Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Wie kan mij helpen ? Ik heb hieronder een logfile neergezet. Alvast bedankt voor uw aandacht.

Logfile of random's system information tool 1.10 (written by random/random)

Run by Have0 at 2014-06-19 17:31:07

Microsoft Windows 7 Home Premium

System drive C: has 29 GB (38%) free of 76 GB

Total RAM: 4095 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:31:37, on 19-6-2014

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.17267)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe

C:\Program Files\trend micro\Have0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O18 - Protocol: linkscanner - (no CLSID) - (no file)

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8194 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

c:\PROGRA~2\AVG\AVG2014\avgrsa.exe /boot

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=6e53aa65-cead-4e0e-bd56-3164dd470f14 /coreSdkOptions=4382 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\1044322e-51ea-4140-94c6-0170ee1a7e1b-144-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\" /logPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\log\"

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE 0x24c

C:\Windows\system32\svchost.exe -k LocalService

atieclxx

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"

"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"

"C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"

"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"

Atouch64.exe

"taskhost.exe"

ATKOSD.exe

taskeng.exe {0C383E0E-9457-4EDC-BD94-FAABACC36F3D}

"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"

"C:\Program Files\P4G\BatteryLife.exe"

"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"

"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"

"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"

"C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE"

"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

KBFiltr.exe

"C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe"

WDC.exe

"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding

C:\Windows\Explorer.EXE

"C:\Windows\system32\Dwm.exe"

C:\Windows\servicing\TrustedInstaller.exe

"C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe"

"C:\Program Files\Elantech\ETDCtrl.exe"

"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"

"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"

"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"

"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"

"C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

ctfmon.exe

"C:\Windows\system32\wuauclt.exe"

C:\Windows\system32\svchost.exe -k SDRSVC

"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3528.8db4ab0.198941629 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3528 "\\.\pipe\gecko-crash-server-pipe.3528" plugin

"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe" --proxy-stub-channel=Flash5020.6D14A378.26565 --host-broker-channel=Flash5020.6D14A378.929 --host-pid=5020 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll"

"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe" --channel=3428.0045F7C4.904411708 --proxy-stub-channel=Flash5020.6D14A378.26565 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll" --host-npapi-version=27 --type=renderer

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\sppsvc.exe

"C:\Users\Have0\Downloads\RSITx64(1).exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Have0\AppData\Roaming\Mozilla\Firefox\Profiles\7uw19joy.default

prefs.js - "browser.search.useDBForOrder" - "false"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 14.0.0.125 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]

"Description"=Office Live Update v1.3

"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 14.0.0.125 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]

"Description"=

"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\components\

nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\

np-mswmp.dll

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

QuickTimePlugin.class

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Users\Have0\AppData\Roaming\Mozilla\Firefox\Profiles\7uw19joy.default\searchplugins\

google-.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]

Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08 68960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Aanmelden - Help - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"EeeStorageBackup"=C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe [2009-08-25 947472]

"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-07-30 617856]

"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-04-09 320000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdAwareTray]

C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]

C:\Windows\AsScrPro.exe [2009-12-19 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2008-07-19 104936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2010-10-12 979328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-09-11 2244608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files (x86)\QuickTime\QTTask.exe [2014-01-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

C:\Users\Have0\AppData\Roaming\uTorrent\uTorrent.exe [2014-05-15 1268560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]

C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NewShortcut1.lnk]

C:\PROGRA~2\USB_VI~1\Utility\REMOTE~1\BDAREM~1.EXE [2005-08-19 77908]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-04 218408]

"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]

"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]

"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-20 170624]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-30 98304]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]

"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-05-13 5181456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=16

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"vidc.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-06-19 17:31:07 ----DC---- C:\rsit

2014-06-18 22:35:05 ----DC---- C:\Windows\system32\SPReview

2014-06-18 17:32:44 ----DC---- C:\Program Files (x86)\Mozilla Firefox

2014-06-14 15:10:03 ----AC---- C:\AVScanner.ini

2014-06-14 14:51:56 ----DC---- C:\ProgramData\McAfee

2014-06-07 18:00:23 ----DC---- C:\Users\Have0\AppData\Roaming\.minecraft

2014-05-22 19:24:52 ----DC---- C:\Program Files (x86)\Microsoft Synchronization Services

2014-05-22 19:23:42 ----DC---- C:\Windows\PCHEALTH

2014-05-22 19:18:50 ----DC---- C:\Program Files (x86)\Microsoft Visual Studio 8

2014-05-22 19:17:23 ----DC---- C:\Program Files\Microsoft Office

2014-05-22 19:17:00 ----DC---- C:\Program Files (x86)\Microsoft Analysis Services

