Ga naar inhoud

PC gaat veel te traag

ComputerKid
 Delen

Aanbevolen berichten

ComputerKid Bijdrager

ComputerKid

Geplaatst:
Geplaatst:

Ik heb een probleem mijn windows vista gaat echt veel te traag!

HJT logje :

ogfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:04:24, on 18-5-2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Users\Nicholas\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\NEXON\EuropeMapleStory\MapleStory.exe

C:\Program Files\AhnLab\ASP\Components\ASPLnchr.exe

C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\mkd25tray.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\sdclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll

O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--

End of file - 7960 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Geen negatieve aanduidingen in je logje.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.

Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord, samen met het log van MBAM.

Link naar reactie
Delen op andere sites
ComputerKid Bijdrager

ComputerKid

Geplaatst:
  • Auteur
Geplaatst:

Mijn Malware Logje.

18-5-2009 21:20:29

mbam-log-2009-05-18 (21-20-29).txt

Scan type: Snelle Scan

Objecten gescand: 68227

Verstreken tijd: 5 minute(s), 21 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Combofix logje :

ComboFix 09-05-17.08 - Nicholas 18-05-2009 21:23.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3070.1924 [GMT 2:00]

Gestart vanuit: c:\users\Nicholas\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Nicholas\AppData\Local\Temp\nst7915.tmp

c:\users\Nicholas\AppData\Local\Temp\nst7935.tmp

c:\users\Nicholas\AppData\Local\Temp\nst7946.tmp

c:\users\Nicholas\AppData\Local\Temp\nst7947.tmp

c:\users\Nicholas\AppData\Local\Temp\nst7957.tmp

c:\users\Nicholas\AppData\Local\Temp\nst7958.tmp

c:\users\Nicholas\AppData\Local\Temp\nst7969.tmp

c:\users\Nicholas\AppData\Local\Temp\nst797A.tmp

c:\users\Nicholas\AppData\Local\Temp\nst798A.tmp

c:\users\Nicholas\AppData\Local\Temp\nst79BA.tmp

c:\users\Nicholas\AppData\Local\Temp\nstF734.tmp

.

---- Voorgaande Run -------

.

c:\users\Nicholas\AppData\Roaming\.#

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 16.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 17.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 18.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 19.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 2.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 20.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 21.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 22.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 23.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 24.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 25.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 26.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 27.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 28.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 29.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 3.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 30.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 31.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 32.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 33.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 34.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 35.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 4.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 5.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 6.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 7.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 8.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Backup files 9.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 1.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 10.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 11.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 12.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 13.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 14.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 15.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 16.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 17.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 18.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 19.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 2.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 20.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 21.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 22.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 23.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 24.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 25.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 26.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 27.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 28.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 29.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 3.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 30.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 31.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 32.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 33.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 34.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 35.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 4.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 5.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 6.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 7.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 8.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$R7JLSDL\Catalogs\Backup files 9.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RHUUZP2\Backup files 1.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RHUUZP2\Backup files 2.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RHUUZP2\Backup files 3.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RHUUZP2\Backup files 4.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RHUUZP2\Backup files 5.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RHUUZP2\Catalogs\Backup files 1.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RHUUZP2\Catalogs\Backup files 2.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RHUUZP2\Catalogs\Backup files 3.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RHUUZP2\Catalogs\Backup files 4.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RHUUZP2\Catalogs\Backup files 5.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 1.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 10.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 11.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 12.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 13.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 14.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 2.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 3.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 4.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 5.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 6.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 7.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 8.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Backup files 9.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 1.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 10.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 11.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 12.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 13.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 14.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 2.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 3.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 4.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 5.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 6.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 7.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 8.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RKD4ZSM\Catalogs\Backup files 9.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RNSXSG2\Backup files 1.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RNSXSG2\Backup files 2.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RNSXSG2\Backup files 3.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RNSXSG2\Catalogs\Backup files 1.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RNSXSG2\Catalogs\Backup files 2.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RNSXSG2\Catalogs\Backup files 3.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 1.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 10.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 11.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 12.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 13.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 14.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 15.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 16.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 17.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 18.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 2.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 3.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 4.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 5.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 6.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 7.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 8.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Backup files 9.zip

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 1.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 10.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 11.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 12.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 13.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 14.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 15.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 16.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 17.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 18.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 19.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 2.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 3.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 4.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 5.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 6.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 7.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 8.wbcat

d:\$recycle.bin\S-1-5-21-4247899568-971592803-1225083435-1000\$RSV0BH1\Catalogs\Backup files 9.wbcat

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-04-18 to 2009-05-18 ))))))))))))))))))))))))))))))

.

