Vraag & Antwoord
Hangende processen
8 antwoorden
- Beste Forummers, ik ben blij dat er hier de nodige mensen met kennis van zaken zitten….
Mijn PC (Dell met duocore processor, 2G Ram, Windows Vista Home Premium SP1) ligt al een week of 2 dwars. Allerlei programma's blijven gewoon hangen ('reageert niet'), ik krijg ze niet meer uitgeschakeld via Taakbeheer.
Wat ik ook bijzonder vreemd vind is dat sommige programma's gewoon niet meer starten. Ik zie dan in Taakbeheer wel 1 of meerdere processen draaien maar het programma zelf start niet (verder) op en ik zie het in Taakbeheer ook niet terug bij het tabblad Toepassingen.
Denk hierbij ook aan Configuratiescherm (blijft een leeg window), Media Center geeft alleen maar geluid, de Windows helpfunctie kan geen verbinding meer maken met Internet en zo kan ik nog wel even doorgaan allerlei programma's hangen gewoon en de PC uitschakelen duurt knap lang.
Wat ik al geprobeerd heb….Uitgebreid gescand met Kaspersky, Spybot, Ad-Aware e.d., Memory gechecked, schijfcontrole; levert allemaal niets op. Diverse herstelpunten geprobeerd, een image uit een backup van mijn C: partitie (waar alle programmatuur op staat, mijn data staat op andere partities) teruggeplaatst van een datum waarop alles nog probleemloos draaide.
Tja, en dan komt er een punt dat ik het eigenlijk niet meer weet.
Als de deskundigen eens een blik willen werpen op deze Hijackthis.log…..heel erg graag!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:35, on 5-3-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\IrCOMM2k\irmon2k.exe
C:\Program Files\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\logitech\SetPoint\SetPoint.exe
C:\Program Files\psion\PsiWin\Psconsv.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\mozilla firefox\firefox.exe
C:\Windows\system32\werfault.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
edir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi
edir.dll?prd=ie&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi
edir.dll?prd=ie&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi
edir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
edir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi
edir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: IrDA Monitor.lnk = C:\Program Files\IrCOMM2k\irmon2k.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\psion\PsiWin\Psconsv.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat… - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat… - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
pjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
pjpi160.dll
O9 - Extra button: Anti-Virus voor internet statistieken - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ???,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
–
End of file - 9566 bytes - Download Dial-a-fix-2006
en pak beide bestanden in hun eigen map uit naar je Bureaublad.
[list:206e270f91][*:206e270f91]In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
[*:206e270f91]In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
[*:206e270f91]Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
[*:206e270f91]Sluit dit venster na afloop door onderaan op "Close" te klikken.[/list:u:206e270f91]
Start hijackthis en kies voor 'do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:206e270f91]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [/b:206e270f91]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Download [b:206e270f91] en sla het op je bureaublad op.
Dubbelklik op [b:206e270f91]mbam-setup.exe[/b:206e270f91] om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:[list:206e270f91]
[*:206e270f91]Update MalwareBytes' Anti-Malware
[*:206e270f91]Start MalwareBytes' Anti-Malware
[/list:u:206e270f91]Klik daarna op "[b:206e270f91]Voltooien[/b:206e270f91]".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:206e270f91]
[*:206e270f91]Zodra het programma gestart is, ga dan naar het tabblad "[b:206e270f91]Instellingen[/b:206e270f91]".
[*:206e270f91]Vink hier aan: "[b:206e270f91]Sluit Internet Explorer tijdens verwijdering van malware[/b:206e270f91]".
[*:206e270f91]Ga daarna naar het tabblad "[b:206e270f91]Scanner[/b:206e270f91]", kies hier voor "[b:206e270f91]Snelle Scan[/b:206e270f91]".
[*:206e270f91]Druk vervolgens op "[b:206e270f91]Scannen[/b:206e270f91]" om de scan te starten.
[*:206e270f91]Het scannen kan een tijdje duren, dus wees geduldig.
[*:206e270f91]Wanneer de scan voltooid is, klik op [b:206e270f91]OK[/b:206e270f91], daarna "[b:206e270f91]Bekijk Resultaten[/b:206e270f91]" om de resultaten te zien.
[*:206e270f91]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:206e270f91]Verwijder geselecteerde[/b:206e270f91]".
[*:206e270f91]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
[/list:u:206e270f91]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:206e270f91]Logs[/b:206e270f91]" tab te klikken in het programma.
