Computer wil soms niet starten

[compverl]

Hallo

Bij de geheugenscan kreeg ik een melding dat \boot\memtest.exe niet bestaat of beschadigd was.

De schijfcontrole had geen problemen gevonden.

Het comboFix logje:

ComboFix 11-10-20.05 - Dylan 20/10/2011 18:22:43.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.997 [GMT 2:00]

Gestart vanuit: c:\users\Dylan\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Dylan\Desktop\CFScript..txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\ConduitEngine.tmp"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Dylan\AppData\Local\Conduit

c:\windows\system32\ConduitEngine.tmp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-20 to 2011-10-20 ))))))))))))))))))))))))))))))

.

.

2011-10-20 16:34 . 2011-10-20 16:34 -------- d-----w- c:\users\Dylan\AppData\Local\temp

2011-10-20 16:34 . 2011-10-20 16:34 -------- d-----w- c:\users\Verlee Eric\AppData\Local\temp

2011-10-20 16:34 . 2011-10-20 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-20 16:16 . 2011-10-20 16:16 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AF37C54-D79A-4802-92B2-5A9FEA537821}\MpKsl8ee2ce72.sys

2011-10-20 16:16 . 2011-10-20 16:16 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AF37C54-D79A-4802-92B2-5A9FEA537821}\offreg.dll

2011-10-19 13:52 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AF37C54-D79A-4802-92B2-5A9FEA537821}\mpengine.dll

2011-10-17 16:17 . 2011-09-21 07:00 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-16 18:15 . 2011-09-01 02:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-16 18:15 . 2011-09-01 02:41 141088 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2011-10-16 18:15 . 2011-09-01 02:26 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2011-10-16 18:15 . 2011-09-01 02:35 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-10-16 18:15 . 2011-09-01 02:30 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2011-10-16 12:25 . 2011-10-04 15:22 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F14254B2-136A-4020-ACA2-20924665F2E4}\gapaengine.dll

2011-10-16 12:25 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-16 12:25 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-16 12:25 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-16 12:25 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-16 12:25 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-16 12:18 . 2011-10-16 12:19 -------- d-----w- c:\program files\Microsoft Security Client

2011-10-14 16:55 . 2011-10-14 16:55 -------- d-----w- c:\windows\Sun

2011-10-13 16:08 . 2011-09-01 02:23 1791488 ----a-w- c:\windows\system32\iertutil(356).dll

2011-10-13 16:08 . 2011-09-01 02:28 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-10-13 16:08 . 2011-09-01 02:28 1126912 ----a-w- c:\windows\system32\wininet(393).dll

2011-10-13 16:08 . 2011-09-01 02:24 716800 ----a-w- c:\windows\system32\jscript(358).dll

2011-10-13 16:08 . 2011-09-01 02:28 1102848 ----a-w- c:\windows\system32\urlmon(387).dll

2011-10-13 15:23 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32(373).dll

2011-10-13 15:23 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc(371).dll

2011-10-13 15:23 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc(372).dll

2011-10-12 17:50 . 2011-10-12 17:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-12 17:30 . 2011-10-12 17:30 -------- d-----w- c:\windows\Internet Logs

2011-10-12 17:09 . 2011-10-16 12:29 -------- d-----w- c:\program files\Comodo

2011-10-12 12:30 . 2011-10-12 12:30 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-10-12 12:29 . 2011-10-12 12:29 -------- d-----w- c:\programdata\Hitman Pro

2011-10-12 11:56 . 2011-10-12 11:56 -------- d-----w- c:\program files\iPod

2011-10-12 11:56 . 2011-10-12 11:58 -------- d-----w- c:\program files\iTunes

2011-10-12 11:50 . 2011-10-12 11:50 -------- d-----w- c:\program files\Bonjour

2011-10-11 15:15 . 2011-10-11 15:15 -------- d-----w- c:\users\Dylan\AppData\Local\SlimWare Utilities Inc

2011-10-11 15:15 . 2011-10-16 13:27 -------- d-----w- c:\program files\SlimComputer

2011-10-09 08:53 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-07 16:47 . 2011-10-07 16:47 33984 ----a-w- c:\windows\system32\cmdcsr(343).dll

2011-10-07 16:47 . 2011-10-07 16:47 300200 ----a-w- c:\windows\system32\guard32(354).dll

2011-10-05 15:53 . 2011-10-05 15:53 -------- d-----w- c:\users\Dylan\AppData\Roaming\CheckPoint

2011-10-05 15:25 . 2011-10-16 12:00 -------- d-----w- c:\users\UpdatusUser

2011-10-05 14:50 . 2011-10-07 15:02 -------- d-----w- c:\program files\Google

2011-10-04 16:00 . 2011-10-04 16:02 -------- d-----w- c:\program files\FileHippo.com

