Archief - Laptop gaat vreselijk traag

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

TimeFtw

Legacy Member
Hallo,

mijn (nochtans nog niet oude : 1 jaar) laptop start al een tijdje vreselijk traag op, en eenmaal opgestart duurt het nog eens veel te lang om programmas (bv firefox) op te starten. Het komt ook regelmatig voor dat mijn laptop compleet blokkeert, dat ik dan niets meer kan selecteren omdat mijn pc "automatisch naar beneden scrollt" (weet niet goed hoe ik dit moet omschrijven). Ik heb al een volledige virusscan laten lopen, zonder resultaat. Dus bij deze een logje in de hoop dat ik hier geholpen kan worden. :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:36, on 9/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApVxdWin.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\avciman.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = STARTPAGE :: DAEMON-Search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mijnAOL | HP
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dlba_device - - C:\Windows\system32\dlbacoms.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updateservice (gupdate1c98e22be635c9d) (gupdate1c98e22be635c9d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrvx86.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

--
End of file - 10301 bytes

Alvast bedankt!

Jurgenv1

Legacy Member
* Download Malwarebytes' Anti-Malware via hier of hier.

Dubbelklik mbam-setup.exe om het programma te installeren.
  • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
  • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
  • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
  • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
  • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
Extra Nota:
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

dietrich0

Legacy Member
Ff OT, maar ik heb zelf Malwarebytes gehad en vond er niks aan! Ik had ook een soort hardnekkig virus(andere naam, maar kan er niet op komen) en heb het uiteindelijk zelf verwijderd door in de registers te duiken.

TimeFtw

Legacy Member
Hij vindt niets, misschien is het een hardwarematig probleem? Hoe zou ik dat dan kunnen vaststellen?

-------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.39
Database versie: 2538
Windows 6.0.6001 Service Pack 1

1/08/2009 14:39:37
mbam-log-2009-08-01 (14-39-37).txt

Scan type: Snelle Scan
Objecten gescand: 82525
Verstreken tijd: 5 minute(s), 54 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
--------------------------------------------------------------
--------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:36, on 9/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApVxdWin.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\avciman.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = STARTPAGE :: DAEMON-Search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mijnAOL | HP
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dlba_device - - C:\Windows\system32\dlbacoms.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updateservice (gupdate1c98e22be635c9d) (gupdate1c98e22be635c9d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrvx86.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

--
End of file - 10301 bytes

--------------------------------------------------------

Alvast bedankt!

Thombose

Legacy Member
als je beetje technisch aangelegd bent....(heb dit zelf ook ongeveer voorgehad en dit is hoe ik het olpgelost heb)....schroef je laptop open, tot het niveau van de cpu en het koelblok...haal de ventilator eraf, en blaas hem uit....haal je koelelement eruit en blaas hem uit...los de koelpasta op en smeer er nieuwe op...zet alles gterug in elkaar...en mss gaat het terug beter...mr probeer eerst alle andere software solutions :)

TimeFtw

Legacy Member
Thombose zei:
als je beetje technisch aangelegd bent....(heb dit zelf ook ongeveer voorgehad en dit is hoe ik het olpgelost heb)....schroef je laptop open, tot het niveau van de cpu en het koelblok...haal de ventilator eraf, en blaas hem uit....haal je koelelement eruit en blaas hem uit...los de koelpasta op en smeer er nieuwe op...zet alles gterug in elkaar...en mss gaat het terug beter...mr probeer eerst alle andere software solutions :)

Ik ben niet echt technisch aangelegd :p
Maar hij is nog geen jaar oud, en zal dus wel nog in garantie zijn. Ik kan hem altijd eens binnendoen :)