2009-05-18 19:33 . 2009-05-18 19:33 -------- d-sh--w C:\$RECYCLE.BIN

2009-05-18 19:14 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-18 19:14 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-18 19:14 . 2009-05-18 19:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-18 16:48 . 2009-05-18 16:48 -------- d-----w C:\32788R22FWJFW.0.tmp

2009-05-17 19:39 . 2009-05-17 19:39 -------- d-----w c:\program files\Trend Micro

2009-05-16 07:44 . 2009-05-16 07:45 34 ----a-w c:\users\Nicholas\jagex_runescape_preferences.dat

2009-05-16 07:44 . 2009-05-16 07:44 -------- d-----w c:\windows\.jagex_cache_32

2009-05-15 20:25 . 2009-05-15 20:25 -------- d-----w C:\_OTMoveIt

2009-05-15 19:06 . 2009-05-15 19:06 -------- d-----w c:\users\Nicholas\AppData\Roaming\Malwarebytes

2009-05-10 12:14 . 2009-05-10 20:21 -------- d-----w c:\users\Nicholas\AppData\Local\PMB Files

2009-05-10 12:14 . 2009-05-10 12:14 -------- d-----w c:\programdata\PMB Files

2009-05-10 12:14 . 2009-05-10 12:14 -------- d-----w c:\users\All Users\PMB Files

2009-05-03 11:41 . 2008-10-17 08:50 131072 ----a-w c:\windows\system32\drivers\Mkd2kfNT.sys

2009-05-03 11:41 . 2008-10-17 08:50 79104 ----a-w c:\windows\system32\drivers\Mkd2Nadr.sys

2009-05-03 11:40 . 2009-05-03 11:40 -------- d-----w c:\program files\AhnLab

2009-05-03 11:28 . 2009-05-03 11:28 -------- d-----w c:\program files\NEXON

2009-05-03 10:40 . 2009-05-03 11:19 -------- d-----w C:\download

2009-05-03 10:39 . 2009-05-03 10:39 -------- d-----w C:\Nexon

2009-05-03 10:39 . 2009-05-03 10:51 421888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe

2009-04-30 15:43 . 2009-04-30 21:30 -------- d-----w c:\program files\Common Files\Steam

2009-04-26 07:59 . 2009-04-26 07:59 -------- d-----w c:\programdata\Malwarebytes

2009-04-26 07:59 . 2009-04-26 07:59 -------- d-----w c:\users\All Users\Malwarebytes

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-14 14:27 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-05-02 07:12 . 2009-01-07 19:28 11952 ----a-w c:\windows\system32\avgrsstx.dll

2009-05-02 07:12 . 2009-01-07 19:28 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-05-02 07:12 . 2009-02-01 19:50 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-04-19 07:38 . 2009-01-08 05:43 1356 ----a-w c:\users\Nicholas\AppData\Local\d3d9caps.dat

2009-04-16 16:15 . 2008-11-03 08:11 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-15 20:42 . 2009-04-15 20:42 552 ----a-w c:\users\Nicholas\AppData\Local\d3d8caps.dat

2009-04-13 15:07 . 2008-11-03 08:54 -------- d-----w c:\program files\Common Files\Adobe

2009-04-13 14:23 . 2009-01-08 05:44 71280 ----a-w c:\users\Nicholas\AppData\Local\GDIPFONTCACHEV1.DAT

2009-03-25 13:03 . 2009-02-23 19:02 -------- d-----w c:\program files\Java

2009-03-17 03:38 . 2009-04-16 08:59 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-16 08:59 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-09 04:19 . 2009-01-13 17:19 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-03 04:46 . 2009-04-16 08:59 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-16 08:59 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:40 . 2009-04-16 08:59 827392 ----a-w c:\windows\system32\wininet.dll

2009-03-03 04:39 . 2009-04-16 08:59 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-16 08:59 551424 ----a-w c:\windows\system32\rpcss.dll

2009-03-03 04:39 . 2009-04-16 08:59 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-16 08:59 78336 ----a-w c:\windows\system32\ieencode.dll

2009-03-03 04:37 . 2009-04-16 08:59 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-16 08:59 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-16 08:59 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-16 08:59 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-16 08:59 17408 ----a-w c:\windows\system32\iashost.exe

2009-03-03 02:28 . 2009-04-16 08:59 26624 ----a-w c:\windows\system32\ieUnatt.exe

2009-02-25 12:36 . 2008-01-21 06:47 6638 ----a-w c:\windows\system32\perfc013.dat

2009-02-25 12:36 . 2008-01-21 06:47 1098982 ----a-w c:\windows\system32\perfh013.dat

2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

.

