Ga naar inhoud

Processor verbruik schommelt erg


Aanbevolen berichten

Hallo,

Af en toe loopt mijn laptop heel erg te hallen, vooral lastig als je muziek aan het luisteren bent of een film kijkt. Ik heb gekeken in taakbeheer bij het tabblad processen, daar zag ik weinig opvallends. Het processorgebruik in het tabblad prestaties is dan vaak veel hoger dan de som van het processorgebruik van de processen. Ik voeg hierbij een logje toe:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:59:55, on 11-1-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Last.fm\LastFM.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {65ca59ee-9920-4d7f-8c41-bfa12403261a} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - (no file)

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [b2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKCU\..\Run: [Google Update] "C:\Users\Michiel.MichielsPC\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: What's my computer doing.lnk = C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe

O8 - Extra context menu item: &D&ownload &met BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload alles met BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.line6.net

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - BitComet - A free C++ BitTorrent/HTTP/FTP Download Client - C:\Program Files\BitComet\tools\BitCometService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--

End of file - 12730 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {65ca59ee-9920-4d7f-8c41-bfa12403261a} - (no file)

O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A2034884} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:01:05, on 11-1-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Last.fm\LastFM.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Users\Michiel.MichielsPC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [b2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKCU\..\Run: [Google Update] "C:\Users\Michiel.MichielsPC\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: What's my computer doing.lnk = C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe

O8 - Extra context menu item: &D&ownload &met BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload alles met BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.line6.net

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - BitComet - A free C++ BitTorrent/HTTP/FTP Download Client - C:\Program Files\BitComet\tools\BitCometService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--

End of file - 12961 bytes

Link naar reactie
Delen op andere sites

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 13-01-11.02 - Michiel 11-01-2013 23:49:59.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3070.1960 [GMT 1:00]

Gestart vanuit: c:\users\Michiel.MichielsPC\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Common Files\mic-50.ico

c:\program files\Common Files\Uninstall.ico

c:\program files\Extension Changer\extmain.exe

c:\program files\SecureW2

c:\program files\SecureW2\Uninstall.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2

c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\_ctypes.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\_elementtree.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\_hashlib.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\_socket.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\_ssl.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\pyexpat.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\pysqlite2._sqlite.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\python26.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\pythoncom26.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\PyWinTypes26.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\select.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\unicodedata.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\win32api.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\win32com.shell.shell.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\win32crypt.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\win32event.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\win32file.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\win32inet.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\win32pdh.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\win32process.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\win32profile.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\win32security.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\win32ts.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\windows._cacheinvalidation.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\wx._controls_.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\wx._core_.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\wx._gdi_.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\wx._html2.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\wx._misc_.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\wx._windows_.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\wx._wizard.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\wxbase293u_net_vc.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\wxbase293u_vc.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\wxmsw293u_adv_vc.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\wxmsw293u_core_vc.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\wxmsw293u_html_vc.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI31322\wxmsw293u_webview_vc.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\_ctypes.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\_elementtree.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\_hashlib.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\_socket.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\_ssl.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\pyexpat.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\pysqlite2._sqlite.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\python26.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\pythoncom26.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\PyWinTypes26.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\select.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\unicodedata.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\win32api.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\win32com.shell.shell.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\win32crypt.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\win32event.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\win32file.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\win32inet.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\win32pdh.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\win32process.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\win32profile.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\win32security.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\win32ts.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\windows._cacheinvalidation.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\wx._controls_.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\wx._core_.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\wx._gdi_.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\wx._html2.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\wx._misc_.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\wx._windows_.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\wx._wizard.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\wxbase293u_net_vc.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\wxbase293u_vc.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\wxmsw293u_adv_vc.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\wxmsw293u_core_vc.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\wxmsw293u_html_vc.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI31322\wxmsw293u_webview_vc.dll

c:\users\Michiel.MichielsPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2

c:\users\Michiel.MichielsPC\Documents\~WRL2420.tmp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-12-11 to 2013-01-11 ))))))))))))))))))))))))))))))

.

.

