Weergegeven resultaten: 1 t/m 10 van 10

Discussie: Complete freeze

  1. #1
    Member kisthechef's schermafbeelding
    Lid sinds
    18/02/04
    Locatie
    1
    Berichten
    1.849
    iTrader
    0

    Complete freeze

    Hey, snel bericht want binnen enkele minuten loopt alles weer vast;

    Ik heb al virusscans, malware scan gedaan.

    Alvast bedankt!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:32:56, on 31-12-2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\Thierry\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O15 - Trusted Zone: http://*.mcafee.com
    O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

    --
    End of file - 9402 bytes

  2. #2
    Member kisthechef's schermafbeelding
    Lid sinds
    18/02/04
    Locatie
    1
    Berichten
    1.849
    iTrader
    0
    Oké, blijkbaar is dit de eerste keer in minstens 10 keer heropstarten dat het probleem niet voorvalt (typisch ). Maakt dit iets uit?

    Iets specifiekere uitleg:
    Ik heb virusscan gedaan met avast. Malware scan met Ad-aware. AVG laten lopen (al vond ik het wel raar dat die bij mijn hoofdbrowser Opera niets verwijderde). Windows heeft zelf schijfcontrole gestart, dit heb ik laten lopen.

    De laatste weken heb ik niets exotisch gedownload dus ik vind het nogal raar...

    Hopelijk kan iemand me helpen

  3. #3
    Crew Member Jurgenv1's schermafbeelding
    Lid sinds
    3/11/05
    Locatie
    West-Vlaanderen
    Berichten
    16.350
    iTrader
    0
    Ik veronderstel dat je een online scan bedoelt van AVG? Onthou de gouden regel dat je maar 1 antivirus programma mag geïnstalleerd hebben op je computer of anders krijg je conflicten, dit geldt ook voor (realtime) antispyware programma's.

    Download ComboFix van één van deze locaties: Link 1 Link 2 * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op. >>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.
    1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. * (hier of hier staat een handleiding over hoe je deze kan uitschakelen
    2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
    3. Dubbelklik op "Combofix.exe" om de tool te starten.
    4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen. * Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer. 5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

  4. #4
    Member kisthechef's schermafbeelding
    Lid sinds
    18/02/04
    Locatie
    1
    Berichten
    1.849
    iTrader
    0
    Ik bedoelde ATF Cleaner, maar was weer m'n verstrooide zelf

    Nadat ik Combofix had laten werken kon ik geen enkel programma openen (dus ook geen browser om dit te posten). Ik kreeg een melding dat de .exe gemarkeerd stond voor verwijdering.

    Dank alvast voor de hulp!


    ComboFix 11-01-01.03 - Thierry 02-01-2011 15:44:17.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3068.1786 [GMT 1:00]
    Gestart vanuit: c:\users\Thierry\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
    c:\users\Thierry\AppData\Roaming\Microsoft\Windows \Recent\?????????????????????

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-12-02 to 2011-01-02 ))))))))))))))))))))))))))))))
    .

    2011-01-02 14:56 . 2011-01-02 15:01 -------- d-----w- c:\users\Thierry\AppData\Local\temp
    2011-01-02 14:56 . 2011-01-02 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-01 22:24 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-01-01 22:24 . 2011-01-01 22:24 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-01-01 22:23 . 2011-01-01 22:23 -------- d-----w- c:\users\Thierry\AppData\Local\Sunbelt Software
    2011-01-01 22:23 . 2011-01-01 22:23 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-01-01 22:23 . 2011-01-01 22:24 -------- d-----w- c:\programdata\Lavasoft
    2011-01-01 22:23 . 2011-01-01 22:23 -------- d-----w- c:\program files\Lavasoft
    2011-01-01 22:15 . 2011-01-01 22:15 -------- d-----w- C:\found.000
    2010-12-31 14:51 . 2010-12-31 14:51 -------- d-----w- c:\users\Thierry\.thumbnails
    2010-12-31 09:32 . 2010-12-31 09:32 388096 ----a-r- c:\users\Thierry\AppData\Roaming\Microsoft\Install er\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-31 09:32 . 2010-12-31 09:32 -------- d-----w- c:\program files\Trend Micro
    2010-12-31 09:14 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39417B93-4282-41C3-9ECE-2009A2E897F3}\mpengine.dll
    2010-12-23 10:29 . 2010-12-23 10:29 -------- d-----w- c:\program files\iPod
    2010-12-23 10:29 . 2010-12-23 10:30 -------- d-----w- c:\program files\iTunes
    2010-12-22 13:16 . 2010-12-22 13:16 -------- d-----w- c:\windows\system32\Adobe
    2010-12-16 08:38 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2010-12-16 08:37 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-12-14 17:18 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2010-12-13 20:11 . 2010-12-13 20:11 -------- d-----w- c:\program files\Veetle
    2010-12-13 19:49 . 2010-12-13 19:49 -------- d-----w- c:\program files\SopCast