Plaats dit logje samen met een nieuw logje van HijackThis
Download [b:206e270f91] naar je Bureaublad en gebruik het volgens deze handleiding.
[i:206e270f91] - Helaas, Dial-a-fix werkt niet onder Vista :cry:
Het vreemde vind ik dat Firefox de ene keer wel start, de volgende keer dat ik de PC gebruik weer niet. Ik kan er wat dat betreft geen touw meer aan vast knopen.
Soms lijkt het alsof alles normaal werkt, dan gaat er weer van alles hangen en kan ik helemaal niets meer. Taakbeheer geeft aan dat er van alles draait, maar er is vrijwel geen CPU activiteit en bescheiden geheugengebruik.
Ik hou me aanbevolen voor andere opties! - Zou je rest van de instructies uit willen voeren?
- De update van MalwareBytes' Anti-Malware wilde niet lopen…..
Oke, hierbij de resultaten van de scans:
Malwarebytes' Anti-Malware 1.34
Database versie: 1749
Windows 6.0.6001 Service Pack 1
8-3-2009 19:29:48
mbam-log-2009-03-08 (19-29-48).txt
Scan type: Snelle Scan
Objecten gescand: 77716
Verstreken tijd: 4 minute(s), 42 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:11, on 8-3-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\IrCOMM2k\irmon2k.exe
C:\Program Files\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\logitech\SetPoint\SetPoint.exe
C:\Program Files\psion\PsiWin\Psconsv.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\msfeedssync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\mozilla firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
edir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi
edir.dll?prd=ie&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi
edir.dll?prd=ie&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi
edir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
edir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi
edir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: IrDA Monitor.lnk = C:\Program Files\IrCOMM2k\irmon2k.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\psion\PsiWin\Psconsv.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
pjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
pjpi160.dll
O9 - Extra button: Anti-Virus voor internet statistieken - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ???,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
–
End of file - 8230 bytes
ComboFix 09-03-06.02 - Frits 2009-03-08 19:48:47.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2046.841 [GMT 1:00]
Gestart vanuit: L:\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-02-08 to 2009-03-08 ))))))))))))))))))))))))))))))
.
2009-03-08 15:00 . 2009-03-08 15:00 <DIR> d——– c:\users\Frits\AppData\Roaming\Malwarebytes
2009-03-08 15:00 . 2009-03-08 15:00 <DIR> d——– c:\users\All Users\Malwarebytes
2009-03-08 15:00 . 2009-03-08 15:00 <DIR> d——– c:\programdata\Malwarebytes
2009-03-08 15:00 . 2009-03-08 15:00 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
2009-03-08 15:00 . 2009-02-11 10:19 38,496 –a—— c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-08 15:00 . 2009-02-11 10:19 15,504 –a—— c:\windows\System32\drivers\mbam.sys
2009-03-07 19:21 . 2008-12-05 05:32 428,544 –a—— c:\windows\System32\EncDec.dll
2009-03-07 19:21 . 2008-12-05 05:32 293,376 –a—— c:\windows\System32\psisdecd.dll
2009-03-07 19:21 . 2008-12-05 05:31 217,088 –a—— c:\windows\System32\psisrndr.ax
2009-03-07 19:21 . 2008-12-05 05:31 177,664 –a—— c:\windows\System32\mpg2splt.ax
2009-03-07 19:21 . 2008-12-05 05:31 80,896 –a—— c:\windows\System32\MSNP.ax
2009-03-05 20:24 . 2009-03-05 20:24 <DIR> d–hs—- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-05 20:24 . 2009-03-05 20:24 <DIR> d–hs—- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-05 19:45 . 2009-03-05 19:45 <DIR> d——– c:\program files\Trend Micro
2009-03-03 22:02 . 2007-03-22 08:52 360,448 –a—— c:\windows\System32
vraidco.dll
2009-03-03 22:02 . 2007-03-09 12:37 356,352 –a—— c:\windows\System32\NVUNINST.EXE
2009-03-03 21:53 . 2009-03-03 21:53 <DIR> d—-c— c:\windows\System32\DRVSTORE
2009-03-03 21:50 . 2009-03-03 21:50 <DIR> d——– c:\program files\AMD
2009-03-03 21:07 . 2009-03-03 21:07 0 –a—— c:\windows\I531_1013.INI
2009-03-02 17:01 . 2008-12-16 04:29 8,147,456 –a—— c:\windows\System32\wmploc.DLL