2013-01-11 22:45 . 2013-01-11 22:45 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D09F0EE1-3BB8-4C5B-B98D-D3AC70880AC6}\MpKsl9b107f5a.sys

2013-01-11 15:54 . 2013-01-11 15:54 388096 ----a-r- c:\users\Michiel.MichielsPC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-01-11 15:54 . 2013-01-11 15:54 -------- d-----w- c:\program files\Trend Micro

2013-01-11 14:58 . 2013-01-11 14:58 -------- d-----w- c:\program files\What's my computer doing

2013-01-11 08:21 . 2013-01-11 08:21 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2013-01-11 07:44 . 2013-01-11 07:44 -------- d-----w- c:\users\Gast\AppData\Roaming\AVG2013

2013-01-11 07:44 . 2013-01-11 07:44 -------- d-----w- c:\users\Gast\AppData\Local\Avg2013

2013-01-11 02:44 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D09F0EE1-3BB8-4C5B-B98D-D3AC70880AC6}\mpengine.dll

2013-01-09 23:54 . 2013-01-09 23:56 -------- d-----w- c:\program files\EndItAll

2013-01-09 22:46 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-09 21:23 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs

2013-01-09 21:23 . 2012-12-07 10:46 46592 ----a-w- c:\windows\system32\fpb.rs

2013-01-09 21:23 . 2012-12-07 10:46 40960 ----a-w- c:\windows\system32\cob-au.rs

2013-01-09 21:23 . 2012-12-07 12:20 2576384 ----a-w- c:\windows\system32\gameux.dll

2013-01-09 21:23 . 2012-12-07 10:46 21504 ----a-w- c:\windows\system32\grb.rs

2013-01-09 21:23 . 2012-12-07 10:46 15360 ----a-w- c:\windows\system32\djctq.rs

2013-01-09 21:23 . 2012-12-07 10:46 55296 ----a-w- c:\windows\system32\cero.rs

2013-01-09 21:23 . 2012-12-07 10:46 51712 ----a-w- c:\windows\system32\esrb.rs

2013-01-09 21:23 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-05 15:32 . 2013-01-05 15:32 -------- d-----w- c:\program files\CleanMem

2013-01-05 15:32 . 2013-01-05 15:32 -------- d-----w- c:\windows\CleanMem

2012-12-27 16:04 . 2012-12-27 16:04 -------- d-----w- c:\users\Michiel.MichielsPC\AppData\Roaming\AVG2013

2012-12-27 16:02 . 2012-12-27 16:02 -------- d-----w- c:\users\Michiel.MichielsPC\AppData\Roaming\TuneUp Software

2012-12-27 16:01 . 2012-12-27 16:02 -------- d-----w- c:\programdata\AVG2013

2012-12-27 16:01 . 2012-12-27 16:01 -------- d-----w- C:\$AVG

2012-12-27 16:00 . 2012-12-27 16:00 -------- d-----w- c:\program files\AVG

2012-12-27 15:57 . 2013-01-11 16:58 -------- d-----w- c:\programdata\MFAData

2012-12-27 15:57 . 2012-12-27 17:35 -------- d-----w- c:\users\Michiel.MichielsPC\AppData\Local\Avg2013

2012-12-27 15:57 . 2012-12-27 15:57 -------- d-----w- c:\users\Michiel.MichielsPC\AppData\Local\MFAData

2012-12-24 10:54 . 2012-12-24 10:54 -------- d-----w- c:\users\Michiel.MichielsPC\AppData\Roaming\MathematicaPlayer

2012-12-24 10:54 . 2012-12-24 10:54 -------- d-----w- c:\users\Michiel.MichielsPC\AppData\Local\MathematicaPlayer

2012-12-24 10:51 . 2012-12-24 10:51 -------- d-----w- c:\program files\Common Files\Wolfram Research

2012-12-24 10:51 . 2012-12-24 10:51 -------- d-----w- c:\programdata\Mathematica

2012-12-24 10:51 . 2012-12-24 10:51 -------- d-----w- c:\program files\Common Files\ResearchSoft

2012-12-24 10:50 . 2011-10-03 17:45 334352 ----a-w- c:\windows\system32\mltcpip32.mlp

2012-12-24 10:50 . 2011-10-03 17:45 93712 ----a-w- c:\windows\system32\mltcp32.mlp

2012-12-24 10:50 . 2011-10-03 17:45 88080 ----a-w- c:\windows\system32\mlshm32.mlp

2012-12-24 10:50 . 2011-10-03 17:45 163344 ----a-w- c:\windows\system32\mlmodule32.dll