TimeFtw

Legacy Member
Ik heb het probleem gisterenavond opnieuw voorgehad. Ik was gewoon aan het surfen (op 9lives, toevallig :p), en plots werd mijn laptop compleet oncontroleerbaar, niets reageerde nog, en toen ik in taakbeheer keek stond het CPU-gebruik op iets van een 35%. Het was ook opnieuw zo dat ik niets op mijn bureaublad kon selecteren, als ik op een icoontje klikte dan werd automatisch enkel het icoon links onderaan gelecteerd. Idem in het menu 'afsluiten'; ik kan enkel 'andere gebruiker' selecteren, als ik naar 'afsluiten' wil gaan dan springt hij automatisch en direct terug naar andere gebruiker.
Ik merkte ook dat mijn laptop erg warm werd, warmer dan normaal, en ik kon mijn vinger er achteraan geen 20 seconden tegenhouden zonder hem te verbranden... (verbranden is nu mss veel gezegd, maar het deed toch pijn als ik er hem tegen hield :p)

Jurgenv1

Legacy Member
Excuses voor het late antwoord:

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

TimeFtw

Legacy Member
Geen probleem, ik heb tijd. :)

-------------------------------------------------------------------------------
ComboFix 09-08-04.04 - Stijn 06/08/2009 10:27.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3069.1992 [GMT 2:00]
Gestart vanuit: c:\users\Stijn\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1470336512-222584710-825403860-500
c:\$recycle.bin\S-1-5-21-2876191724-3392447857-3730096100-500
c:\users\Stijn\AppData\Roaming\inst.exe
c:\windows\Installer\22961.msi
c:\windows\Installer\25507.msi

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-07-06 to 2009-08-06 ))))))))))))))))))))))))))))))
.

