Muis Neemt Computer Over

[Gast SWAT4]

Hallo,

Sinds gisteren heb ik last van mijn muis, hij klikt zomaar op icoontjes op mijn bureaublad of als ik ergens op klik dan gebeurt er helemaal niks, of soms bij dubbelklik moet ik nu 3x klikken om iets te openen. Ook beweegt de muis soms vanzelf over de computer heen als ik iets aan het doen ben. Dat is dus heel vervelend want gisteren bijvoorbeeld was ik een belangrijke e-mail aan het schrijven en klikte de muis gewoon het venster weg. Gelukkig was er nog wel een concept opgeslagen maar ik wil dat mijn muis gewoon weer normaal doet als hiervoor. Hopelijk kunnen jullie mij hiermee helpen.

Ik heb hier alvast een HijackThis Log :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:13:51, on 15-6-2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Registry Tool\RegistryTool.exe

C:\Program Files (x86)\VIPRE Antivirus Premium\SBAMTray.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\Windows\PLFSetI.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Handy Backup\hbagent.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\Delano\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Delano\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Delano\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\VLC\vlc.exe

C:\Program Files (x86)\SUPERAntiSpywarePro\SUPERAntiSpyware.exe

C:\Users\Delano\Desktop\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sBAMTray] "C:\Program Files (x86)VIPRE Antivirus Premium\SBAMTray.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [Handy Backup] C:\Program Files (x86)\Handy Backup\hbagent.exe -logon

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Delano\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpywarePro\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files (x86)\SUPERAntiSpyware Pro\SASCORE64.EXE (file missing)

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Novosoft Backup Network Coordinator (NovosoftBackupNetworkCoordinator) - Novosoft LLC - C:\Program Files (x86)\Handy Backup\BackupNetworkCoordinator.exe

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\VIPRE Antivirus Premium\SBAMSvc.exe

O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files (x86)\VIPRE Antivirus Premium\SBPIMSvc.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 11492 bytes

Alvast bedankt

15 juni 2011 aangepast door SWAT4

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[Gast SWAT4]

Sorry voor de late reactie, ik moest weg en ik ben nu pas terug.

Hier zijn de Logs :

Malwarebytes' Anti-Malware 1.51.0.1200

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: 6859

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

15-6-2011 17:49:22

mbam-log-2011-06-15 (17-49-22).txt

Scantype: Snelle scan

Objecten gescand: 174936

Verstreken tijd: 5 minuut/minuten, 18 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

-------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:51:08, on 15-6-2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Registry Tool\RegistryTool.exe

C:\Program Files (x86)\VIPRE Antivirus Premium\SBAMTray.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\Windows\PLFSetI.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Handy Backup\hbagent.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\Delano\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Delano\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\SUPERAntiSpywarePro\SUPERAntiSpyware.exe

C:\Users\Delano\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Delano\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Delano\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\VLC\vlc.exe

C:\Users\Delano\Desktop\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sBAMTray] "C:\Program Files (x86)\VIPRE Antivirus Premium\SBAMTray.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [Handy Backup] C:\Program Files (x86)\Handy Backup\hbagent.exe -logon

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Delano\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpywarePro\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files (x86)\SUPERAntiSpyware Pro\SASCORE64.EXE (file missing)

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Novosoft Backup Network Coordinator (NovosoftBackupNetworkCoordinator) - Novosoft LLC - C:\Program Files (x86)\Handy Backup\BackupNetworkCoordinator.exe

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\VIPRE Antivirus Premium\SBAMSvc.exe

O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files (x86)\VIPRE Antivirus Premium\SBPIMSvc.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 11388 bytes

15 juni 2011 aangepast door SWAT4

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[Gast SWAT4]

ComboFix 11-06-15.02 - Delano 16-06-2011 0:01:06.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.4091.2832 [GMT 2:00]

Gestart vanuit: C:\Users\Delano\Desktop\ComboFix.exe

AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files (x86)\Downloaded Installers

C:\Program Files (x86)\Downloaded Installers\{2D2DC4EB-3370-49DE-B9C3-3C4573BA82E7}\setup.msi