2011-10-02 15:40 . 2011-10-02 15:40 -------- d-----w- c:\users\Dylan\AppData\Roaming\Malwarebytes

2011-10-02 15:40 . 2011-10-02 15:40 -------- d-----w- c:\programdata\Malwarebytes

2011-10-02 15:40 . 2011-10-09 08:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-02 09:20 . 2011-10-06 14:50 -------- d-----w- c:\program files\EA GAMES

2011-10-01 17:02 . 2011-10-02 14:49 -------- d-----w- c:\users\Dylan\AppData\Roaming\PCToolsFirewallPlus

2011-10-01 12:48 . 2011-10-01 12:48 -------- d-----w- c:\program files\CheckPoint

2011-10-01 12:48 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2011-10-01 12:45 . 2011-10-01 12:45 -------- d-----w- c:\programdata\CheckPoint

2011-09-29 14:46 . 2011-09-29 14:46 -------- d-----w- c:\users\Dylan\AppData\Roaming\NVIDIA

2011-09-29 14:42 . 2011-09-29 15:38 -------- d-----w- c:\users\Dylan\AppData\Local\NVIDIA Corporation

2011-09-29 14:33 . 2011-08-03 11:50 66664 ----a-w- c:\windows\system32\nvshext.dll

2011-09-29 14:33 . 2011-08-03 11:50 599144 ----a-w- c:\windows\system32\nvvsvc.exe

2011-09-29 14:33 . 2011-08-03 11:50 2560616 ----a-w- c:\windows\system32\nvsvcr.dll

2011-09-29 14:33 . 2011-08-03 11:50 2558568 ----a-w- c:\windows\system32\nvsvc.dll

2011-09-29 14:33 . 2011-08-03 11:50 3730024 ----a-w- c:\windows\system32\nvcpl.dll

2011-09-29 14:33 . 2011-08-03 11:50 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-09-29 14:33 . 2011-08-03 11:50 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2011-09-29 14:28 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll

2011-09-29 14:28 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll

2011-09-29 14:28 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll

2011-09-29 14:28 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll

2011-09-29 14:28 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll

2011-09-29 14:28 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll

2011-09-29 14:28 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-09-29 14:28 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-09-29 14:28 . 2011-08-03 11:50 2412136 ----a-w- c:\windows\system32\nvapi.dll

2011-09-29 14:28 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll

2011-09-29 14:27 . 2011-09-29 14:40 -------- d-----w- C:\NVIDIA

2011-09-26 17:29 . 2011-09-26 17:29 -------- d-----w- c:\users\Dylan\AppData\Local\Mwt_Module

2011-09-26 17:26 . 2011-09-26 17:26 -------- d-----w- c:\users\Dylan\AppData\Roaming\Phoenix Contact

2011-09-26 17:25 . 2011-09-26 17:25 -------- d-----w- c:\users\Dylan\AppData\Roaming\Mwt Module

2011-09-26 17:12 . 2011-09-26 17:12 -------- d-----w- c:\users\Dylan\AppData\Local\Phoenix_Contact_GmbH_&_Co

2011-09-26 17:03 . 2011-09-26 17:03 -------- d-----w- c:\program files\Common Files\TCI Common Files

2011-09-26 17:02 . 2011-09-26 17:02 -------- d-----w- c:\windows\Downloaded Installations

2011-09-26 17:02 . 2011-09-26 17:03 -------- d-----w- c:\users\Dylan\AppData\Local\ApplicationHistory

2011-09-26 16:58 . 2011-09-26 16:58 -------- d-----w- c:\windows\system32\URTTEMP

2011-09-26 16:56 . 2011-09-26 16:56 -------- d-----w- c:\users\Dylan\AppData\Local\Phoenix Contact

2011-09-26 16:56 . 2011-09-26 16:56 -------- d-----w- c:\users\Dylan\AppData\Local\KW-Software

2011-09-26 16:51 . 2011-09-26 16:57 -------- d-----w- c:\program files\Common Files\ADE

2011-09-26 16:46 . 2011-09-26 17:03 -------- d-----w- c:\program files\Common Files\Phoenix Contact

2011-09-26 16:46 . 2011-09-26 17:03 -------- d-----w- c:\program files\Phoenix Contact

2011-09-26 16:46 . 2011-09-26 16:51 -------- d-----w- c:\programdata\ADE

2011-09-26 16:46 . 2011-09-26 16:49 -------- d-----w- c:\programdata\Phoenix Contact

2011-09-26 16:41 . 2011-09-26 16:41 -------- d-----w- c:\program files\WinPcap

2011-09-26 16:36 . 2011-09-26 16:36 -------- d-----w- c:\users\Dylan\AppData\Local\Downloaded Installations

2011-09-24 13:31 . 2011-10-16 12:29 -------- d-----w- c:\users\Dylan\AppData\Local\COMODO