======List of files/folders modified in the last 1 month======

2014-06-19 17:31:26 ----DC---- C:\Program Files\trend micro

2014-06-19 17:30:08 ----DC---- C:\Windows\Temp

2014-06-19 17:20:12 ----DC---- C:\Windows\system32\Tasks

2014-06-19 17:13:04 ----DC---- C:\ProgramData\MFAData

2014-06-19 17:06:58 ----DC---- C:\Windows\system32\config

2014-06-19 17:06:04 ----DC---- C:\Program Files (x86)\Mozilla Maintenance Service

2014-06-18 22:35:05 ----DC---- C:\Windows\System32

2014-06-18 22:34:59 ----SHD---- C:\System Volume Information

2014-06-18 21:56:27 ----RDC---- C:\Program Files (x86)

2014-06-18 15:53:20 ----DC---- C:\Config.Msi

2014-06-17 20:29:33 ----DC---- C:\Windows\system32\FxsTmp

2014-06-17 20:20:48 ----SDC---- C:\Users\Have0\AppData\Roaming\Microsoft

2014-06-17 19:29:36 ----DC---- C:\Windows

2014-06-17 15:38:53 ----SHDC---- C:\Windows\Installer

2014-06-16 17:23:03 ----DC---- C:\Users\Have0\AppData\Roaming\uTorrent

2014-06-16 17:22:44 ----DC---- C:\Windows\inf

2014-06-16 16:10:35 ----RDC---- C:\Program Files

2014-06-16 16:09:57 ----DC---- C:\Windows\system32\drivers

2014-06-14 15:10:04 ----DC---- C:\ProgramData

2014-06-14 15:03:34 ----DC---- C:\Windows\debug

2014-06-14 15:03:06 ----DC---- C:\Program Files (x86)\CCleaner

2014-06-14 15:01:39 ----DC---- C:\Windows\Prefetch

2014-06-14 14:51:46 ----AC---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2014-06-14 14:19:50 ----DC---- C:\AdwCleaner

2014-06-14 09:35:02 ----AC---- C:\Windows\system32\acovcnt.exe

2014-06-11 22:22:10 ----DC---- C:\Windows\system32\MRT

2014-06-11 22:21:58 ----AC---- C:\Windows\system32\MRT.exe

2014-06-11 22:21:05 ----DC---- C:\ProgramData\Microsoft Help

2014-06-10 18:07:45 ----DC---- C:\Windows\system32\catroot2

2014-06-06 09:17:42 ----DC---- C:\Users\Have0\AppData\Roaming\vlc

2014-06-05 22:12:16 ----DC---- C:\Users\Have0\AppData\Roaming\Epson

2014-05-31 11:07:07 ----AC---- C:\Windows\system32\PerfStringBackup.INI

2014-05-24 09:42:42 ----DC---- C:\Program Files (x86)\Common Files

2014-05-24 09:34:48 ----AC---- C:\Windows\win.ini

2014-05-24 09:11:40 ----DC---- C:\Windows\Microsoft.NET

2014-05-24 08:43:54 ----RSDC---- C:\Windows\assembly

2014-05-22 19:33:18 ----D---- C:\Windows\winsxs

2014-05-22 19:27:04 ----DC---- C:\Windows\SysWOW64

2014-05-22 19:26:52 ----RSDC---- C:\Windows\Fonts

2014-05-22 19:26:40 ----DC---- C:\Windows\ShellNew

2014-05-22 19:26:05 ----DC---- C:\Program Files (x86)\MSBuild

2014-05-22 19:23:46 ----DC---- C:\Program Files (x86)\Microsoft Office

2014-05-22 19:23:42 ----SDC---- C:\ProgramData\Microsoft

2014-05-22 19:23:41 ----DC---- C:\Program Files (x86)\Microsoft.NET

2014-05-22 19:23:41 ----DC---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2014-05-22 19:20:20 ----DC---- C:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-05-13 191768]

R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-05-13 323352]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-05-13 130328]

R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-05-13 31512]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]

R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-05-13 152344]

R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-05-13 236312]

R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-05-13 235800]

R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-05-13 273176]

R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]

R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]

R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-07-23 119312]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-30 6038016]

R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-07-09 140800]

R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]

R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-09 55296]

R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]

R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2012-12-28 82816]

R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]

R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]

S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]

S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]