2009-03-02 17:01 . 2008-12-16 06:31 7,680 –a—— c:\windows\System32\spwmp.dll
2009-03-02 17:01 . 2008-12-16 06:31 4,096 –a—— c:\windows\System32\msdxm.ocx
2009-03-02 17:01 . 2008-12-16 06:31 4,096 –a—— c:\windows\System32\dxmasf.dll
2009-02-26 21:41 . 2009-02-26 21:41 <DIR> d——– c:\users\Frits\AppData\Roaming\FreeCommander
2009-02-26 21:41 . 2009-02-26 21:41 <DIR> d——– c:\users\Frits\AppData\Roaming\AD ON Multimedia
2009-02-26 21:41 . 2009-02-26 21:41 <DIR> d——– c:\program files\FreeCommander
2009-02-26 18:44 . 2008-06-20 02:14 781,344 –a—— c:\windows\System32\PresentationNative_v0300.dll
2009-02-26 18:44 . 2008-06-20 02:14 622,080 –a—— c:\windows\System32\icardagt.exe
2009-02-26 18:44 . 2008-06-20 02:14 326,160 –a—— c:\windows\System32\PresentationHost.exe
2009-02-26 18:44 . 2008-06-20 02:14 105,016 –a—— c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-26 18:44 . 2008-06-20 02:14 97,800 –a—— c:\windows\System32\infocardapi.dll
2009-02-26 18:44 . 2008-06-20 02:14 43,544 –a—— c:\windows\System32\PresentationHostProxy.dll
2009-02-26 18:44 . 2008-06-20 02:14 37,384 –a—— c:\windows\System32\infocardcpl.cpl
2009-02-26 18:44 . 2008-06-20 02:14 11,264 –a—— c:\windows\System32\icardres.dll
2009-02-26 18:39 . 2008-07-27 19:03 282,112 –a—— c:\windows\System32\mscoree.dll
2009-02-26 18:39 . 2008-07-27 19:03 158,720 –a—— c:\windows\System32\mscorier.dll
2009-02-26 18:39 . 2008-07-27 19:03 96,760 –a—— c:\windows\System32\dfshim.dll
2009-02-26 18:39 . 2008-07-27 19:03 83,968 –a—— c:\windows\System32\mscories.dll
2009-02-26 18:39 . 2008-07-27 19:03 41,984 –a—— c:\windows\System32
etfxperf.dll
2009-02-26 18:09 . 2009-02-26 18:09 <DIR> d–h-c— c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-26 18:09 . 2009-02-26 18:09 <DIR> d–h-c— c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-25 22:35 . 2009-03-07 18:53 <DIR> d——– c:\users\All Users\Spybot - Search & Destroy
2009-02-25 22:35 . 2009-03-07 18:53 <DIR> d——– c:\programdata\Spybot - Search & Destroy
2009-02-24 20:30 . 2009-01-15 04:36 1,383,424 –a—— c:\windows\System32\mshtml.tlb
2009-02-24 20:30 . 2009-01-15 07:11 827,392 –a—— c:\windows\System32\wininet.dll
2009-02-24 20:29 . 2008-12-16 03:42 288,768 –a—— c:\windows\System32\drivers\srv.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 19:05 106,168,864 –sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-08 18:59 1,431,140 –sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-08 15:34 ——— d—a-w c:\programdata\TEMP
2009-03-08 13:53 ——— d—–w c:\users\Frits\AppData\Roaming\OpenOffice.org2
2009-03-08 13:49 ——— d—–w c:\programdata\Kaspersky Lab
2009-03-07 21:07 ——— d—–w c:\programdata\Google Updater
2009-03-07 18:08 ——— d—–w c:\program files\spybot - search & destroy
2009-03-07 12:35 ——— d—–w c:\program files\Spyware Doctor
2009-03-06 17:35 ——— d—–w c:\programdata\GARMIN
2009-03-04 11:41 ——— d—–w c:\users\Hermance\AppData\Roaming\OpenOffice.org2
2009-02-26 19:56 ——— d—–w c:\users\Frits\AppData\Roaming\GARMIN
2009-02-26 19:16 ——— d—–w c:\program files\Mozilla Thunderbird
2009-02-26 18:51 ——— d—–w c:\program files\MozBackup
2009-02-26 18:22 ——— d—–w c:\programdata\Lavasoft
2009-02-25 15:41 ——— d—–w c:\program files\Common Files\Logitech
2009-02-24 21:22 ——— d—–w c:\program files\Azureus
2009-02-24 20:19 ——— d—–w c:\program files\Windows Mail
2009-02-24 19:41 ——— d—–w c:\program files\Hitman Pro 3
2009-02-24 19:20 89,601 —-a-w c:\windows\system32\drivers\klick.dat
2009-02-24 19:20 101,287 —-a-w c:\windows\system32\drivers\klin.dat
2008-05-21 10:24 3,094 —-a-w c:\users\Hermance\AppData\Roaming\wklnhst.dat
2008-04-17 17:12 174 –sha-w c:\program files\desktop.ini
2008-03-07 10:30 668 —-a-w c:\users\Frits\AppData\Roaming\wklnhst.dat
2007-08-05 15:10 135,680 —-a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-05-07 04:49 16,384 –sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-07 04:49 32,768 –sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-07 04:49 16,384 –sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-05 1836544]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-11 905000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-13 185896]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-11 2617448]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-11 140568]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-01 1168264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