2009-08-06 08:35 . 2009-08-06 08:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-05 20:04 . 2009-08-05 20:05 -------- d-----w- c:\users\Stijn\AppData\Roaming\gtk-2.0
2009-08-05 20:04 . 2009-08-05 20:04 -------- d-----w- c:\users\Stijn\.thumbnails
2009-08-05 19:38 . 2009-08-05 20:07 -------- d-----w- c:\users\Stijn\.gimp-2.6
2009-08-05 19:38 . 2009-08-05 19:38 -------- d-----w- c:\users\Stijn\.gegl-0.0
2009-08-05 19:38 . 2009-08-05 19:38 -------- d-----w- c:\program files\GIMP-2.0
2009-08-05 16:23 . 2009-08-05 16:23 404737 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-05 16:23 . 2009-06-03 14:26 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-05 16:23 . 2009-04-09 08:20 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-08-05 16:23 . 2009-02-13 14:01 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-08-05 16:23 . 2008-12-05 09:32 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-05 12:46 . 2009-08-05 12:48 -------- d-----w- c:\users\Stijn\Security tools
2009-08-05 12:43 . 2009-08-05 12:44 -------- d-----w- c:\users\Stijn\School & ebooks
2009-08-05 11:53 . 2008-06-27 13:53 376832 ----a-w- c:\windows\system32\aestecap.dll
2009-08-05 11:53 . 2008-06-27 13:53 53248 ----a-w- c:\windows\system32\aestaren.dll
2009-08-05 11:53 . 2008-09-11 09:50 446556 ----a-w- c:\windows\sttray.exe
2009-08-05 11:53 . 2008-09-11 09:49 2875392 ----a-w- c:\windows\system32\stlang.dll
2009-08-05 11:53 . 2008-09-11 09:48 532480 ----a-w- c:\windows\system32\idtmini1.exe
2009-08-05 11:53 . 2008-06-27 13:53 73728 ----a-w- c:\windows\system32\AESTCom.dll
2009-08-05 11:53 . 2008-06-27 13:53 133632 ----a-w- c:\windows\system32\aestacap.dll
2009-08-05 11:48 . 2008-09-11 09:51 168960 ----a-w- c:\windows\system32\staco.dll
2009-08-05 11:44 . 2008-09-11 09:54 389120 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-08-05 11:43 . 2008-09-11 09:54 404480 ----a-w- c:\windows\system32\stcplx.dll
2009-08-05 11:43 . 2008-09-11 09:53 671744 ----a-w- c:\windows\system32\stapo.dll
2009-08-05 11:43 . 2008-09-11 09:50 427008 ----a-w- c:\windows\system32\stapi32.dll
2009-08-05 11:43 . 2009-08-05 11:54 -------- d-----w- c:\program files\IDT
2009-08-05 11:18 . 2009-08-05 11:18 -------- d-----w- c:\windows\system32\SRSLabs
2009-08-04 14:34 . 2009-08-05 16:27 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-04 14:34 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-04 14:34 . 2009-08-04 14:34 -------- d-----w- c:\programdata\Avira
2009-08-04 14:34 . 2009-08-04 14:34 -------- d-----w- c:\program files\Avira
2009-08-02 13:32 . 2009-08-05 21:42 -------- d-----w- c:\users\Stijn\AppData\Roaming\FileZilla
2009-08-02 13:32 . 2009-08-02 13:32 -------- d-----w- c:\program files\FileZilla FTP Client
2009-08-02 13:25 . 2009-08-02 13:25 -------- d-----w- c:\users\Stijn\AppData\Roaming\SmartFTP
2009-08-01 15:10 . 2009-08-01 15:10 -------- d-----w- c:\users\Stijn\AppData\Roaming\JCreator
2009-08-01 15:10 . 2009-08-01 15:10 -------- d-----w- c:\programdata\JCreator
2009-08-01 15:08 . 2009-08-01 15:08 -------- d-----w- c:\program files\Xinox Software
2009-08-01 15:06 . 2009-08-01 15:09 -------- d-----w- C:\Java
2009-08-01 14:58 . 2009-08-01 14:58 -------- d-----w- c:\program files\Sun
2009-08-01 14:06 . 2009-08-01 14:08 -------- d-----w- c:\programdata\FLEXnet
2009-08-01 14:02 . 2009-08-01 14:02 -------- d-----w- c:\program files\Bonjour
2009-08-01 13:46 . 2009-08-01 13:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-31 23:09 . 2009-07-31 23:09 -------- d-----w- c:\users\Stijn\AppData\Roaming\Malwarebytes
2009-07-31 23:09 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-31 23:09 . 2009-07-31 23:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-31 23:09 . 2009-07-31 23:09 -------- d-----w- c:\programdata\Malwarebytes
2009-07-31 23:09 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 11:15 . 2009-07-30 11:15 -------- d-----w- c:\programdata\PopCap Games
2009-07-29 18:58 . 2009-08-05 10:27 -------- d-----w- c:\program files\Common Files\Real