C:\Users\Delano\AppData\Roaming\.#

C:\Users\Delano\AppData\Roaming\.#\MBX@12BC@3E2770.###

C:\Users\Delano\AppData\Roaming\.#\MBX@12BC@3E27A0.###

C:\Users\Delano\AppData\Roaming\.#\MBX@1328@3F2770.###

C:\Users\Delano\AppData\Roaming\.#\MBX@1328@3F27A0.###

C:\Users\Delano\AppData\Roaming\.#\MBX@B9C@322770.###

C:\Users\Delano\AppData\Roaming\.#\MBX@B9C@3227A0.###

C:\Users\Delano\AppData\Roaming\EurekaLog

C:\Users\Delano\AppData\Roaming\EurekaLog\cleaner8\BugReport.zip

C:\Users\Delano\AppData\Roaming\EurekaLog\EurekaLog.ini

C:\Users\Delano\AppData\Roaming\Microsoft\~DFKd0d09a5.tmp

C:\Users\Delano\AppData\Roaming\Microsoft\1eaadjc.dll

C:\Users\Delano\AppData\Roaming\Microsoft\bass.dll

C:\Users\Delano\AppData\Roaming\Microsoft\kfgresk.dll

C:\Users\Delano\AppData\Roaming\Microsoft\mjcriu.dll

C:\Users\Delano\AppData\Roaming\Microsoft\peaadje.dll

C:\Users\Delano\AppData\Roaming\Microsoft\qwadjb.dll

C:\Users\Delano\AppData\Roaming\Microsoft\rsaadjd.dll

C:\Users\Delano\AppData\Roaming\ubot

C:\Windows\SysWow64\Packet.dll

C:\Windows\SysWow64\pthreadVC.dll

C:\Windows\SysWow64\wpcap.dll

C:\Windows\twain_16.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_npf

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-15 to 2011-06-15 ))))))))))))))))))))))))))))))

2011-06-15 22:14:05 . 2011-06-15 22:14:05 -------- d-----w- C:\Users\Moekis\AppData\Local\temp

2011-06-15 22:14:05 . 2011-06-15 22:14:05 -------- d-----w- C:\Users\Default\AppData\Local\temp

2011-06-15 10:23:42 . 2011-06-15 10:23:42 -------- d-----w- C:\Users\Delano\AppData\Roaming\SUPERAntiSpyware.com

2011-06-15 10:23:36 . 2011-06-15 10:23:36 -------- d-----w- C:\ProgramData\!SASCORE

2011-06-15 08:59:50 . 2011-05-29 07:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-06 09:51:52 . 2011-06-15 10:36:53 -------- d-----w- C:\Users\Delano\AppData\Roaming\uTorrent

2011-05-30 08:24:08 . 2011-05-30 08:24:08 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll

2011-05-26 00:46:52 . 2011-05-26 00:46:52 -------- d-----w- C:\Users\Delano\AppData\Local\Rockstar Games

2011-05-25 21:13:56 . 2011-05-25 21:37:59 -------- d-----w- C:\Program Files (x86)\Eidos

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-05-29 07:11:20 . 2011-02-04 08:51:04 25912 ----a-w- C:\Windows\system32\drivers\mbam.sys

2011-05-04 12:32:14 . 2011-05-04 12:32:14 45904 ----a-w- C:\Windows\SysWow64\sbbd.exe

2011-05-04 12:32:14 . 2010-02-26 18:09:41 45904 ----a-w- C:\Windows\system32\sbbd.exe

2011-04-29 12:15:42 . 2011-04-29 12:15:42 101720 ----a-w- C:\Windows\SysWow64\drivers\SBREDrv.sys

2011-04-29 12:15:42 . 2011-02-12 12:08:13 55384 ----a-w- C:\Windows\system32\drivers\sbredrv.sys

2011-04-08 12:48:26 . 2011-04-08 12:48:26 71768 ----a-w- C:\Windows\system32\drivers\sbapifs.sys

2011-04-05 15:35:20 . 2011-05-10 21:24:21 60504 ----a-w- C:\Windows\system32\drivers\sbhips.sys

2011-04-05 15:35:20 . 2011-05-10 21:24:19 94296 ----a-w- C:\Windows\system32\drivers\sbtis.sys

2011-04-05 15:35:20 . 2011-05-10 21:24:01 253528 ----a-w- C:\Windows\system32\drivers\SbFw.sys

2010-01-26 09:11:08 . 2011-02-23 06:25:41 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-11 05:41:42 120104 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Handy Backup"="C:\Program Files (x86)\Handy Backup\hbagent.exe" [2009-10-23 14:36:06 4456120]

"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-07-10 13:55:58 2937528]

"SUPERAntiSpyware"="E:\SOFTWARE DATA\SUPERAntiSpywarePro\SUPERAntiSpyware.exe" [2011-01-15 13:34:00 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 22:42:32 261888]

"EgisTecLiveUpdate"="C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 21:09:34 199464]

"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2009-11-01 23:39:48 1094736]

"ArcadeDeluxeAgent"="C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 22:18:26 419112]

"Samsung PanelMgr"="C:\Windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-11 17:38:14 614400]

"SSDMonitor"="C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 16:05:30 112600]

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 12:49:28 249064]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 10:08:30 935288]

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 11:08:38 35696]

"SBAMTray"="C:\Program Files (x86)\VIPRE Antivirus Premium\SBAMTray.exe" [2011-05-04 12:55:48 1353040]

"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 07:11:28 449584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoThumbnailCache"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