c:\users\Hermance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2 .lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\ANYCOM\Bluetooth-USB\BTTray.exe [2007-03-21 719664]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
IrDA Monitor.lnk - c:\program files\IrCOMM2k\irmon2k.exe [2004-12-12 40960]
Logitech Desktop Messenger.lnk - c:\program files\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-16 67128]
Logitech SetPoint.lnk - c:\program files\logitech\SetPoint\SetPoint.exe [2007-10-03 805392]
PsiWin 2.3 Connection Server.lnk - c:\program files\psion\PsiWin\Psconsv.exe [2007-10-02 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL c:\progra~1\KASPER~1\KASPER~2.0\r3hook.dll c:\progra~1\KASPER~1\KASPER~2.0\adialhk.dll c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2D1DD067-0E77-4A34-B401-8534AA087FA6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{46B84149-DC48-4994-98F0-405A08E2B261}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{601404E0-00EE-4CB3-9E42-62301633CA36}"= UDP:0:LocalSubnet:LocalSubnet:Magix UPnP Media Server
"{198C87DE-E570-47A3-9071-ABE4F8FB2D8C}"= UDP:2869:LocalSubnet:LocalSubnet:Microsoft UPnP-Port (TCP)
"{EF91787A-CDAE-49CB-8F3E-0720F87D645F}"= TCP:1900:LocalSubnet:LocalSubnet:Microsoft UPnP-Port (UDP)
"{C8BDC97C-1EA5-42F6-AB2D-D0D0E2624B87}"= UDP:c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:Magix UPnP Service
"{A6D1E1B9-A755-46BF-90A5-D5CFFC2D16C4}"= TCP:c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:Magix UPnP Service
"TCP Query User{0E110106-4EA2-4604-8659-477A10706CA4}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{06766B3D-8513-4914-97AC-BC019924D70A}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{1F1CC5AD-8264-4195-A090-A05B7E2C52EF}c:\\program files\\limewire plus\\limewire.exe"= UDP:c:\program files\limewire plus\limewire.exe:LimeWire
"UDP Query User{070CAAFC-2E22-4CA5-8C58-A88FD9F528FE}c:\\program files\\limewire plus\\limewire.exe"= TCP:c:\program files\limewire plus\limewire.exe:LimeWire
"TCP Query User{CCC3A606-4ABC-4F41-9234-1B0CE1EAB373}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1E98AC96-146B-48CD-A162-6F0209F9C757}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{BD9AAEF3-DAB1-4999-A2F8-4E88BFD66EA6}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{525E293E-BFDE-4D3F-9FA7-D7ECB14DD361}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{F8E89BCA-29C3-42A3-9E0E-644502FFDF8F}"= UDP:c:\program files\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{5B2647A7-097D-4AAA-B879-C4C1955791C0}"= TCP:c:\program files\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{97B4D3E3-D509-4C92-9ADD-B0CF3035F0CC}"= UDP:c:\program files\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{042B7BE6-509A-4E30-82B3-5FDB9A8E61E4}"= TCP:c:\program files\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BEC44A2D-E91C-457D-BCE9-A5C98DE804D9}"= UDP:c:\program files\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{C4FE3B52-F62C-4231-ADA0-D374B16E0BE7}"= TCP:c:\program files\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
R0 AFS;AFS;c:\windows\System32\drivers\AFS.SYS [2008-01-03 77004]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2007-01-25 20760]
R2 ACEDRV08;ACEDRV08;c:\windows\System32\drivers\ACEDRV08.sys [2007-08-05 108768]
R2 IrDA2k;IrDA2k Protocol;c:\windows\System32\drivers\irda2k.sys [2004-12-12 246272]
R2 LBeepKE;LBeepKE;c:\windows\System32\drivers\LBeepKE.sys [2007-10-03 3712]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [2007-08-15 46112]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-04-03 356920]
R3 IrCOMM2k;Virtual IR COM Port;c:\windows\System32\drivers\ircomm2k.sys [2004-12-12 30336]
R3 IrDAFw2k;IrDA Forward Adapter;c:\windows\System32\drivers\irdafw2k.sys [2004-12-12 8576]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\Common\Database\bin\fbserver.exe [2007-08-05 1527900]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2007-09-04 544768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb
.
