27 . 2009-09-03 05:48 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-29 00:14 . 2009-09-03 05:48 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-27 05:22 . 2009-10-15 17:46 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-27 05:17 . 2009-10-15 17:46 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-08-27 05:17 . 2009-10-15 17:46 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-08-27 03:42 . 2009-10-15 17:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL

2008-10-29 09:10 . 2008-10-24 11:01 14094 ----a-w- c:\program files\browser.exe

2008-10-29 08:43 . 2008-10-29 08:44 13926 ----a-w- c:\program files\openurl.exe

2008-10-24 09:56 . 2008-10-24 09:53 64 ----a-w- c:\program files\desktop.url

2008-10-24 09:35 . 2008-10-24 09:50 8478 ----a-w- c:\program files\spelpunt.ico

2008-10-23 14:14 . 2008-10-23 14:43 16307608 ----a-w- c:\program files\java.exe

2008-07-22 01:51 . 2009-03-01 14:30 258190 ----a-w- c:\program files\eia-setup.jpg

2002-07-31 17:55 . 2009-08-04 13:02 106 --sh--w- c:\windows\WSYS049.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]

"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-12-11 2245992]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-23 4423680]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]

c:\users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-6 528384]

PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-5-6 200812]

Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe [2009-10-23 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Snelle start.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Snelle start.lnk

backup=c:\windows\pss\Adobe Reader Snelle start.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):53,75,08,2b,0d,3e,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12-8-2009 19:16 333192]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12-8-2009 19:17 360584]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [6-5-2007 9:52 266343]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [6-9-2009 5:06 169312]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4-11-2009 16:37 285392]

R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [26-10-2009 20:52 12672]

R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [18-5-2009 16:07 233472]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [6-11-2007 21:22 34064]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [27-9-2009 16:48 240232]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\System32\dllhost.exe [2-11-2006 9:50 7168]

R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30-3-2009 15:28 1533808]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [18-5-2009 16:07 36608]

R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20-12-2007 16:13 1558000]

S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]

S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [26-6-2008 2:29 21504]

S3 physX32;physX32;c:\windows\System32\drivers\physX32.sys [26-6-2007 10:15 117888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

getPlusHelper REG_MULTI_SZ getPlusHelper

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/ig

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: ziggo.nl\thuishelp

TCP: {92664CB2-0E87-434F-A18A-0AFAB11CE4E4} = 83.80.1.236

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

.

- - - - ORPHANS VERWIJDERD - - - -

SafeBoot-TDSSmbcb.sys

**************************************************************************

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden:

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(4400)

c:\windows\system32\MsnChatHook.dll

c:\windows\system32\ShowErrMsg.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\BatchCrypto.dll

c:\windows\system32\CryptoAPI.dll

c:\windows\system32\keyManager.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\acer\Empowering Technology\ePerformance\MemCheck.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\acer\Empowering Technology\eDataSecurity\eDSService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Norton Ghost\Agent\VProSvc.exe

c:\program files\AVG\AVG9\avgtray.exe

c:\windows\ehome\ehmsas.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\msdtc.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Voltooingstijd: 2009-11-13 14:09 - machine werd herstart

ComboFix-quarantined-files.txt 2009-11-13 13:08

Pre-Run: 121.846.292.480 bytes beschikbaar

Post-Run: 121.760.985.088 bytes beschikbaar

- - End Of File - - DB46B9FBE2EC6E4EF20CF40FA3A7F2A6

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.