2009-07-29 18:58 . 2009-07-29 18:58 -------- d-----w- c:\program files\Real
2009-07-28 15:57 . 2009-07-28 15:57 -------- d-----w- c:\programdata\Steam
2009-07-28 13:22 . 2009-07-28 13:22 -------- d-----w- c:\programdata\Big Fish Games
2009-07-28 13:22 . 2009-07-28 13:22 -------- d-----w- c:\programdata\Trymedia
2009-07-28 13:21 . 2009-07-28 13:21 -------- d-----w- c:\program files\BFG
2009-07-25 19:39 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-25 19:39 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 19:39 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-25 19:39 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 16:19 . 2008-08-25 16:03 -------- d-----w- c:\programdata\Google Updater
2009-08-05 12:47 . 2009-06-14 08:58 228 ----a-w- c:\windows\system32\edacded0.dat
2009-08-05 10:27 . 2008-06-06 16:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 10:08 . 2008-12-23 11:40 -------- d-----w- c:\program files\Panda Security
2009-08-03 23:27 . 2008-08-29 08:52 -------- d-----w- c:\users\Stijn\AppData\Roaming\uTorrent
2009-08-02 13:13 . 2008-06-07 01:43 667352 ----a-w- c:\windows\system32\perfh013.dat
2009-08-02 13:13 . 2008-06-07 01:43 126854 ----a-w- c:\windows\system32\perfc013.dat
2009-08-02 13:13 . 2008-06-07 01:36 659180 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-02 13:13 . 2008-06-07 01:36 122976 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-01 15:03 . 2008-06-06 17:35 -------- d-----w- c:\program files\Java
2009-08-01 14:02 . 2008-09-26 09:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-01 12:55 . 2008-09-02 17:14 -------- d-----w- c:\program files\Steam
2009-07-31 22:40 . 2008-10-31 22:00 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 07:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-22 09:46 . 2009-01-12 19:28 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-19 18:56 . 2008-10-11 14:13 -------- d-----w- c:\users\Stijn\AppData\Roaming\dvdcss
2009-07-18 16:06 . 2009-07-29 15:58 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 15:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 15:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-07 18:14 . 2008-09-02 17:14 -------- d-----w- c:\program files\Common Files\Steam
2009-07-03 21:58 . 2008-08-25 16:03 -------- d-----w- c:\program files\Google
2009-07-03 17:27 . 2009-07-03 17:27 -------- d-----w- c:\program files\SquareEnix
2009-07-03 17:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-06-27 12:45 . 2009-06-27 12:45 -------- d-----w- c:\program files\DeLano Scientific
2009-06-27 12:24 . 2008-08-29 08:52 270128 ----a-w- c:\users\Stijn\utorrent.exe
2009-06-27 08:48 . 2009-06-27 08:48 -------- d-----w- c:\users\Stijn\AppData\Roaming\Logitech
2009-06-27 08:48 . 2009-06-27 08:45 -------- d-----w- c:\programdata\Logitech
2009-06-27 08:47 . 2009-06-27 08:47 10134 ----a-r- c:\users\Stijn\AppData\Roaming\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
2009-06-27 08:47 . 2009-06-27 08:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-06-27 08:46 . 2009-06-27 08:45 -------- d-----w- c:\program files\Common Files\Logitech
2009-06-27 08:45 . 2009-06-27 08:45 -------- d-----w- c:\program files\Logitech
2009-06-27 08:45 . 2009-06-27 08:45 10134 ----a-r- c:\users\Stijn\AppData\Roaming\Microsoft\Installer\{56918C0C-0D87-4CA6-92BF-4975A43AC719}\ARPPRODUCTICON.exe
2009-06-27 08:45 . 2009-06-27 08:45 -------- d-----w- c:\users\Stijn\AppData\Roaming\InstallShield
2009-06-27 08:16 . 2009-06-27 08:16 -------- d-----w- c:\programdata\LogiShrd
2009-06-20 12:55 . 2009-06-20 10:38 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-06-20 10:37 . 2009-05-13 13:44 -------- d-----w- c:\users\Stijn\AppData\Roaming\Vso
2009-06-20 10:37 . 2009-05-13 13:44 47360 ----a-w- c:\users\Stijn\AppData\Roaming\pcouffin.sys
2009-06-20 10:37 . 2009-05-13 13:44 47360 ----a-w- c:\users\Stijn\AppData\Roaming\pcouffin.sys
2009-06-20 10:35 . 2008-12-09 16:53 -------- d-----w- c:\program files\Super Video Converter