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-10-27 18:01 . 2010-10-27 18:01 524288 ----a-w- c:\windows\system32\home box office.scr
    2010-10-19 09:41 . 2010-11-06 09:49 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-17 15:48 . 2010-10-17 15:48 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-10-16 19:43 . 2010-10-16 19:43 118784 ------w- c:\windows\system32\VMC3KAPI.dll
    2010-10-16 19:43 . 2010-10-16 19:43 114688 ------w- c:\windows\system32\VCryptAPI.dll
    2010-10-16 19:43 . 2010-10-16 19:43 23040 ------w- c:\windows\system32\ShlCmd.exe
    2010-10-16 19:43 . 2010-10-16 19:43 5632 ------w- c:\windows\system32\biologon.dll
    2010-10-16 19:43 . 2010-10-16 19:43 43184 ------w- c:\windows\system32\drivers\AlfaFF.sys
    2010-10-16 19:43 . 2010-10-16 19:43 331776 ------w- c:\windows\system32\DrvCrypt.dll
    2010-10-16 19:43 . 2010-10-16 19:43 16384 ------w- c:\windows\system32\AlfaFF.dll
    2010-10-16 19:43 . 2010-10-16 19:43 192512 ------w- c:\windows\system32\BioOne.dll
    2010-10-16 19:43 . 2010-10-16 19:43 189952 ------w- c:\windows\system32\PBAGUI.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-07-29 15:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
    "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
    "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13548064]
    "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-08-01 92704]
    "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
    "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2010-10-16 3719680]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-16 809480]
    "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
    "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-10-21 6144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKe y MC3000]
    2010-10-16 19:43 3162624 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2010-10-16 3520512]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2010-10-16 43184]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-17 691696]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-09-07 50768]
    S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
    S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
    S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
    S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-05-26 599344]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
    S3 NETw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
    S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101 x.sys [2008-05-26 40752]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Inhoud van de 'Gedeelde Taken' map

    2011-01-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1010&m=aspire_ 8930
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1010&m=aspire_ 8930
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    FF - ProfilePath - c:\users\Thierry\AppData\Roaming\Mozilla\Firefox\P rofiles\1twxl5gf.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKLM-Run-eRecoveryService - (no file)



    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-01-02 16:00
    Windows 6.0.6002 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    ************************************************** ************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'Explorer.exe'(636)
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\WUDFHost.exe
    .
    ************************************************** ************************
    .
    Voltooingstijd: 2011-01-02 16:09:37 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-01-02 15:09

    Pre-Run: 63.165.657.088 bytes beschikbaar
    Post-Run: 62.769.639.424 bytes beschikbaar

    Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
    - - End Of File - - BE09FB8A8C4E9CE75810C80B750EA4CB

  5. #5
    Member kisthechef's schermafbeelding
    Lid sinds
    18/02/04
    Locatie
    1
    Berichten
    1.849
    iTrader
    0
    Kuch, over verstrooidheid gesproken, die melding was dus gewoon de nederlandse versie van wat je gezegd had

  6. #6
    Crew Member Jurgenv1's schermafbeelding
    Lid sinds
    3/11/05
    Locatie
    West-Vlaanderen
    Berichten
    16.350
    iTrader
    0
    Ik zie niet direct iets... Kan je wat meer uitleg geven wanneer dit begonnen is? Was het na een bepaalde actie op je pc ofzo?

  7. #7
    Member kisthechef's schermafbeelding
    Lid sinds
    18/02/04
    Locatie
    1
    Berichten
    1.849
    iTrader
    0
    Hmm, vreemd...

    Het was begonnen toen ik naar een dvd (waar ik al meerdere malen naar gekeken had) keek. Plots stopte alles.

    Dit is nu al enkele keren gebeurd. Niet alleen als ik ergens naar kijk, maar ook bijvoorbeeld als ik hier iets aan het typen ben. Meestal na een minuut of 5, maar soms langer.

    Nu is er al enkele uren niets fout gelopen. Misschien heeft die combofix iets hersteld?

    Ik heb sowieso al een back-up gemaakt van al mijn belangrijke bestanden, dus desnoods herinstalleer ik windows eens.

    Ik zou je een pintje trakteren maar dat is hier nogal moeilijk, dus heb ik maar een repje verstuurd!

  8. #8
    Crew Member Jurgenv1's schermafbeelding
    Lid sinds
    3/11/05
    Locatie
    West-Vlaanderen
    Berichten
    16.350
    iTrader
    0
    Probeer anders eens na te gaan in taakbeheer welk proces zoveel CPU nodig heeft? Ik heb een flauw vermoeden dat SearchFilterHost.exe hiervoor tussen kan zitten. Ik stel voor dat je je probleem eens post in het software forum.

  9. #9
    Member kisthechef's schermafbeelding
    Lid sinds
    18/02/04
    Locatie
    1
    Berichten
    1.849
    iTrader
    0
    Het probleem lijkt zichzelf opgelost te hebben!

    Ik heb nog eens bij taakbeheer gekeken, maar daar zie ik momenteel niets speciaal.

    Groeten!

  10. #10
    Crew Member Jurgenv1's schermafbeelding
    Lid sinds
    3/11/05
    Locatie
    West-Vlaanderen
    Berichten
    16.350
    iTrader
    0
    Graag gedaan.

Discussie informatie

Users Browsing this Thread

Op dit moment bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •