Compu loopt vast

[henko]

Hallo beste mensen,

Ik hoop dat jullie mij kunnen helpen...

Mijn pc loopt sinds een aantal dagen om een bepaalde tijd vast. Eerst reageerd de muis niet en daarna laat het toetsenbord het ook afweten. Ik heb de laatste niks nieuws geinstalleerd, of iets wat daarmee te maken zou kunnen hebben.

Diverse scans gedaan: AVG, HitmanPro, search en destroy, secure -F, Malwarebytes en ad- aware se.

Hieronderstaande plak ik even mn logfile:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:08:54, on 24-2-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\csrss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\Windows Defender\MsMpEng.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\Program Files\Internet Explorer\IEXPLORE.EXE

H:\WINDOWS\arservice.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\eHome\ehRecvr.exe

H:\WINDOWS\eHome\ehSched.exe

H:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

H:\Program Files\Common Files\BinarySense\hldasvc.exe

H:\Program Files\Common Files\BinarySense\hldasvc.exe

H:\Program Files\Microsoft LifeCam\MSCamS32.exe

H:\WINDOWS\ehome\ehtray.exe

H:\WINDOWS\ARPWRMSG.EXE

H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

H:\Program Files\Windows Defender\MSASCui.exe

H:\WINDOWS\vVX1000.exe

H:\WINDOWS\system32\rundll32.exe

H:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

H:\WINDOWS\RTHDCPL.EXE

H:\WINDOWS\SOUNDMAN.EXE

H:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe

H:\WINDOWS\system32\PnkBstrA.exe

H:\WINDOWS\system32\PnkBstrB.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\GIGABYTE\ET6\GUI.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

H:\WINDOWS\ehome\mcrdsvc.exe

H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

H:\WINDOWS\system32\SearchIndexer.exe

H:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

H:\Program Files\Microsoft ActiveSync\wcescomm.exe

H:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

H:\WINDOWS\system32\ctfmon.exe

H:\PROGRA~1\MI3AA1~1\rapimgr.exe

H:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

H:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe

H:\Program Files\SEC\Natural Color Pro\NCProTray.exe

H:\Program Files\Windows Desktop Search\WindowsSearch.exe

H:\WINDOWS\eHome\ehmsas.exe

H:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

H:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

H:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

H:\WINDOWS\system32\wscntfy.exe

H:\Program Files\SpeedFan\speedfan.exe

H:\WINDOWS\system32\wbem\unsecapp.exe

H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

H:\WINDOWS\system32\dllhost.exe

H:\WINDOWS\system32\wbem\wmiprvse.exe

H:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

H:\WINDOWS\System32\alg.exe

H:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

H:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

H:\Program Files\Windows Live\Messenger\msnmsgr.exe

H:\Program Files\Windows Live\Contacts\wlcomm.exe

H:\Program Files\Mozilla Firefox\firefox.exe

H:\WINDOWS\system32\SearchProtocolHost.exe

H:\WINDOWS\system32\SearchFilterHost.exe

H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

H:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - H:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - H:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - H:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [VX1000] H:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Microsoft Works Update Detection] H:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "H:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] H:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [EasyTuneVI] H:\Program Files\GIGABYTE\ET6\ETcall.exe

O4 - HKLM\..\Run: [iSUSPM Startup] H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [GBTUpd] H:\Program Files\GIGABYTE\GBTUpd\PreRun.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [GEST] =

O4 - HKLM\..\Run: [Ad-Watch] H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [startCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [TaskSwitchXP] H:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: SpeedFan.lnk = H:\Program Files\SpeedFan\speedfan.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = H:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &Download by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Converteren naar Adobe PDF - res://H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Down&load all by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "H:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - H:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe

O23 - Service: F-Secure BlackLight Sensor - F-Secure Corporation - H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - H:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - H:\Program Files\Common Files\BinarySense\hldasvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe

Hebben jullie nog oplossingen?

Alvast bedankt!

[kape]

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [GEST] =

Klik op 'Fix checked' om de items te verwijderen.

Maak daarna een nieuw logje met Malwarebytes.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[henko]

Ha Kape,

bedankt dat je me wilt helpen!

Dit is de log van Malwarebytes:

Malwarebytes' Anti-Malware 1.34

Database versie: 1801

Windows 5.1.2600 Service Pack 3

25-2-2009 18:01:08

mbam-log-2009-02-25 (18-01-08).txt

Scan type: Snelle Scan

Objecten gescand: 56761

Verstreken tijd: 1 minute(s), 44 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

En dit is de log van HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:05:27, on 25-2-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\csrss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\Windows Defender\MsMpEng.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\Program Files\Internet Explorer\IEXPLORE.EXE

H:\WINDOWS\arservice.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\eHome\ehRecvr.exe

H:\WINDOWS\eHome\ehSched.exe

H:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

H:\Program Files\Common Files\BinarySense\hldasvc.exe

H:\Program Files\Common Files\BinarySense\hldasvc.exe

H:\Program Files\Microsoft LifeCam\MSCamS32.exe

H:\WINDOWS\system32\PnkBstrA.exe

H:\WINDOWS\system32\PnkBstrB.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\ehome\mcrdsvc.exe

H:\WINDOWS\system32\SearchIndexer.exe

H:\WINDOWS\ehome\ehtray.exe

H:\WINDOWS\eHome\ehmsas.exe

H:\WINDOWS\ARPWRMSG.EXE

H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

H:\Program Files\Windows Defender\MSASCui.exe

H:\WINDOWS\vVX1000.exe

H:\WINDOWS\system32\rundll32.exe

H:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

H:\WINDOWS\RTHDCPL.EXE

H:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe

H:\WINDOWS\SOUNDMAN.EXE

H:\Program Files\GIGABYTE\ET6\GUI.exe

H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

H:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

H:\Program Files\Microsoft ActiveSync\wcescomm.exe

H:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

H:\WINDOWS\system32\ctfmon.exe

H:\WINDOWS\system32\wbem\unsecapp.exe

H:\PROGRA~1\MI3AA1~1\rapimgr.exe

H:\WINDOWS\system32\dllhost.exe

H:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

H:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe

H:\Program Files\SEC\Natural Color Pro\NCProTray.exe

H:\Program Files\Windows Desktop Search\WindowsSearch.exe

H:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

H:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

H:\WINDOWS\System32\alg.exe

H:\WINDOWS\system32\wscntfy.exe

H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

H:\WINDOWS\system32\wbem\wmiprvse.exe

H:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

H:\Program Files\SpeedFan\speedfan.exe

H:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

H:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

H:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

H:\Program Files\Mozilla Firefox\firefox.exe

H:\WINDOWS\system32\taskmgr.exe

H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

H:\Program Files\Windows Live\Messenger\msnmsgr.exe

H:\Program Files\Windows Live\Contacts\wlcomm.exe

H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

H:\Program Files\Windows Media Player\wmplayer.exe

H:\WINDOWS\system32\NOTEPAD.EXE

H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

H:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - H:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - H:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - H:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [VX1000] H:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Microsoft Works Update Detection] H:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "H:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] H:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [EasyTuneVI] H:\Program Files\GIGABYTE\ET6\ETcall.exe

O4 - HKLM\..\Run: [iSUSPM Startup] H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [GBTUpd] H:\Program Files\GIGABYTE\GBTUpd\PreRun.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Ad-Watch] H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [startCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LifeCam] "H:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "H:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "H:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [TaskSwitchXP] H:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RGSC] H:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: SpeedFan.lnk = H:\Program Files\SpeedFan\speedfan.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = H:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &Download by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Converteren naar Adobe PDF - res://H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Down&load all by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "H:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - H:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - H:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe

O23 - Service: F-Secure BlackLight Sensor - F-Secure Corporation - H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - H:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - H:\Program Files\Common Files\BinarySense\hldasvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe

--

End of file - 15473 bytes

Groetjes,

[kape]

Beide logjes zien er OK uit. Wil je dit nog even uitvoeren om malware te kunnen uitsluiten :

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• 
  Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.