2009-06-20 10:33 . 2009-06-20 10:33 -------- d-----w- c:\programdata\Hitman Pro
2009-06-20 10:33 . 2009-06-20 10:33 -------- d-----w- c:\program files\Hitman Pro 3.5
2009-06-15 20:36 . 2009-06-15 20:36 -------- d-----w- c:\programdata\McAfee
2009-06-14 10:52 . 2008-08-23 09:38 70176 ----a-w- c:\users\Stijn\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-14 10:06 . 2008-08-23 09:30 -------- d-----w- c:\programdata\Microsoft Help
2009-06-14 08:52 . 2009-06-14 08:52 -------- d-----w- c:\program files\Trend Micro
2009-06-14 08:47 . 2008-08-23 11:26 -------- d-----w- c:\program files\CCleaner
2009-06-14 07:58 . 2009-06-14 07:58 1878984 ----a-w- c:\users\Stijn\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-12 16:38 . 2008-08-23 09:28 -------- d-----w- c:\program files\Microsoft Works
2009-05-21 09:33 . 2009-01-01 11:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 13:44 . 2009-05-13 13:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2008-02-07 19:46 . 2008-02-07 19:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 19:46 . 2008-02-07 19:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 19:46 . 2008-02-07 19:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-07 19:46 . 2008-02-07 19:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 19:46 . 2008-02-07 19:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 19:46 . 2008-02-07 19:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-07 19:46 . 2008-02-07 19:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 15:27 . 2007-03-16 15:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 15:27 . 2007-03-16 15:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 15:27 . 2007-03-16 15:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 10:47 . 2007-07-20 10:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 19:46 . 2008-02-07 19:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1033512]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-27 692224]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-9-25 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A573A751-E54C-439D-B747-824A08A77CFF}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{D866BF1E-8C33-4B06-A394-2DE8D212C95B}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{4E5A2B72-70F5-436F-B908-1E7B9C86E5DD}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{38F3F5A3-DCD5-40B0-BEDE-92555C8AC1ED}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E135FA36-B5C9-43A4-83D4-CD95D11D2158}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{13A7C05A-410A-41C8-9A98-B901695098EE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{33CE56B8-9585-4DAD-95B6-F95AD443E78E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FC88437D-2525-483B-8B13-3EC23C6FE259}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{646288EE-B934-499C-820A-3BCDD89CF2F3}"= UDP:c:\windows\System32\dlbacoms.exe:Lexmark Communications System
"{CCA5089F-606E-4132-8013-3A4D103B94A5}"= TCP:c:\windows\System32\dlbacoms.exe:Lexmark Communications System
"{36537473-6BC2-4501-B662-36F0D406B2BA}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dlbapswx.exe:Printer Status Window
"{7D05A21A-C8B3-44D5-BA98-13C4222D8B46}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dlbapswx.exe:Printer Status Window
"{BB2D81AC-6F12-4052-82D6-24847C87269E}"= UDP:c:\program files\Dell AIO Printer A940\DLBAmon.exe:Device Monitor
"{5FEE274D-BFD9-4515-A5AD-9695D0EBEB3F}"= TCP:c:\program files\Dell AIO Printer A940\DLBAmon.exe:Device Monitor
"{C6108733-6886-4407-9FCD-ABAA848CBADD}"= UDP:c:\program files\Dell AIO Printer A940\dlbaaiox.exe:All In One Center
"{5413CD81-9EE9-4814-8328-4C3FC74F4A71}"= TCP:c:\program files\Dell AIO Printer A940\dlbaaiox.exe:All In One Center
"{7BADC718-71BD-4881-8C91-E3BAA2396757}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{38C42D58-DDCF-4E2D-9B99-4F70BDBD73C2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E0D69FBD-8652-4BBE-94BE-A11BA6AA9F53}c:\\program files\\steam\\steamapps\\timeftw\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\timeftw\counter-strike source\hl2.exe:hl2
"UDP Query User{17AFD018-5AF8-4319-8121-564642969E8C}c:\\program files\\steam\\steamapps\\timeftw\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\timeftw\counter-strike source\hl2.exe:hl2
"TCP Query User{95CF442A-0BDC-47A0-8766-D824AB81EEC2}c:\\program files\\steam\\steamapps\\timeftw\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\timeftw\counter-strike source\hl2.exe:hl2
"UDP Query User{2D64EED3-EFED-46A1-B80E-10BF2B0088D7}c:\\program files\\steam\\steamapps\\timeftw\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\timeftw\counter-strike source\hl2.exe:hl2
"TCP Query User{BA869F03-8F46-41EB-A864-A25BAFF900D0}c:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"UDP Query User{0D7DF5A8-E5AC-44C9-82EB-074EC04AD8C0}c:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"TCP Query User{711C1C03-DEE2-4086-9E50-7F6E059B2C8A}c:\\users\\stijn\\utorrent.exe"= UDP:c:\users\stijn\utorrent.exe:utorrent.exe
"UDP Query User{012C2EBC-04A6-40B4-A18F-9B29494924F3}c:\\users\\stijn\\utorrent.exe"= TCP:c:\users\stijn\utorrent.exe:utorrent.exe
"TCP Query User{1D2AD45E-DAA3-4AC8-8086-54A0EC8F8A36}c:\\users\\stijn\\utorrent.exe"= UDP:c:\users\stijn\utorrent.exe:utorrent.exe
"UDP Query User{4AC848DA-3393-4B18-A987-AECA31DFFEAF}c:\\users\\stijn\\utorrent.exe"= TCP:c:\users\stijn\utorrent.exe:utorrent.exe
"TCP Query User{94E4576E-6F60-4E9D-823D-0001FB52E9B8}c:\\program files\\age of empires 2 & the conquerors expansion - full game\\age2_x1.exe"= UDP:c:\program files\age of empires 2 & the conquerors expansion - full game\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{D37AC030-496B-4B69-86CB-0AC0E9A01E35}c:\\program files\\age of empires 2 & the conquerors expansion - full game\\age2_x1.exe"= TCP:c:\program files\age of empires 2 & the conquerors expansion - full game\age2_x1.exe:Age of Empires II Expansion
"{947B3742-9814-4A21-ADEA-E1488B981352}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II
"{69683B73-221D-4BA7-9214-EF0A3FD7C0E7}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II
"TCP Query User{D7830E1C-8B0F-494A-9B96-748C9B19EBD9}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A8DFED71-FC05-4A07-BEE5-8ED130C43074}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{AE6972F5-B600-4F7B-854D-8C674F9D36BE}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{94B96612-FB51-4514-9665-27D99F501C0E}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{F48A87D4-F5F7-4B5F-A291-5BE1DA39B97F}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{D6298539-4955-4902-A286-ED150B092C2A}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"TCP Query User{EF718EF3-9F5A-4A0C-A75E-76361FEA212B}c:\\program files\\ubisoft\\tom clancy's h.a.w.x\\hawx.exe"= UDP:c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe:HAWX
"UDP Query User{756718A9-30EB-4ED1-92F3-E3F715080FA4}c:\\program files\\ubisoft\\tom clancy's h.a.w.x\\hawx.exe"= TCP:c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe:HAWX
"{17C448A8-753D-4BB3-9B28-B3AAFE17A4EF}"= UDP:c:\program files\PPLive\PPLive.exe:PPLive
"{73ACA32C-5A8D-4807-BEB4-6B797C35A1A1}"= TCP:c:\program files\PPLive\PPLive.exe:PPLive
"{E0A2355E-06FF-4146-A8A9-3DE16BADCA92}"= UDP:c:\program files\PPLiveVA\PPLiveVA.exe:PPLiveVA
"{DFDAC82B-7CDC-4DA8-8639-645B9F8BDF5B}"= TCP:c:\program files\PPLiveVA\PPLiveVA.exe:PPLiveVA
"TCP Query User{281534A2-1B8D-4DA7-ABD8-1674A7D4BEAD}c:\\program files\\electronic arts\\the battle for middle-earth ii\\game.dat"= UDP:c:\program files\electronic arts\the battle for middle-earth ii\game.dat:The Battle for Middle-earth™ II
"UDP Query User{6505F870-FDBD-46BA-A2B5-54F34AEE6D95}c:\\program files\\electronic arts\\the battle for middle-earth ii\\game.dat"= TCP:c:\program files\electronic arts\the battle for middle-earth ii\game.dat:The Battle for Middle-earth™ II
