computer traag

[geert14]

PC is nog steeds traag. Muziek of filmpjes afspelen lukt niet meer.

Kiwee toolbar en grafiekisolatie staan steeds bovenaan in de lijst vcan CPU gebruikers.

[kape]

PC is nog steeds traag. Muziek of filmpjes afspelen lukt niet meer. Kiwee toolbar en grafiekisolatie staan steeds bovenaan in de lijst vcan CPU gebruikers.

Waar duikt die Kiwee Toolbar nog op ? Want in alle voorgaande logs zijn alle verwijzingen naar deze toolbar verwijderd ?

[geert14]

Logs van comboFix en HijackThis nogmaals bijgevoegd.

ComboFix 10-01-25.01 - Gielis 25/01/2010 20:57:26.5.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1890 [GMT 1:00]

Gestart vanuit: c:\combofix\ComboFix.exe

gebruikte Opdracht switches :: ComboFix

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://au.download.windowsupdate.com

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-12-25 to 2010-01-25 ))))))))))))))))))))))))))))))

.

2010-01-25 20:13 . 2010-01-25 20:14 -------- d-----w- c:\users\Gielis\AppData\Local\temp

2010-01-25 20:13 . 2010-01-25 20:13 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-01-25 20:13 . 2010-01-25 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-01-13 12:09 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 12:09 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

2010-01-12 20:54 . 2010-01-12 20:54 -------- d-----w- c:\program files\Trend Micro

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-25 20:07 . 2008-10-29 19:14 -------- d-----w- c:\users\Gielis\AppData\Roaming\DNA

2010-01-25 19:35 . 2008-10-29 19:14 -------- d-----w- c:\program files\DNA

2010-01-25 16:57 . 2009-09-21 19:52 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-01-24 20:45 . 2006-11-02 16:11 667352 ----a-w- c:\windows\system32\perfh013.dat

2010-01-24 20:45 . 2006-11-02 16:11 126854 ----a-w- c:\windows\system32\perfc013.dat

2010-01-22 15:46 . 2009-03-27 20:55 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-21 15:51 . 2008-02-20 08:20 141678 ----a-w- c:\users\Gielis\AppData\Roaming\nvModes.dat

2010-01-15 20:26 . 2009-05-04 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-14 21:15 . 2008-03-08 12:04 -------- d-----w- c:\users\Gielis\AppData\Roaming\OpenOffice.org2

2010-01-14 15:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-01-14 10:12 . 2009-10-04 18:24 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-07 15:07 . 2009-05-04 19:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 15:07 . 2009-05-04 19:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-02 06:38 . 2010-01-22 15:55 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32 . 2010-01-22 15:55 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32 . 2010-01-22 15:55 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57 . 2010-01-22 15:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-30 21:10 . 2008-05-07 19:08 -------- d-----w- c:\program files\Google

2009-12-28 14:30 . 2008-10-29 19:36 -------- d-----w- c:\users\Gielis\AppData\Roaming\BitTorrent

2009-12-26 21:37 . 2008-06-26 11:39 -------- d-----w- c:\programdata\pdf995

2009-12-25 11:03 . 2008-07-21 17:31 -------- d-----w- c:\users\Gielis\AppData\Roaming\gtk-2.0

2009-12-24 12:12 . 2009-12-24 12:12 658696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-15 10:00 . 2009-04-19 19:33 1369143 ----a-w- c:\users\Gielis\AppData\Roaming\mdbu.bin

2009-12-14 20:24 . 2009-12-14 20:24 -------- d-----w- c:\programdata\WD_SmartWareCommon

2009-12-14 20:20 . 2009-12-14 20:20 -------- d-----w- c:\users\Gielis\AppData\Roaming\Western Digital

2009-12-14 20:20 . 2009-12-14 20:20 -------- d-----w- c:\programdata\Western Digital

2009-12-14 20:18 . 2009-12-14 20:18 -------- d-----w- c:\program files\Western Digital

2009-12-13 13:57 . 2009-12-13 13:52 -------- d-----w- c:\programdata\PCPitstop

2009-12-13 13:52 . 2009-12-13 13:52 -------- d-----w- c:\users\Gielis\AppData\Roaming\PCPitstop

2009-12-13 13:52 . 2009-12-13 13:52 -------- d-----w- c:\program files\PCPitstop

2009-12-10 11:09 . 2007-07-27 22:29 -------- d-----w- c:\programdata\Microsoft Help

2009-12-07 21:02 . 2009-12-07 20:07 -------- d-----w- c:\program files\MSECACHE

2009-12-07 20:08 . 2009-12-07 20:08 3584 ----a-r- c:\users\Gielis\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2009-12-07 20:08 . 2009-12-07 20:08 -------- d-----w- c:\program files\Windows Installer Clean Up

2009-12-06 09:51 . 2009-12-06 09:51 -------- d-----w- c:\program files\Teach2000

2009-12-05 20:46 . 2009-12-05 20:46 -------- d-----w- c:\users\Gielis\AppData\Roaming\Relux Informatik AG