S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2013-01-23 552448]

S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 61792]

S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

S3 USB28xxBGA;DVBT Hybrid TV Device; C:\Windows\system32\DRIVERS\emBDA64.sys [2007-08-31 581120]

S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM64.sys [2007-08-31 54400]

S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

S3 WSDScan;Ondersteuning voor WSD-scan via UMB; C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-29 203264]

R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]

R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-05-13 3644432]

R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-05-13 292424]

R2 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-14 262320]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-04-22 984392]

S3 fsssvc;Windows Live Family Safety; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-18 119408]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1255736]

S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

  • Reacties 34
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatst:

Hallo Have0,

Ik zal je malware logjes verder bekijken. We gaan met enkele tools even kijken als er geen malware op je systeem aanwezig is.

Dit logje ziet er in elk geval al goed uit, niks bijzonder op aan te merken.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download 51a612a8b27e2-Zoek.pngZoek.exe naar het bureaublad (niet de .zip- of .rar-versie).


  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

C:\PROGRA~2\USB_VI~1\Utility\REMOTE~1\BDAREM~1.EXE;i
C:\Windows\PCHEALTH;vs
chromelook; 
firefoxlook; 
emptyfolderscheck;delete 
emptyclsid; 
startupall; 
filesrcm;
skipfix-iedefaults;


  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Geplaatst:

Laptop reageert ook traag, ook traag met opstarten en afsluiten. Of moet ik hiervoor een aparte item maken ?

Hieronder logfile.

Zoek.exe v5.0.0.0 Updated 16-June-2014

Tool run by Have0 on do 19-06-2014 at 21:33:59,84.

Microsoft Windows 7 Home Premium 6.1.7600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Have0\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

19-6-2014 21:36:53 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== File Information Results ======================

==== Folders Found In C:\Windows\PCHEALTH ======================

2014-05-22 17:23:42 dc----w- C:\Windows\PCHEALTH\ERRORREP

2014-05-22 17:23:42 dc----w- C:\Windows\PCHEALTH\ERRORREP\QHEADLES

2014-05-22 17:23:42 dc----w- C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Have0\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

====== C:\Windows\Tasks ======

2014-06-19 17:18:41 88654413033C98D8838583C89725375C 3486 -c--a-w- C:\Windows\Sysnative\Tasks\AutoKMS

2014-06-18 19:54:12 FF97F051802480C7A23F5AE26C711962 3170 -c--a-w- C:\Windows\Sysnative\Tasks\P4GIntlCtrl

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-05-22 17:17:23 -------- dc----w- C:\Program Files\Microsoft Office

======= C:\PROGRA~2 =====

2014-05-24 07:42:42 -------- dc----w- C:\PROGRA~2\COMMON~1\DESIGNER

2014-05-22 17:24:52 -------- dc----w- C:\PROGRA~2\Microsoft Synchronization Services

2014-05-22 17:18:50 -------- dc----w- C:\PROGRA~2\Microsoft Visual Studio 8

2014-05-22 17:17:00 -------- dc----w- C:\PROGRA~2\Microsoft Analysis Services

======= C: =====

2014-06-14 13:10:03 A6799D0F42122C0D1E28655C10DB2707 30 -c--a-w- C:\AVScanner.ini

====== C:\Users\Have0\AppData\Roaming ======

2014-06-17 14:21:32 -------- dc----w- C:\Users\Have0\AppData\Local\Adobe

2014-06-07 16:00:56 -------- dc----w- C:\Users\Have0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft

2014-06-07 16:00:23 -------- dc----w- C:\Users\Have0\AppData\Roaming\.minecraft

2014-06-07 15:47:35 -------- dc----w- C:\Users\Have0\AppData\Locallow\Unity

2014-06-07 15:47:35 -------- dc----w- C:\Users\Have0\AppData\Local\Unity

====== C:\Users\Have0 ======

2014-06-19 15:30:22 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 -c--a-w- C:\Users\Have0\Downloads\RSITx64(1).exe

2014-06-19 15:29:41 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 -c--a-w- C:\Users\Have0\Downloads\RSITx64.exe

2014-06-14 13:02:29 A61A24E28CE5E961941D61C1D342AC39 4748896 -c--a-w- C:\Users\Have0\Downloads\ccsetup414.exe

2014-06-14 12:17:22 42F24559E8C472F6FF745BB7C5465FB2 1333465 -c--a-w- C:\Users\Have0\Desktop\adwcleaner_3.212(1).exe