((((((((((((((((((((((((((((( SnapShot@2009-05-18_16.59.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2009-05-18 18:55 59666 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2009-05-18 18:55 78826 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2006-11-02 13:05 . 2009-05-18 14:41 78826 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-01-08 05:45 . 2009-05-18 18:55 13090 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4247899568-971592803-1225083435-1000_UserData.bin

+ 2009-01-08 05:42 . 2009-05-18 19:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-08 05:42 . 2009-05-18 16:58 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-08 05:42 . 2009-05-18 19:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-08 05:42 . 2009-05-18 16:58 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-08 05:42 . 2009-05-18 19:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-08 05:42 . 2009-05-18 16:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-02-10 17:10 . 2009-05-18 17:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-02-10 17:10 . 2009-05-17 20:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-02-10 17:10 . 2009-05-18 17:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-02-10 17:10 . 2009-05-17 20:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-02-10 17:10 . 2009-05-17 20:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-02-10 17:10 . 2009-05-18 17:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-02-07 00:03 . 2009-05-18 18:53 2670 c:\windows\System32\WDI\ERCQueuedResolutions.dat

+ 2009-05-18 19:28 . 2009-05-18 19:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:52 121392 ----a-w c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-17 817672]

"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-08 3673600]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"eRecoveryService"="" [bU]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-19 6265376]

"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-08-19 1833504]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]

2009-01-08 06:31 3116032 ----a-w c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]

2008-03-25 14:24 567560 ----a-w c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{E47F008D-5D1D-42C4-82B3-09331CDA7A36}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{E8958C4C-B1BF-4957-8AB6-52ABDD601BCC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{95FCA65D-396A-4F33-812B-076DC20DF081}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{B3F61EC1-9C61-4BFE-B85F-7936C34EBA3A}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{A7EF5407-3299-4FF1-91F4-1EB3BD707307}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{FCBFFE7B-D16F-443B-9E29-E7D9D64C2165}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{A09BF21E-987D-44DE-83FD-0325A5D0E39A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1C7CC37B-6060-4364-ABD4-829FACF5648F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{40B204A6-95EE-4B7E-9A42-CD1F557B39FB}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{06310D73-2D8A-4DF2-8CD5-3C35D0CD7A6F}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{E52443A0-3171-4409-A56B-DCD577465D0B}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{26C284A9-1642-4F8C-8D19-32C3C1F8312D}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{B1B4F4D8-B8FA-409F-BC86-081E2844CFD2}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{FE0E4381-2EB9-4459-A1D4-AA9ABAAD17F6}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{1199AEF3-211A-4837-9368-82168026A079}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"TCP Query User{8ACC6B56-E398-4D12-ADED-52A181FBC925}c:\\program files\\steam\\steamapps\\agent_sprink\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\agent_sprink\counter-strike source\hl2.exe:hl2

"UDP Query User{4DE088D3-CB1B-48E7-999A-B73449CF6DFE}c:\\program files\\steam\\steamapps\\agent_sprink\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\agent_sprink\counter-strike source\hl2.exe:hl2

"TCP Query User{A756D3E3-9134-4B99-8427-93B12845BFF8}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire

"UDP Query User{35028847-1F0B-47C2-907C-BDC43947B2BC}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire

"TCP Query User{3078A1FA-C9D7-476A-91D2-7BAD40EFE211}c:\\program files\\valve\\steam\\steamapps\\lozrez\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\lozrez\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{40FCD9CD-09C8-41EB-8ADD-1EAE631089F1}c:\\program files\\valve\\steam\\steamapps\\lozrez\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\lozrez\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{5F73B1CB-FEFB-4072-A5EB-E428009656A8}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"UDP Query User{BD7F533A-2FC2-4C10-8324-815ADA4670E9}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"TCP Query User{22FF1C22-829E-4B0F-A1B4-20F01D62C51A}c:\\program files\\steam\\steamapps\\last2309\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\last2309\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{8923E16A-F3C0-4AC9-96D0-E97DCE963058}c:\\program files\\steam\\steamapps\\last2309\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\last2309\counter-strike\hl.exe:Half-Life Launcher

"{C4ADDBBD-F5C5-4460-A822-624625C29A1C}"= UDP:c:\program files\Steam\SteamApps\last2309\counter-strike\hlds.exe:hlds

"{11922263-6604-412A-98FA-981EC61E81DE}"= TCP:c:\program files\Steam\SteamApps\last2309\counter-strike\hlds.exe:hlds