2012-12-24 10:50 . 2011-10-03 17:45 79376 ----a-w- c:\windows\system32\mlmap32.mlp

2012-12-24 10:50 . 2011-10-03 17:45 370704 ----a-w- c:\windows\system32\ml32i3.dll

2012-12-24 10:50 . 2011-10-03 17:45 260112 ----a-w- c:\windows\system32\ml32i2.dll

2012-12-24 10:50 . 2011-10-03 17:45 253968 ----a-w- c:\windows\system32\ml32i1.dll

2012-12-24 10:49 . 2012-12-24 10:49 -------- d-----w- c:\program files\Wolfram Research

2012-12-23 09:15 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-23 09:15 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-18 23:42 . 2012-12-18 23:42 -------- d-----w- c:\program files\iPod

2012-12-18 23:42 . 2012-12-18 23:42 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2012-12-13 02:31 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-09 22:38 . 2012-07-03 15:35 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-09 22:38 . 2011-05-20 09:34 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-14 15:49 . 2011-01-18 10:17 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-07 12:26 . 2013-01-09 21:23 308736 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 10:46 . 2013-01-09 21:23 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 10:46 . 2013-01-09 21:23 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 21:23 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 21:23 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 21:23 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 10:46 . 2013-01-09 21:23 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 21:23 20480 ----a-w- c:\windows\system32\pegi.rs

2012-11-30 04:53 . 2013-01-09 21:24 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-11-29 07:58 . 2012-11-29 07:59 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74AA75D1-135B-45CE-AC42-31729C4205FD}\gapaengine.dll

2012-11-23 02:56 . 2013-01-09 21:24 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-11-23 02:48 . 2013-01-09 21:23 49152 ----a-w- c:\windows\system32\taskhost.exe

2012-11-22 04:45 . 2013-01-09 21:24 626688 ----a-w- c:\windows\system32\usp10.dll

2012-11-15 22:33 . 2012-11-15 22:33 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2012-11-14 01:57 . 2012-12-16 02:06 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:48 . 2012-12-16 02:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

2012-11-09 04:43 . 2013-01-09 21:24 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-11-09 04:42 . 2012-12-13 02:31 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2012-10-16 07:39 . 2012-11-28 19:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 02:48 . 2012-10-15 02:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-10-20 21:48 . 2011-04-16 18:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-07-28 13:44 . 2010-07-28 13:44 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Michiel.MichielsPC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Michiel.MichielsPC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Michiel.MichielsPC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Michiel.MichielsPC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]

@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"

[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]

2010-07-07 17:57 153064 ----a-w- c:\windows\System32\pfmshx_463.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]

"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2009-08-26 494112]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-18 1157640]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-02 9808488]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]

"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-11 813584]

What's my computer doing.lnk - c:\program files\What's my computer doing\WhatsMyComputerDoing.exe [2013-1-11 274168]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2012-11-30 02:06 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]

2012-12-25 14:32 1199576 ----a-w- c:\users\Michiel.MichielsPC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

.

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]

R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]

R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]

R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]

R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]

R3 L6GX;Service - Line 6 GX;c:\windows\system32\Drivers\L6GX.sys [x]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]

R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]

R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]

R3 netw5v32;Stuurprogramma voor Intel® Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S1 MpKsl9b107f5a;MpKsl9b107f5a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D09F0EE1-3BB8-4C5B-B98D-D3AC70880AC6}\MpKsl9b107f5a.sys [x]

S1 pfmfs_463;pfmfs_463;c:\windows\system32\Drivers\pfmfs_463.sys [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 22:38]

.

2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-10 07:53]

.

2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-10 07:53]

.

2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015975709-2517105018-1172841398-1000Core.job

- c:\users\Michiel.MichielsPC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-07 15:55]

.