"TCP Query User{C401FAA7-2D3F-4D40-8003-0C00E51B7CFE}c:\\program files\\empire interactive\\flatout 2\\flatout2.exe"= UDP:c:\program files\empire interactive\flatout 2\flatout2.exe:flatout2
"UDP Query User{FD8E1F65-C591-474B-A98D-3D1DEA176EB2}c:\\program files\\empire interactive\\flatout 2\\flatout2.exe"= TCP:c:\program files\empire interactive\flatout 2\flatout2.exe:flatout2
"TCP Query User{C01424E8-D8DB-43BE-BFB2-0985D083404B}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{AF841F07-5E10-4F26-9B95-FBC581E2EDB0}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{AC4C5004-5BAA-4ACB-BEBA-AA4990F98528}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{34495616-495B-49E5-875C-90DA9B6887D5}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{11362DFB-DFE6-4591-AE52-95402E584A15}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{9D1E3FB1-099A-487F-8992-547B8BEE7737}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"{7371BCF7-136B-48B7-A981-8682D9D4E7AA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0651DABE-2E6E-4728-9008-C921CA9552F1}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B8375829-6E27-40B0-AB25-BC3A6A5801C7}c:\\program files\\steam\\steamapps\\timeftw\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\timeftw\source dedicated server\srcds.exe:srcds
"UDP Query User{BA2B8B12-6467-499C-A72F-49B733B3980D}c:\\program files\\steam\\steamapps\\timeftw\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\timeftw\source dedicated server\srcds.exe:srcds
"TCP Query User{03BF29C4-AEAB-4B51-BB29-2E3CD6D0EC08}c:\\program files\\empire interactive\\flatout 2\\flatout2.exe"= UDP:c:\program files\empire interactive\flatout 2\flatout2.exe:flatout2
"UDP Query User{326E7882-6527-43FF-8CD2-7D892FAE80D0}c:\\program files\\empire interactive\\flatout 2\\flatout2.exe"= TCP:c:\program files\empire interactive\flatout 2\flatout2.exe:flatout2
"TCP Query User{E5B383C5-EE2C-4CED-8384-5C0B93A14592}c:\\ut2004\\system\\ut2004.exe"= UDP:c:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{3FBD4A08-56CA-46A2-B44B-112268637333}c:\\ut2004\\system\\ut2004.exe"= TCP:c:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{1321ECCC-644E-4B50-BAA9-D3D920A97FE1}c:\\ut2004\\system\\ut2004.exe"= UDP:c:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{4FBA534A-B4E0-45D4-A8E0-0CD250ADFC53}c:\\ut2004\\system\\ut2004.exe"= TCP:c:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{3778B11A-6271-4774-A66F-D0975B1E0879}c:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"UDP Query User{69654987-784F-4797-94BE-D266CBDA39C8}c:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"TCP Query User{824BE2CD-EBD9-4DE7-8BF2-0403F27E62D8}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{7E07AA2A-02C2-435B-9013-26EFEC263188}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{A9B93E97-D9D1-4E75-94A9-4F07E9FBF757}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{86D1E9E0-5C77-48C8-9C44-5186B9903C9C}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [7/08/2008 15:17 15416]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe [5/08/2009 13:43 77824]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/08/2009 16:34 108289]
R2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe -service --> c:\windows\system32\dlbacoms.exe -service [?]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 4:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 16:24 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [6/06/2008 19:30 341328]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/06/2008 18:38 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23/01/2008 23:23 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [1/04/2008 13:14 81296]
S2 gupdate1c98e22be635c9d;Google Updateservice (gupdate1c98e22be635c9d);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 23:33 133104]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\System32\drivers\WSDPrint.sys [21/01/2008 4:23 16896]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhoud van de 'Gedeelde Taken' map