Inhoud van de 'Gedeelde Taken' map
2009-03-08 c:\windows\Tasks\User_Feed_Synchronization-{4014A864-5042-4E14-B192-BE96F690DD28}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
.
——- Bijkomende Scan ——-
.
mSearch Bar =
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Frits\AppData\Roaming\Mozilla\Firefox\Profiles\xrpa9o4w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.motor-forum.nl/forum/topiclist.php/1
FF - prefs.js: keyword.URL - hxxp://search.copernic.com/query17/?c=web&l=DUT&e=&q=
1 bestand(en) zijn verplaatst.
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742
pCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin
pjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin
pjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin
pjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin
pjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin
pjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin
pjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin
poji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins
p-mswmp.dll
FF - plugin: c:\program files\Picasa2
pPicasa2.dll
FF - plugin: c:\users\Frits\AppData\Roaming\Mozilla\Firefox\Profiles\xrpa9o4w.default\extensions\LogMeInClient@logmein.com\plugins
pRACtrl.dll
FF - plugin: c:\users\Frits\AppData\Roaming\Mozilla\plugins
pPxPlay.dll
FF - plugin: c:\users\Hermance\AppData\Roaming\Zylom\ZylomGamesPlayer
pzylomgamesplayer.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 20:02:49
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'lsass.exe'(1116)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'Explorer.exe'(4348)
c:\program files\logitech\SetPoint\lgscroll.dll
c:\progra~1\psion\PsiWin\pw32expl.dll
c:\progra~1\psion\PsiWin\icons.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\System32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\psion\PsiWin\Elogerr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\System32\wermgr.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
.
**************************************************************************
.
Voltooingstijd: 2009-03-08 20:15:36 - machine werd herstart
ComboFix-quarantined-files.txt 2009-03-08 19:15:11
Pre-Run: 21.004.353.536 bytes beschikbaar
Post-Run: 39,289,794,560 bytes beschikbaar
Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,5
248 — E O F — 2009-03-07 18:25:19
Othuroyo, Ik ben reuze benieuwd of je hier nog iets uit weet te vissen…. - Niemand meer een suggestie?
Ik blijf doorgaan met scannen met allerlei tooltjes en updates van drivers en Windows, maar het probleem blijft bestaan en ik vind tot nu toe geen oorzaak.
Als ik in de veilige modus opstart is het beestje weer gewoon snel maar kan ik niet alles starten….. - Het logje ziet er schoon uit.
Download ATF cleaner (mirror)(gemaakt door Atribune)
Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.
Dubbelklik op
ATF cleaner om het programma te starten.
Op het tabblad Main, plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.
Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad Firefox, plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
(dit haalt het vinkje weer weg bij Firefox saved passwords)
Klik op de knop Empty Selected.
Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad Opera, plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
Klik op de knop Empty Selected.
Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:9e6e4581c3]ComboFix /U[/b:9e6e4581c3] typen en op enter drukken!!)
- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".
- Start de pc opnieuw op
- Er is nu een nieuw schoon herstel punt aangemaakt
Dat met die hangende processen kan ik niet verklaren maar het kan heel veel oorzaken hebben. - Othuroyo,
Wat is hiervan dan het doel? Alleen het maken van een schoon herstelpunt?
Een collega van me is eens tegen dergelijke problemen aangelopen. Hij heeft toen Memtest gedraaid vanaf CD en het bleek dat zijn RAM niet goed was, maar dat kon WIndows in de normale modus blijkbaar niet goed aangeven.
Hij neemt de CD voor me mee, die zal ik ook eens uitgebreid laten lopen.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.