2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015975709-2517105018-1172841398-1000UA.job

- c:\users\Michiel.MichielsPC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-07 15:55]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&s=2&o=vp32&d=0909&m=easynote_lj65

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: &D&ownload &met BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload alles met BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: line6.net

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Michiel.MichielsPC\AppData\Roaming\Mozilla\Firefox\Profiles\k7eofzrr.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112670&tt=3412_3&babsrc=HP_sst&mntrId=4a1b087d000000000000001e65782e71

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112670&tt=3412_3&babsrc=KW_sst&mntrId=4a1b087d000000000000001e65782e71&q=

FF - user.js: extensions.BabylonToolbar_i.id - 4a1b087d000000000000001e65782e71

FF - user.js: extensions.BabylonToolbar_i.hardId - 4a1b087d000000000000001e65782e71

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15542

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:41

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112844&tt=2912_5

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{65CA59EE-9920-4D7F-8C41-BFA12403261A} - (no file)

MSConfigStartUp-VideoWebCamera - c:\program files\VideoWebCamera\VideoWebCamera.exe

AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3015975709-2517105018-1172841398-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3015975709-2517105018-1172841398-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(5524)

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\users\Michiel.MichielsPC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\AVG\AVG2013\avgrsx.exe

c:\program files\AVG\AVG2013\avgcsrvx.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\AVG\AVG2013\avgnsx.exe

c:\program files\AVG\AVG2013\avgemcx.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe

c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Voltooingstijd: 2013-01-12 00:14:48 - machine werd herstart

ComboFix-quarantined-files.txt 2013-01-11 23:14

.

Pre-Run: 132.151.402.496 bytes beschikbaar

Post-Run: 132.055.646.208 bytes beschikbaar

.

- - End Of File - - AC775FA94443DF24AC5DA5D6918EF4E7

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

Firefox::

FF - ProfilePath - c:\users\Michiel.MichielsPC\AppData\Roaming\Mozilla\Firefox\Profiles\k7eofzrr.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

FF - user.js: extensions.BabylonToolbar_i.id - 4a1b087d000000000000001e65782e71

FF - user.js: extensions.BabylonToolbar_i.hardId - 4a1b087d000000000000001e65782e71

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15542

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:41

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112844&tt=2912_5

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in de rode snelkoppeling van ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

De eerste keer toen ik CFScript.tct in de snelkoppeling sleepte stond er Toegang geweigerd, dat kwam waarschijnlijk omdat ik AVG nog aan had staan. Die heb ik toen uitgezet en toen deed hij het wel, alleen gebeurde er iets raars nadat mijn laptop opnieuw opstartte. Ik kon geen programa's meer openen. Geen iTunes, geen Chrome, geen Firefox geen IE en geen Kladblok. Ik kreeg een soort foutmelding dat een registersleutel was verplaatst of verwijderd of iets dergelijks. Toen heb ik de laptop opnieuw opgestart en deed hij het wel. Hier is de log:

ComboFix 13-01-11.02 - Michiel 12-01-2013 11:49:08.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3070.2033 [GMT 1:00]

Gestart vanuit: c:\users\Michiel.MichielsPC\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Michiel.MichielsPC\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe

c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxAPI.dll

c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe

c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxInstallLog.txt

c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspi.dll

c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspiWDM.inf

c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\gearaspiwdmx86.cat

c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86\GEARAspiWDM.sys

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\_ctypes.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\_elementtree.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\_hashlib.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\_socket.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\_ssl.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\pyexpat.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\pysqlite2._sqlite.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\python26.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\pythoncom26.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\PyWinTypes26.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\select.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\unicodedata.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\win32api.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\win32com.shell.shell.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\win32crypt.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\win32event.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\win32file.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\win32inet.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\win32pdh.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\win32process.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\win32profile.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\win32security.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\win32ts.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\windows._cacheinvalidation.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\wx._controls_.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\wx._core_.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\wx._gdi_.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\wx._html2.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\wx._misc_.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\wx._windows_.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\wx._wizard.pyd

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\wxbase293u_net_vc.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\wxbase293u_vc.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\wxmsw293u_adv_vc.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\wxmsw293u_core_vc.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\wxmsw293u_html_vc.dll

c:\users\MICHIE~1.MIC\AppData\Local\Temp\_MEI37162\wxmsw293u_webview_vc.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\_ctypes.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\_elementtree.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\_hashlib.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\_socket.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\_ssl.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\pyexpat.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\pysqlite2._sqlite.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\python26.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\pythoncom26.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\PyWinTypes26.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\select.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\unicodedata.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\win32api.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\win32com.shell.shell.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\win32crypt.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\win32event.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\win32file.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\win32inet.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\win32pdh.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\win32process.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\win32profile.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\win32security.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\win32ts.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\windows._cacheinvalidation.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\wx._controls_.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\wx._core_.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\wx._gdi_.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\wx._html2.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\wx._misc_.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\wx._windows_.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\wx._wizard.pyd

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\wxbase293u_net_vc.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\wxbase293u_vc.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\wxmsw293u_adv_vc.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\wxmsw293u_core_vc.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\wxmsw293u_html_vc.dll

c:\users\Michiel.MichielsPC\AppData\Local\Temp\_MEI37162\wxmsw293u_webview_vc.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-12-12 to 2013-01-12 ))))))))))))))))))))))))))))))

.