2014-06-07 15:47:19 D35B2DF8D65BA715D159D679FF7B22F0 1080944 -c--a-w- C:\Users\Have0\Downloads\UnityWebPlayer.exe

2014-06-06 14:45:01 42F24559E8C472F6FF745BB7C5465FB2 1333465 -c--a-w- C:\Users\Have0\Downloads\adwcleaner_3.212.exe

2014-05-22 17:27:44 -------- dc----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

====== C: exe-files ==

2014-06-19 15:30:22 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 -c--a-w- C:\Documents and Settings\Have0\Downloads\RSITx64(1).exe

2014-06-19 15:29:41 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 -c--a-w- C:\Documents and Settings\Have0\Downloads\RSITx64.exe

2014-06-14 13:02:29 A61A24E28CE5E961941D61C1D342AC39 4748896 -c--a-w- C:\Documents and Settings\Have0\Downloads\ccsetup414.exe

2014-06-14 12:17:22 42F24559E8C472F6FF745BB7C5465FB2 1333465 -c--a-w- C:\Documents and Settings\Have0\Desktop\adwcleaner_3.212(1).exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5"

"UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0"

"HControlUser"="C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"

"ATKOSD2"="C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"

"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"

"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EeeStorageBackup"="C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe"

"ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe"

"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdAwareTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdAwareTray"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.1.5354.0\\AdAwareTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]

"command"="C:\\Windows\\AsScrPro.exe"

"hkey"="HKLM"

"item"="ASUS Screen Saver Protector"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BCSSync"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer]

"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\""

"hkey"="HKLM"

"item"="CLMLServer"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EEventManager"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HDAudDeck]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HDAudDeck"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\VIA\\VIAudioi\\VDeck\\VDeck.exe -r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QuickTime Task"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="uTorrent"

"hkey"="HKCU"

"command"="\"C:\\Users\\Have0\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xvid]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Xvid"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Xvid\\CheckUpdate.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NewShortcut1.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\NewShortcut1.lnk"

"backup"="C:\\Windows\\pss\\NewShortcut1.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~2\\USB_VI~1\\Utility\\REMOTE~1\\BDAREM~1.EXE "

"item"="NewShortcut1"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a--c--- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-06-2014 14:51]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe]

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate 2" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe]

"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe]

"C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe]

"C:\Windows\SysNative\tasks\ASUSControlDeck" [C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe]

"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files (x86)\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\P4GIntlCtrl" [C:\Program Files\P4G\IntlCtrl.exe]

"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\WC3" [C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe]

"C:\Windows\SysNative\tasks\{A43D4B78-0311-4C53-983B-3317133FAC60}" [C:\Program Files (x86)\LG Software Innovations\1Click DVD Copy Pro\1ClickDvdCopyPro.exe]

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"avg@igeared"="C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared" [20-09-2011 22:42]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Have0\AppData\Roaming\Mozilla\Firefox\Profiles\7uw19joy.default

- Fortunitas - %ProfilePath%\extensions\{b8a90375-3b37-4954-86de-f96c458c4ce2}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Have0\AppData\Roaming\Mozilla\Firefox\Profiles\7uw19joy.default

738C29EAC995029E13333034C1402F56 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash

5B0F6A8F086D3220272919A3023EF180 - C:\Users\Have0\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

2C82D753EF779945977C82A3908DA20A - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.90.5

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

{page b.html}content_scripts:[{all_frames:falsejs:[c.js]matches:[http://*/*https://*/*]run_at:document_end}]description:icons:{16:icon16.png48:icon48.png128:icon128.png}manifest_version:2name:Re-markitpermissions:[cookiesstorageunlimitedStoragehttp://*/*https://*/*tabswebRequestwebRequestBlocking]version:1.161.0.0author:} - Have0\AppData\Local\Google\Chrome\User Data\default\Extensions\lphmhoddjhmehbbpmkhhmepfhpmjigfk

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=257 folders=54 11295515 bytes)

==== EOF on do 19-06-2014 at 21:46:45,33 ======================

Geplaatst: (aangepast)

Goeienavond,

Laptop reageert ook traag, ook traag met opstarten en afsluiten. Of moet ik hiervoor een aparte item maken ?

Neen hoor, dat bekijken we hier ook wel. :-)

Ik merk tevens op dat je AVG 2014 gebruikt als actieve antivirus. Echter zijn er ook nog restanten te zien van Ad-Aware. Het lijkt me best dat je één van beide verwijderd om interferentie tussen beide te voorkomen. Het lijkt er op dat je Ad-Aware al hebt uitgeschakeld om mee op te starten maar denk dat je het beter volledig kan verwijderen.