2011-09-24 11:47 . 2011-09-24 11:48 -------- d-----w- c:\program files\Common Files\Adobe

2011-09-21 16:01 . 2011-10-12 17:40 129344 ----a-w- c:\windows\system32\drivers\sfi.dat

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-17 14:48 . 2011-09-17 14:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2011-09-02 15:16 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-08-23 19:08 . 2011-08-23 19:08 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-08-23 19:08 . 2011-08-23 19:08 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-08-23 19:08 . 2011-08-23 19:08 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-08-23 19:08 . 2011-08-23 19:08 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-08-23 19:08 . 2011-08-23 19:08 161792 ----a-w- c:\windows\system32\msls31.dll

2011-08-23 19:08 . 2011-08-23 19:08 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-08-23 19:08 . 2011-08-23 19:08 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-08-23 19:08 . 2011-08-23 19:08 367104 ----a-w- c:\windows\system32\html.iec

2011-08-23 19:08 . 2011-08-23 19:08 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-23 19:08 . 2011-08-23 19:08 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-23 19:08 . 2011-08-23 19:08 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-08-23 19:08 . 2011-08-23 19:08 152064 ----a-w- c:\windows\system32\wextract.exe

2011-08-23 19:08 . 2011-08-23 19:08 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-08-23 19:08 . 2011-08-23 19:08 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-08-23 19:08 . 2011-08-23 19:08 11776 ----a-w- c:\windows\system32\mshta.exe

2011-08-23 19:08 . 2011-08-23 19:08 101888 ----a-w- c:\windows\system32\admparse.dll

2011-08-23 19:08 . 2011-08-23 19:08 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-08-23 19:08 . 2011-08-23 19:08 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-08-23 19:07 . 2011-08-23 19:07 98816 ----a-w- c:\windows\system32\mfps.dll

2011-08-23 19:07 . 2011-08-23 19:07 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-08-23 19:07 . 2011-08-23 19:07 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-08-23 19:07 . 2011-08-23 19:07 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-08-23 19:07 . 2011-08-23 19:07 2873344 ----a-w- c:\windows\system32\mf.dll

2011-08-23 19:07 . 2011-08-23 19:07 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-08-23 19:07 . 2011-08-23 19:07 586240 ----a-w- c:\windows\system32\stobject.dll

2011-08-23 19:07 . 2011-08-23 19:07 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-08-23 19:07 . 2011-08-23 19:07 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-08-23 19:07 . 2011-08-23 19:07 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-08-23 19:07 . 2011-08-23 19:07 37376 ----a-w- c:\windows\system32\cdd.dll

2011-08-23 19:07 . 2011-08-23 19:07 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-08-23 19:07 . 2011-08-23 19:07 258048 ----a-w- c:\windows\system32\winspool.drv

2011-08-23 19:07 . 2011-08-23 19:07 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-08-23 19:07 . 2011-08-23 19:07 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-08-23 19:07 . 2011-08-23 19:07 4096 ----a-w- c:\windows\system32\drivers\nl-NL\dxgkrnl.sys.mui

2011-08-23 19:07 . 2011-08-23 19:07 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2011-08-23 19:07 . 2011-08-23 19:07 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2011-08-23 19:07 . 2011-08-23 19:07 252928 ----a-w- c:\windows\system32\dxdiag.exe

2011-08-23 19:07 . 2011-08-23 19:07 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2011-08-23 19:07 . 2011-08-23 19:07 519680 ----a-w- c:\windows\system32\d3d11.dll

2011-08-23 19:07 . 2011-08-23 19:07 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2011-08-23 19:07 . 2011-08-23 19:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2011-08-23 14:20 . 2006-11-02 02:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2011-08-23 14:20 . 2006-11-02 02:32 82432 ----a-w- c:\windows\system32\axaltocm.dll

2011-08-16 06:48 . 2011-09-16 15:02 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E7B0102-D00C-4731-AA33-EB2B0D02F664}\mpengine.dll

2011-08-03 11:50 . 2011-05-21 04:01 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-08-03 11:50 . 2007-04-12 07:07 12636776 ----a-w- c:\windows\system32\nvd3dum.dll

2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ledpointer"="CNYHKey.exe" [2006-11-09 5585408]

"MoLed"="ModLEDKey.exe" [2006-11-09 53248]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Targa VFD Display.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Targa VFD Display.lnk

backup=c:\windows\pss\Targa VFD Display.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Dylan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Dylan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-12-23 08:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

2009-04-07 08:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]

2008-11-06 00:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

2006-10-30 03:44 36864 ------r- c:\windows\JM\JMInsIDE.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-08-31 15:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 05:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-12-06 08:37 69216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2006-12-18 11:34 868352 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]

2007-05-08 08:22 155648 ------w- c:\program files\CyberLink\TV Enhance\TVEService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3941071071-2860450766-3604067163-1001]

"EnableNotificationsRef"=dword:00000001

.