"TCP Query User{99E5AB60-CC6E-444A-A952-FE66CE732800}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{49B8FE2F-9C5D-44C3-AD72-8191EC1B1279}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"{5FB19A98-1056-49FE-8126-D8578F11B1E8}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

"TCP Query User{2A56A00F-7305-4DA3-A6FF-194DBF8B1079}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{F0706D99-87E5-44FC-AB08-15F7464A2B04}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{C3C387DB-6A41-4CF5-93EC-4F222F4D8411}"= UDP:c:\ngm\NGM.exe:Nexon Game Manager

"{7CC1BFCE-3797-4EB4-80AE-387ED709CE07}"= TCP:c:\ngm\NGM.exe:Nexon Game Manager

"{4063163C-8520-4048-B69E-7E7AD603E203}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager

"{2D3BD776-DC94-4593-AB70-4F8BE6E8B1F0}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager

"TCP Query User{CC5AB682-F8D2-4069-8CC1-635D491F78E4}c:\\program files\\2speced-client\\client.exe"= UDP:c:\program files\2speced-client\client.exe:client

"UDP Query User{6A7A0CF1-7B2C-46E2-BE21-4FDA18444464}c:\\program files\\2speced-client\\client.exe"= TCP:c:\program files\2speced-client\client.exe:client

"TCP Query User{A2E8EAE0-14A3-4D66-8CC4-01F28B792DDE}c:\\program files\\xfire\\dppm_source.exe"= UDP:c:\program files\xfire\dppm_source.exe:Dyyno P2P Source Application

"UDP Query User{57A79F8D-749A-4C7E-9C0F-32E8EED81220}c:\\program files\\xfire\\dppm_source.exe"= TCP:c:\program files\xfire\dppm_source.exe:Dyyno P2P Source Application

"{F9185CA1-367F-4661-920C-0BC7E9989970}"= UDP:c:\program files\Subagames\CrossFire\CF_G4box.exe:CrossFire

"{5C875434-D30F-41EE-B363-4C8F1921B84F}"= TCP:c:\program files\Subagames\CrossFire\CF_G4box.exe:CrossFire

"TCP Query User{971934F6-177B-4C85-900B-48EA2E5D0289}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"UDP Query User{04759FD6-54FA-4DA1-81A2-8558EDFB9C7D}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"{21815E07-F8A6-455D-B204-1921E60871D4}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

"{55E998B1-4893-4734-ACFC-2F970EA618F2}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [8-1-2009 8:31 43184]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7-1-2009 21:28 325896]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [1-2-2009 21:50 108552]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [8-1-2009 8:37 61424]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7-1-2009 21:28 908568]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7-1-2009 21:28 298776]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3-3-2008 14:11 16384]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [8-1-2009 8:39 81504]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [3-11-2008 10:23 24576]

R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [8-1-2009 8:31 3521024]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25-4-2008 22:36 45056]

R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [8-1-2009 8:39 122368]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25-4-2008 22:36 131072]

R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [3-11-2008 18:20 47616]

R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [8-1-2009 2:33 22072]

R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28-3-2007 8:51 43008]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\System32\drivers\Mkd2kfNT.sys [3-5-2009 13:41 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\System32\drivers\Mkd2Nadr.sys [3-5-2009 13:41 79104]

S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [3-11-2008 18:20 419328]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

.

Inhoud van de 'Gedeelde Taken' map

2009-05-16 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-05-18 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0109&m=aspire_6530g

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-05-18 21:33

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\windows\system32\wbem\Performance\WmiApRpl_new.h 3953 bytes

c:\windows\TEMP\TMP00000041543C00563D8B2B33 524288 bytes executable

Scan succesvol afgerond

verborgen bestanden: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(4968)

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\windows\System32\SysHook.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\program files\Common Files\SPBA\upeksvr.exe

c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe

c:\windows\System32\agrsmsvc.exe

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\program files\Cyberlink\Shared files\RichVideo.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\wbem\WMIADAP.exe

c:\windows\System32\conime.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Launch Manager\QtZgAcer.EXE

c:\program files\AVG\AVG8\avgtray.exe

c:\windows\System32\wbem\unsecapp.exe

c:\users\Nicholas\AppData\Local\Temp\RtkBtMnt.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\windows\System32\notepad.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

.

**************************************************************************

.

Voltooingstijd: 2009-05-18 21:34 - machine werd herstart

ComboFix-quarantined-files.txt 2009-05-18 19:34

Pre-Run: 106.522.251.264 bytes beschikbaar

Post-Run: 106.377.138.176 bytes beschikbaar

435 --- E O

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.