.

2013-01-12 11:03 . 2013-01-12 11:03 -------- d-----w- c:\users\Michiel\AppData\Local\temp

2013-01-12 11:03 . 2013-01-12 11:03 -------- d-----w- c:\users\Gast\AppData\Local\temp

2013-01-12 11:03 . 2013-01-12 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-12 08:53 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2ECFD586-341A-4528-A3C8-941AE8A30AB4}\mpengine.dll

2013-01-11 15:54 . 2013-01-11 15:54 388096 ----a-r- c:\users\Michiel.MichielsPC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-01-11 15:54 . 2013-01-11 15:54 -------- d-----w- c:\program files\Trend Micro

2013-01-11 14:58 . 2013-01-11 14:58 -------- d-----w- c:\program files\What's my computer doing

2013-01-11 08:21 . 2013-01-11 08:21 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2013-01-11 07:44 . 2013-01-11 07:44 -------- d-----w- c:\users\Gast\AppData\Roaming\AVG2013

2013-01-11 07:44 . 2013-01-11 07:44 -------- d-----w- c:\users\Gast\AppData\Local\Avg2013

2013-01-11 02:44 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-09 23:54 . 2013-01-12 08:35 -------- d-----w- c:\program files\EndItAll

2013-01-09 21:23 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs

2013-01-05 15:32 . 2013-01-05 15:32 -------- d-----w- c:\program files\CleanMem

2013-01-05 15:32 . 2013-01-05 15:32 -------- d-----w- c:\windows\CleanMem

2012-12-27 16:04 . 2012-12-27 16:04 -------- d-----w- c:\users\Michiel.MichielsPC\AppData\Roaming\AVG2013

2012-12-27 16:02 . 2012-12-27 16:02 -------- d-----w- c:\users\Michiel.MichielsPC\AppData\Roaming\TuneUp Software

2012-12-27 16:01 . 2012-12-27 16:02 -------- d-----w- c:\programdata\AVG2013

2012-12-27 16:01 . 2012-12-27 16:01 -------- d-----w- C:\$AVG

2012-12-27 16:00 . 2012-12-27 16:00 -------- d-----w- c:\program files\AVG

2012-12-27 15:57 . 2013-01-12 07:16 -------- d-----w- c:\programdata\MFAData

2012-12-27 15:57 . 2012-12-27 17:35 -------- d-----w- c:\users\Michiel.MichielsPC\AppData\Local\Avg2013

2012-12-27 15:57 . 2012-12-27 15:57 -------- d-----w- c:\users\Michiel.MichielsPC\AppData\Local\MFAData

2012-12-24 10:54 . 2012-12-24 10:54 -------- d-----w- c:\users\Michiel.MichielsPC\AppData\Roaming\MathematicaPlayer

2012-12-24 10:54 . 2012-12-24 10:54 -------- d-----w- c:\users\Michiel.MichielsPC\AppData\Local\MathematicaPlayer

2012-12-24 10:51 . 2012-12-24 10:51 -------- d-----w- c:\program files\Common Files\Wolfram Research

2012-12-24 10:51 . 2012-12-24 10:51 -------- d-----w- c:\programdata\Mathematica

2012-12-24 10:51 . 2012-12-24 10:51 -------- d-----w- c:\program files\Common Files\ResearchSoft

2012-12-24 10:50 . 2011-10-03 17:45 334352 ----a-w- c:\windows\system32\mltcpip32.mlp

2012-12-24 10:50 . 2011-10-03 17:45 93712 ----a-w- c:\windows\system32\mltcp32.mlp

2012-12-24 10:50 . 2011-10-03 17:45 88080 ----a-w- c:\windows\system32\mlshm32.mlp