R1 MpKsl1eebcc27;MpKsl1eebcc27;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{523A265F-FB06-4659-B4E4-618440FC1283}\MpKsl1eebcc27.sys [x]

R1 MpKsl77822db8;MpKsl77822db8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05AEC917-212B-4ECA-948E-592C427B385C}\MpKsl77822db8.sys [x]

R1 MpKslfa0e77f9;MpKslfa0e77f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC3E1723-BB30-488D-9FB8-19D942704302}\MpKslfa0e77f9.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-05 136176]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2010-05-16 35712]

R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-05 136176]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 rt70x86;RT2500 USB Wireless LAN Driver for Vista;c:\windows\system32\DRIVERS\netr70.sys [2010-04-27 306016]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 3964R;3964R Procotol Driver;DI [x]

R4 CheckStage2_svc;CheckStage2_svc;c:\windows\CheckStage2.exe [2007-03-12 462848]

R4 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-22 462336]

R4 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-05-08 299093]

R4 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2007-05-08 127059]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 MpKsl8ee2ce72;MpKsl8ee2ce72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AF37C54-D79A-4802-92B2-5A9FEA537821}\MpKsl8ee2ce72.sys [2011-10-20 28752]

S1 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-10-26 2814080]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-05-02 47360]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MPKSL8EE2CE72

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-19 c:\windows\Tasks\Epson Printer Software Downloader.job

- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]

.

2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-05 14:50]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-05 14:50]

.

2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3941071071-2860450766-3604067163-1000Core.job

- c:\users\Verlee Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 14:41]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3941071071-2860450766-3604067163-1000UA.job

- c:\users\Verlee Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 14:41]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3941071071-2860450766-3604067163-1001Core.job

- c:\users\Dylan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 15:24]

.

2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3941071071-2860450766-3604067163-1001UA.job

- c:\users\Dylan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 15:24]

.

2011-10-20 c:\windows\Tasks\User_Feed_Synchronization-{6E4C9ADC-CE74-4096-A936-B53E2F27F927}.job

- c:\windows\system32\msfeedssync.exe [2011-08-23 19:08]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.be/

uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 195.130.130.130 195.130.131.130

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-20 18:34

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

YŒŽNlŽÛlŽŽ [1871833346] 0x00720065

YŒŽNlŽÛlŽŽ [1871833346] 0x00650077

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\3964R]

"ImagePath"=hex:5c,00

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\3964R]

"ImagePath"=hex:5c,00

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:0000000f

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2011-10-20 18:37:35

ComboFix-quarantined-files.txt 2011-10-20 16:37

ComboFix2.txt 2011-10-19 13:51

.

Pre-Run: 314.049.392.640 bytes beschikbaar

Post-Run: 314.001.588.224 bytes beschikbaar

.

- - End Of File - - FD1B028229252AC6B5C91D949DB0CAD6

en het HijackThis logje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:50:20, on 20/10/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Windows\CNYHKey.exe

C:\Windows\ModLEDKey.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Dylan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dylan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dylan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\wuauclt.exe

C:\Users\Dylan\Downloads\HijackThis.exe

C:\Users\Dylan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [MoLed] ModLEDKey.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-21-3941071071-2860450766-3604067163-1006\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3941071071-2860450766-3604067163-1006\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 7073 bytes

MVG

20 oktober 2011 aangepast door compverl

[kweezie wabbit]

Hoe is het nu met het opstarten?

Als het nog niet is opgelost, kunnen we een malware besmetting nu wel uitsluiten als oorzaak van het probleem.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall (met spatie voor de /)

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

[compverl]

hallo

Ik heb het probleem inderdaad nog steeds.

Kan het te maken hebben met de \boot\memtest.exe fout die ik kreeg tijdens de geheugenscan bij opstart?

MVG

[clarkie]

Heb je memtest uitgevoerd vanaf cd-rom?

Met dit (klik erop) programma?

[compverl]

Ik heb het bestand gedownload, uitgepakt en op CD gezet.

Moet ik dan herstarten vanaf die CD?

MVG

[Asus]

De complete handleiding van Memtest vind je als je hier klikt.

[clarkie]

Dag compverl,

Hoe ver sta je met het oplossen van je probleem?

[compverl]

Heb al even niet meer gereageerd aangezien ik geen last meer had van het probleem.

Had dus een week geen problemen maar vandaag startte hij dus opnieuw niet meer.

Als ik het nog eens krijg voer ik een memtest uit.

[kweezie wabbit]

Hallo compverl,

Als je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop +Markeer als opgelost die je links onderaan kan terugvinden…zo blijft het voor iedereen overzichtelijk.

Uiteraard kan je in geval van nieuwe/andere problemen steeds weer een nieuw topic openen…