2009-12-05 20:43 . 2009-12-05 20:41 -------- d-----w- c:\program files\ReluxSuite

2009-11-17 16:37 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-09 12:31 . 2009-12-10 11:10 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-11-09 12:30 . 2009-12-10 11:10 30720 ----a-w- c:\windows\system32\httpapi.dll

2009-11-09 10:36 . 2009-12-10 11:10 411648 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-31 09:30 . 2009-02-21 15:14 30544 ----a-w- c:\windows\dirdib.drv

2009-10-31 09:30 . 2009-02-21 15:14 30464 ----a-w- c:\windows\macromix.dll

2009-10-29 09:17 . 2009-11-26 15:39 2048 ----a-w- c:\windows\system32\tzres.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-14 323392]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-08-15 772616]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-25 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-25 8433664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-25 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-16 77824]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\users\Gielis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-27 535336]

InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-2-20 98304]

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:52,90,94,b7,1c,3e,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1403617646-2540248712-1947705427-1000]

"EnableNotificationsRef"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15/07/2008 8:58 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [31/01/2009 12:16 108552]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [19/02/2008 16:53 13560]

R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [4/11/2008 17:10 10240]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [15/07/2008 8:58 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15/07/2008 8:58 297752]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14/10/2009 14:31 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 9:58 20480]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [28/07/2007 6:47 32256]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [23/05/2008 18:03 21504]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [26/09/2009 19:41 54632]

S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 21:48 704864]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [13/02/2009 12:02 11520]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [13/12/2009 14:52 85504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://nl.intl.acer.yahoo.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

Trusted Zone: dexia.be\directnet

DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll

DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll

.

- - - - ORPHANS VERWIJDERD - - - -

URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-01-25 21:14

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2010-01-25 21:22:18

ComboFix-quarantined-files.txt 2010-01-25 20:22

ComboFix2.txt 2010-01-17 19:57

ComboFix3.txt 2010-01-16 21:05

ComboFix4.txt 2010-01-16 19:47

ComboFix5.txt 2010-01-25 19:54

Pre-Run: 14.961.745.920 bytes beschikbaar

Post-Run: 14.870.392.832 bytes beschikbaar

- - End Of File - - 145B90293672047AE3BB05E3CC4D8532

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:42:09, on 25/01/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Users\Gielis\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland

R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260601001359

O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll

O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11068 bytes

[kape]

Nog steeds geen verdere sporen te ontdekken

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download Findykill en laat dit programma runnen. Kies voor de optie 1 en plaats dan het logje in je volgende bericht.

[geert14]

Item R3... verwijderd met Hijackthis.

Log van Findykill bijgevoegd.

----------------- FindyKill V4.005 ------------------

* User : Gielis - PC_VAN_GIELIS

* Emplacement : C:\Program Files\FindyKill

* Outils Mis a jours le 17/10/08 par Chiquitine29

* Recherche effectuée à 22:15:25 le wo 27/01/2010

* Windows_NT - Internet Explorer 8.0.6001.18882

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\AGI\common\win32\PythonService.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Windows\system32\taskmgr.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\svchost.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Windows\System32\mobsync.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conime.exe

C:\Users\Gielis\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

»»»» Presence des fichiers dans C:\Windows\system32

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans C:\Users\Gielis\AppData\Roaming

»»»» Presence des fichiers dans C:\Users\Gielis\AppData\Local\Temp

--------------- [ Registre / Startup ] ----------------

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide

RtHDVCpl REG_SZ RtHDVCpl.exe

eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

eAudio REG_SZ "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe

PlayMovie REG_SZ "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe

PLFSetL REG_SZ C:\Windows\PLFSetL.exe

Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe

Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe

Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime

AVG8_TRAY REG_SZ C:\PROGRA~1\AVG\AVG8\avgtray.exe

SSBkgdUpdate REG_SZ "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

OpwareSE4 REG_SZ "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\not active

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe

BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"

WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

--------------- [ Registre / Clés infectieuses ] ----------------

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 Demande=3 Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - vast station

D: - vast station

+- presence des fichiers :

--------------- [ Registre / Moutpoint2 ] ----------------

-> Recherche négative.

------------------- ! Fin du rapport ! --------------------

[kape]

OK, prima. Wil je nu eens hetzelfde doen maar met optie 2. En daarna even laten weten of er verschil merkbaar is ?

[geert14]

Nog steeds geen verbetering merkbaar en kiwee toolbar blijft nog steeds opduiken.

Weet gij wat dit progammatje eigenlijk is?

Als ik de kiwee toolbar via de taskmanager kill gaat het iets beter maar nog steeds traag. Muziek of filmpjes geven nog steeds problemen. Grafiekisolatie vraagt dan regelmatig veel van de CPU.

[kweezie wabbit]

Misschien heb je hier wat aan.

Wat is de Kiwee toolbar?

Kiwee toolbar verwijderen.

[geert14]

Kiwee toolbar is verwijderd, maar PC blijft traag

[kweezie wabbit]

Misschien kan een registerschoonmaak helpen.

Download CCleaner. Klik op deze pagina op één van de mirrorsites van MajorGeeks en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.