2012-12-24 10:50 . 2011-10-03 17:45 163344 ----a-w- c:\windows\system32\mlmodule32.dll

2012-12-24 10:50 . 2011-10-03 17:45 79376 ----a-w- c:\windows\system32\mlmap32.mlp

2012-12-24 10:50 . 2011-10-03 17:45 370704 ----a-w- c:\windows\system32\ml32i3.dll

2012-12-24 10:50 . 2011-10-03 17:45 260112 ----a-w- c:\windows\system32\ml32i2.dll

2012-12-24 10:50 . 2011-10-03 17:45 253968 ----a-w- c:\windows\system32\ml32i1.dll

2012-12-24 10:49 . 2012-12-24 10:49 -------- d-----w- c:\program files\Wolfram Research

2012-12-23 09:15 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-23 09:15 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-18 23:42 . 2012-12-18 23:42 -------- d-----w- c:\program files\iPod

2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-09 22:38 . 2012-07-03 15:35 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-09 22:38 . 2011-05-20 09:34 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-14 15:49 . 2011-01-18 10:17 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-07 12:26 . 2013-01-09 21:23 308736 ----a-w- c:\windows\system32\Wpc.dll

2012-11-29 07:58 . 2012-11-29 07:59 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74AA75D1-135B-45CE-AC42-31729C4205FD}\gapaengine.dll

2012-11-15 22:33 . 2012-11-15 22:33 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

2012-11-09 04:42 . 2012-12-13 02:31 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 05:11 . 2012-12-13 02:31 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2012-10-16 07:39 . 2012-11-28 19:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 02:48 . 2012-10-15 02:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-10-20 21:48 . 2011-04-16 18:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-07-28 13:44 . 2010-07-28 13:44 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Michiel.MichielsPC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Michiel.MichielsPC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Michiel.MichielsPC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Michiel.MichielsPC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-11-08 15:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]

@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"

[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]

2010-07-07 17:57 153064 ----a-w- c:\windows\System32\pfmshx_463.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]

"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2009-08-26 494112]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-18 1157640]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-02 9808488]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]

"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-11 813584]

What's my computer doing.lnk - c:\program files\What's my computer doing\WhatsMyComputerDoing.exe [2013-1-11 274168]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2012-11-30 02:06 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]

2012-12-25 14:32 1199576 ----a-w- c:\users\Michiel.MichielsPC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

.

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]

R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]

R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]

R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]

R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]

R3 L6GX;Service - Line 6 GX;c:\windows\system32\Drivers\L6GX.sys [x]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]

R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]

R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]

R3 netw5v32;Stuurprogramma voor Intel® Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S1 pfmfs_463;pfmfs_463;c:\windows\system32\Drivers\pfmfs_463.sys [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 22:38]

.

2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-10 07:53]

.

2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-10 07:53]

.

2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015975709-2517105018-1172841398-1000Core.job

- c:\users\Michiel.MichielsPC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-07 15:55]

.

2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015975709-2517105018-1172841398-1000UA.job

- c:\users\Michiel.MichielsPC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-07 15:55]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&s=2&o=vp32&d=0909&m=easynote_lj65

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: &D&ownload &met BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload alles met BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: line6.net

TCP: DhcpNameServer = 129.125.4.13 129.125.50.250

FF - ProfilePath - c:\users\Michiel.MichielsPC\AppData\Roaming\Mozilla\Firefox\Profiles\k7eofzrr.default\

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3015975709-2517105018-1172841398-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3015975709-2517105018-1172841398-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(6076)

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\users\Michiel.MichielsPC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\AVG\AVG2013\avgrsx.exe

c:\program files\AVG\AVG2013\avgcsrvx.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\AVG\AVG2013\avgnsx.exe

c:\program files\AVG\AVG2013\avgemcx.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\taskhost.exe

c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe

c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

c:\windows\system32\conhost.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\taskhost.exe

.

**************************************************************************

.

Voltooingstijd: 2013-01-12 12:14:04 - machine werd herstart

ComboFix-quarantined-files.txt 2013-01-12 11:14

ComboFix2.txt 2013-01-11 23:14

.

Pre-Run: 133.187.338.240 bytes beschikbaar

Post-Run: 133.091.475.456 bytes beschikbaar

.

- - End Of File - - 6816DBB9327991982B8E2FFDE81FBC0E

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.