R2 !SASCORE;SAS Core Service;C:\Program Files (x86)\SUPERAntiSpyware Pro\SASCORE64.EXE [x]

R2 ATE_PROCMON;ATE_PROCMON; [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 00:33:14 821664]

R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 23:18:47 136176]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 20:23:32 483688]

R3 EagleX64;EagleX64; [x]

R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 23:18:47 136176]

R3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 05:42:46 305448]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 00:31:46 50432]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 19:34:24 4925184]

R3 pwdrvio;pwdrvio;C:\Windows\system32\pwdrvio.sys [x]

R3 pwdspio;pwdspio;C:\Windows\system32\pwdspio.sys [x]

R3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver; [x]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys [x]

R3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys [x]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys [x]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]

S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);C:\Windows\system32\DRIVERS\tdrpm251.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpywarePro\SASDIFSV64.SYS [2010-02-17 18:23:05 14920]

S1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys [x]

S1 SBRE;SBRE;C:\Windows\system32\drivers\SBREdrv.sys [2011-04-29 12:15:42 55384]

S1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]

S2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-02-06 22:44:03 2326920]

S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 22:44:58 844320]

S2 FGUARD64;FGUARD64;C:\Program Files (x86)\Folder Guard\FGUARD64.SYS [2009-03-24 22:00:00 70224]

S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 09:38:58 1150496]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 07:11:28 366640]

S2 NovosoftBackupNetworkCoordinator;Novosoft Backup Network Coordinator;C:\Program Files (x86)\Handy Backup\BackupNetworkCoordinator.exe [2009-10-23 14:33:20 31928]

S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 22:42:28 62720]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 00:31:58 144640]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 12:27:22 632792]

S2 SBAMSvc;VIPRE Antivirus Premium;C:\Program Files (x86)\VIPRE Antivirus Premium\SBAMSvc.exe [2011-05-04 12:31:22 2804280]

S2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys [x]

S2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\VIPRE Antivirus Premium\SBPIMSvc.exe [2011-05-04 12:31:00 181584]

S2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [x]

S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 01:47:12 240160]

S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys [x]

S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x]

S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys [x]

S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 20:23:38 209768]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]

Inhoud van de 'Gedeelde Taken' map

2011-06-15 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 23:19:00 . 2011-02-24 23:18:47]

2011-06-15 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 23:19:00 . 2011-02-24 23:18:47]

2011-06-14 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3358612726-2057059430-2342561172-1001Core.job

- C:\Users\Delano\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-18 18:07:30 . 2010-02-18 18:07:27]

2011-06-15 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3358612726-2057059430-2342561172-1001UA.job

- C:\Users\Delano\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-18 18:07:30 . 2010-02-18 18:07:27]

2011-06-15 C:\Windows\Tasks\RegistryTool Startup.job

- C:\Program Files (x86)\Registry Tool\RegistryTool.exe [2011-01-27 11:50:18 . 2011-01-27 11:50:18]

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-11 05:44:06 137512 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="C:\ComboFix\CF18080.cfxxe" [X]

"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 02:03:32 186904]

"mwlDaemon"="C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 05:42:30 349480]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-10-03 20:01:00 16395880]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 02:32:06 8060960]

"PLFSetI"="C:\Windows\PLFSetI.exe" [2009-12-02 15:11:06 200704]

"Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 22:45:20 823840]

"Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 15:31:36 357384]

"FG_Monitor"="C:\Program Files (x86)\Folder Guard\FGKey64.exe" [2009-03-24 22:00:00 143688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

------- Bijkomende Scan -------

uStart Page = hxxp://google.nl/

uLocal Page = C:\Windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7736&r=27360210g716l0368z175t68k1a40r

mLocal Page = C:\Windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.254

FF - ProfilePath - C:\Users\Delano\AppData\Roaming\Mozilla\Firefox\Profiles\mt1p7zo6.default\

FF - prefs.js: browser.startup.homepage - google.nl

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-Locked - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe

[kape]

Hoe doet de muis het nu ?

[Gast SWAT4]

Het lijkt wat minder geworden, hij klikt nu bijvoorbeeld niet zomaar dingen weg of beweegt uit zichzelf, maar soms moet ik nog wel steeds in plaats van dubbelklik 3x klikken om iets te openen, of als ik een bestand/map sleep dat de muis vanzelf "los laat".

Wat zou ik nog meer kunnen doen om dit probleem te verhelpen ?

16 juni 2011 aangepast door SWAT4

[kape]

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

[Jean-Pierre]

Gaat het hier toevallig over een draadloze muis,zo ja kun je eens proberen de batterijtjes te vervangen en kijken of dit beterschap brengt.;-)

[Gast SWAT4]

Ik heb ComboFix verwijderd en CCleaner zijn werk laten doen.

Helaas gaat het niet om een draadloze muis..