In dit logje is wel wat rommel te zien...

  1. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
    Start 51a612a8b27e2-Zoek.pngZoek.exe nogmaals met het onderstaande script.

    • Dubbelklik op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
       
      autoclean;
      Fortunitas;firefoxlook;
      {b8a90375-3b37-4954-86de-f96c458c4ce2}.xpi;ff
      {b8a90375-3b37-4954-86de-f96c458c4ce2};c
      torpigcheck; 
      


    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

[*]Download 51a46ae42d560-malwarebytes_anti_malware.pngMalwareBytes Anti-Malware bij voorkeur naar het bureaublad.


  • Dubbelklik op mbam-setup-2.0.exe om de installatie van Malwarebytes Anti-Malware te starten.
  • Volg de verdere aanwijzingen, de volledige installatieprocedure kunt u nalezen op de volgende link - Malwarebytes Anti-Malware installeren.


  • Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
  • Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
  • De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.
  • Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.

    • Klik vervolgens op de knop Acties toepassen, bij de melding dat uw computer opnieuw opgestart moet worden klikt u op Nee.
    • Klik vervolgens op de knop Bekijk gedetailleerd logboek en klik op de knop exporteer en kies de optie tekstbestand (*.txt).
    • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog en klik vervolgens op de knop Opslaan.
    • Dit bestand zal standaard op uw bureaublad worden opgeslagen.

532aab157609a-MBAM-Scan.png

MalwareBytes' Anti-Malware logbestand plaatsen


  • Voeg het logbestand wat u zojuist heeft opgeslagen als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in Malwarebytes Anti-Malware bij Historie > Programmalogboeken)
  • Plaats de inhoud van dit logbestand in het volgende bericht.

aangepast door Mako
Nummering
Geplaatst:

Hieronder vind u de 2 logfiles.

Zoek.exe v5.0.0.0 Updated 16-June-2014

Tool run by Have0 on vr 20-06-2014 at 16:25:14,65.

Microsoft Windows 7 Home Premium 6.1.7600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Have0\Desktop\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-19-194645.log 13094 bytes

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Have0\AppData\Roaming\Mozilla\Firefox\Profiles\7uw19joy.default

user.js not found

---- Lines {b8a90375-3b37-4954-86de-f96c458c4ce2}.xpi modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@igeared\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\AVG\

---- FireFox user.js and prefs.js backups ----

prefs_20-06-2014_1655_.backup

prefs_23-10-2013_1719_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Avg_Update_0414b deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Have0\Downloads\avg_free_stb_all_2014_4577_cnet.exe deleted

"C:\Users\Have0\AppData\Roaming\Mozilla\Firefox\Profiles\7uw19joy.default\extensions\{b8a90375-3b37-4954-86de-f96c458c4ce2}.xpi" deleted

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2014-05-16 12:34:02 -------- dc----w- C:\PROGRA~3\Apple Computer

2014-06-14 12:51:56 -------- dc----w- C:\PROGRA~3\McAfee

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"avg@igeared"="C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared" [20-09-2011 22:42]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Have0\AppData\Roaming\Mozilla\Firefox\Profiles\7uw19joy.default

738C29EAC995029E13333034C1402F56 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash

5B0F6A8F086D3220272919A3023EF180 - C:\Users\Have0\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

2C82D753EF779945977C82A3908DA20A - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.90.5

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

{page b.html}content_scripts:[{all_frames:falsejs:[c.js]matches:[http://*/*https://*/*]run_at:document_end}]description:icons:{16:icon16.png48:icon48.png128:icon128.png}manifest_version:2name:Re-markitpermissions:[cookiesstorageunlimitedStoragehttp://*/*https://*/*tabswebRequestwebRequestBlocking]version:1.161.0.0author:} - Have0\AppData\Local\Google\Chrome\User Data\default\Extensions\lphmhoddjhmehbbpmkhhmepfhpmjigfk

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdAwareTray deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Have0\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Have0\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Have0\AppData\Local\Mozilla\Firefox\Profiles\7uw19joy.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=265 folders=58 22646297 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\Have0\AppData\Local\Temp will be emptied at reboot

C:\Users\Public\AppData\Local\temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Have0\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Have0\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on vr 20-06-2014 at 17:18:08,18 ======================

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes | Free Anti-Malware & Internet Security Software

Databaseversie: v2014.06.20.07

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Have0 :: HAVE0-PC [administrator]

20-6-2014 17:20:32

mbam-log-2014-06-20 (17-20-32).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 259120

Verstreken tijd: 19 minuut/minuten, 51 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Geplaatst:

Hoi,

Ok prima dat begint er al beter uit te zien. Doe nog even onderstaande ter controle aub:

Download adwcleaner.pngAdwCleaner by Xplode naar het bureaublad.


  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner om hem te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik op Scan.
  • Klik vervolgens op Clean.
  • Klik bij Herstarten Noodzakelijk op OK

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[s0].txt.

Logbestand plaatsen


  • Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[s0].txt als bijlage toe aan het volgende bericht.
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Geplaatst:

Beste Mako,

als alles is opgelost moet ik dan Adw-cleaner verwijderen, gaat het anders mis met AVG ? De fouten die u heb gezien zijn dat dan virussen ? Wat kan ik nog meer doen om mijn laptop snel te houden ? Hieronder de logfile.

# AdwCleaner v3.212 - Rapport aangemaakt 20/06/2014 op 21:37:05

# Laatste Update 05/06/2014 door Xplode

# Besturingssysteem : Windows 7 Home Premium (64 bits)

# Gebruikersnaam : Have0 - HAVE0-PC

# Gestart vanuit : C:\Users\Have0\Desktop\adwcleaner_3.212(1).exe

# Optie : Verwijderen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267

-\\ Mozilla Firefox v30.0 (en-GB)

[ Bestand : C:\Users\Have0\AppData\Roaming\Mozilla\Firefox\Profiles\7uw19joy.default\prefs.js ]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [1061 octets] - [03/05/2014 15:01:00]

AdwCleaner[R1].txt - [6054 octets] - [15/05/2014 17:26:49]

AdwCleaner[R2].txt - [1571 octets] - [20/05/2014 21:25:43]

AdwCleaner[R3].txt - [1518 octets] - [31/05/2014 10:56:00]

AdwCleaner[R4].txt - [1423 octets] - [01/06/2014 17:12:55]

AdwCleaner[R5].txt - [1543 octets] - [04/06/2014 17:44:29]

AdwCleaner[R6].txt - [1611 octets] - [06/06/2014 16:45:28]

AdwCleaner[R7].txt - [1732 octets] - [14/06/2014 14:18:39]

AdwCleaner[R8].txt - [1850 octets] - [19/06/2014 18:31:29]

AdwCleaner[R9].txt - [1997 octets] - [20/06/2014 21:22:59]

AdwCleaner[s0].txt - [1132 octets] - [03/05/2014 15:27:22]

AdwCleaner[s1].txt - [6228 octets] - [15/05/2014 17:30:38]

AdwCleaner[s2].txt - [1649 octets] - [20/05/2014 21:30:19]

AdwCleaner[s3].txt - [1524 octets] - [31/05/2014 10:57:56]

AdwCleaner[s4].txt - [1425 octets] - [01/06/2014 17:45:17]

AdwCleaner[s5].txt - [1545 octets] - [04/06/2014 18:12:47]

AdwCleaner[s6].txt - [1677 octets] - [06/06/2014 16:46:55]

AdwCleaner[s7].txt - [1798 octets] - [14/06/2014 14:19:48]

AdwCleaner[s8].txt - [1916 octets] - [19/06/2014 18:33:01]

AdwCleaner[s9].txt - [1923 octets] - [20/06/2014 21:37:05]

########## EOF - C:\AdwCleaner\AdwCleaner[s9].txt - [1983 octets] ##########

Geplaatst:

Goedenavond,

Beste Mako,

als alles is opgelost moet ik dan Adw-cleaner verwijderen, gaat het anders mis met AVG ? De fouten die u heb gezien zijn dat dan virussen ? Wat kan ik nog meer doen om mijn laptop snel te houden ?

Neen hoor, AdwCleaner is (in tegenstelling tot Ad-Aware) geen realtime beveiligingssoftware. Die kan dus onmogelijk interfereren met jouw AVG. :top:

Op het einde van de behandeling zullen we alle gebruikte tools wel opnieuw verwijderen zodat je niet met onnodige tools en logbestanden op je computer achterblijft.

Hoe gaat het momenteel met de computer? Is die nog steeds zo traag als voordien?

Geplaatst:

Hij sloeg daarnet wel weer vast. Zowel outlook en internet. Nu gaat het wel weer beterder maar raar dat hij daarnet vast sloeg. Kan ik wel AVG en Malware bytes anti malware gebruiken tegelijkertijd ?

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.