2009-08-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:40]

2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 21:33]

2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 21:33]

2009-08-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-08-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Stijn\AppData\Roaming\Mozilla\Firefox\Profiles\dexvprvi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ | http://minerva.ugent.be
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-06 10:35
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2009-08-06 10:38
ComboFix-quarantined-files.txt 2009-08-06 08:38

Pre-Run: 85.316.771.840 bytes beschikbaar
Post-Run: 84.796.289.024 bytes beschikbaar

305 --- E O F --- 2009-08-05 13:05
-----------------------------------------------------------------------------------

TimeFtw

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:36, on 9/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApVxdWin.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\avciman.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = STARTPAGE :: DAEMON-Search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mijnAOL | HP
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dlba_device - - C:\Windows\system32\dlbacoms.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updateservice (gupdate1c98e22be635c9d) (gupdate1c98e22be635c9d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrvx86.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

--
End of file - 10301 bytes

Alvast bedankt!

TimeFtw

Legacy Member
Ik moet er nog twee dingen bijzeggen:
- ik heb onlangs een andere antivirus geinstalleerd (ik had panda maar die was niet meer up to date, heb die verwijderd en heb er antivir opgezet), en toen ik een volledige scan liet lopen vond hij volgend bestand:
The file 'C:\Program Files\NetMeeting\comp.exe'
contained a virus or unwanted program 'BDS/Hupigon.Gen' [backdoor]
Dit bestand is intussen verwijderd.
- nadat ik combofix liet lopen en mijn pc ondertussen al reboote, krijg ik nog steeds rechts onderaan een icoontje van beveiligingswaarschuwingen, dat 'het beveiligingscentrum niet wordt uitgevoerd', hoewel alles op OK staat als ik er op klik. Ook was mijn bureaubladachtergrond veranderd, hij stond terug op een default wallpaper. Is dit normaal? :p

TimeFtw

Legacy Member
Het probleem heeft zich sinds de laatste keer dat ik het hier poste niet meer voorgedaan.
Er is nu wel een klein probleempje bijgekomen: als ik nu mijn pc opstart, dan is staat het hele beveiligingscentrum standaard uitgeschakeld, ik moet het dus altijd manueel inschakelen, samen met mijn virusbeveiliging (mijn antivirus start wel mee op met windows). Ook kan ik bij het gedeelte 'beveiliging tegen spyware' windows defender niet meer aanzetten, als ik op 'inschakelen' duw, gebeurt er niets. Er loopt wel al een programma in die categorie, namelijk antivir desktop.
Enig idee hoe ik dit nog zou kunnen oplossen?

TimeFtw

Legacy Member
Ter verduidelijking: ik heb het dus over dit scherm, waar alles standaard uitgeschakeld staat bij het opstarten. En dit is dus sinds ik mijn pc reboote nadat ik combofix had laten lopen, voor de rest heb ik niets speciaals gedaan.

edit: Ik heb net gemerkt dat als ik lang genoeg wacht, alles toch aangeschakeld wordt :)
Ik krijg wel nog steeds de melding dat er iets niet klopt (zo een rood icoontje rechts onderaan met 'beveiligingswaarschuwingen'). Mss omdat windows defender niet aan staat?

Jurgenv1

Legacy Member
screwielowie zei:
Ter verduidelijking: ik heb het dus over dit scherm, waar alles standaard uitgeschakeld staat bij het opstarten. En dit is dus sinds ik mijn pc reboote nadat ik combofix had laten lopen, voor de rest heb ik niets speciaals gedaan.

edit: Ik heb net gemerkt dat als ik lang genoeg wacht, alles toch aangeschakeld wordt :)
Ik krijg wel nog steeds de melding dat er iets niet klopt (zo een rood icoontje rechts onderaan met 'beveiligingswaarschuwingen'). Mss omdat windows defender niet aan staat?

Zou kunnen, heb je al eens geprobeerd met Defender aan?

TimeFtw

Legacy Member
Ja, het icoontje blijft er staan. Maar dat vind ik eigenlijk niet zo erg hoor :p
Het probleem is dat mijn laptop eergisteren opnieuw vastliep. En aangezien mijn computer volledig clean is denk ik dat het misschien ligt aan een koeler die vol stof zit ofzo? Aangezien mijn laptop altijd heel warm is en nog warmer wordt op het moment dat hij vastloopt.

Jurgenv1

Legacy Member
screwielowie zei:
Ja, het icoontje blijft er staan. Maar dat vind ik eigenlijk niet zo erg hoor :p
Het probleem is dat mijn laptop eergisteren opnieuw vastliep. En aangezien mijn computer volledig clean is denk ik dat het misschien ligt aan een koeler die vol stof zit ofzo? Aangezien mijn laptop altijd heel warm is en nog warmer wordt op het moment dat hij vastloopt.

Zou kunnen, maar daarvoor moet ik je doorverwijzen naar het hardware forum. :)
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan