Ga naar inhoud

hjt laptop loopt vast

Glennb
 Delen

Aanbevolen berichten

Glennb Leerling

Glennb

Geplaatst:
Geplaatst:

beste,

sinds gisteren loopt mijn laptop geregeld vast, eens deze is vastgelopen, moet ik hem opn ieuw opstarten om ook maar iets te kunnen doen.. vervelend.. zou je mijn hjt-logje eens kunnen bekijken?

Alvast bedankt

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:17:40, on 20/08/2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2895364186-1785630767-1304988441-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-2895364186-1785630767-1304988441-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

--

End of file - 6559 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download 51a612a8b27e2-Zoek.pngzoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik op de knop "Options" en vink nu de onderstaande opties aan.
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Vink nu de onderstaande opties aan.

  • Startup Information
  • Installed Programs
  • System Restore Info

  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites
Glennb Leerling

Glennb

Geplaatst:
  • Auteur
Geplaatst:

Zoek.exe Version 4.0.0.4 Updated 19-08-2013

Tool run by Glenn on di 20/08/2013 at 17:42:51,38.

Microsoft Windows 7 Ultimate 6.1.7600 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Glenn\Downloads\zoek.exe [Checkboxes used]

==== System Restore Info ======================

20/08/2013 17:44:07 Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7) - Nederlands

AIMP3

Apple Application Support

AVG 9.0

CCleaner

D3DX10

DAEMON Tools Lite

Defraggler

FIFA 13

Google Drive

Google Earth

Google Update Helper

HiJackThis

Java 7 Update 25

Java Auto Updater

Junk Mail filter update

Malwarebytes Anti-Malware versie 1.75.0.1300

Media Go

Media Go Video Playback Engine 1.92.169.06150

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile NLD Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended NLD Language Pack

Microsoft Application Error Reporting

Microsoft Office Access MUI (Dutch) 2007

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (Dutch) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (Dutch) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Language Pack 2007 - Dutch/Nederlands

Microsoft Office O MUI (Dutch) 2007

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (Dutch) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (Dutch) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office SharePoint Designer MUI (Dutch) 2007

Microsoft Office Word MUI (Dutch) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office X MUI (Dutch) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 23.0.1 (x86 nl)

Mozilla Maintenance Service

MSVCRT

MSVCRT110

NVIDIA-configuratiescherm 310.70

NVIDIA Grafisch stuurprogramma 310.70

NVIDIA HD Audio-stuurprogramma 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX systeemsoftware 9.12.1031

NVIDIA Update 1.11.3

NVIDIA Update Components

Origin

Photo Common

PlayStation®Network Downloader

PlayStation®Store

Project64 1.6

QuickTime

Sony Ericsson Update Engine

Sony PC Companion 2.10.155

SpeedFan (remove only)

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

Taalpakket voor Microsoft .NET Framework 4 Extended - NLD

VLC media player 2.0.6

Vuze

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 (32-bit)

======== System Restore Points ========

RP133: 20/08/2013 17:43:47 - zoek.exe restore point

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2895364186-1785630767-1304988441-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="C:\Program Files\Google\Drive\googledrivesync.exe /autostart"

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"

[HKEY_USERS\S-1-5-21-2895364186-1785630767-1304988441-1002\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2895364186-1785630767-1304988441-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

"avg_spchecker"="C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe /start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"AVG9_TRAY"="C:\PROGRA~1\AVG\AVG9\avgtray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="C:\Program Files\Google\Drive\googledrivesync.exe /autostart"

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DAEMON Tools Lite"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony PC Companion]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Sony PC Companion"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Sony\\Sony PC Companion\\PCCompanion.exe\" /Background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

==== Startup Folders ======================

2013-04-09 18:08:31 1288 ----a-w- C:\users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/07/2013 22:07]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/09/2012 13:19]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/09/2012 13:19]

==== EOF on di 20/08/2013 at 17:44:41,52 ======================

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Inderdaad geen herstelpunten meer te vinden.

Download 51a5bf3d99e8a-ComboFixlogo16.pngComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

  • Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  • Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  • Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  • Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  • Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  • Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  • Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  • Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  • Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.

  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Illegal operation attempted on a registry key that has been marked for deletion.

Link naar reactie
Delen op andere sites
Glennb Leerling

Glennb

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 13-08-20.01 - Glenn 21/08/2013 11:00:42.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.3067.1935 [GMT 2:00]

Gestart vanuit: c:\users\Glenn\Downloads\ComboFix.exe

AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Glenn\AppData\Local\Temp\_MEI36803\_ctypes.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\_elementtree.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\_hashlib.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\_multiprocessing.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\_socket.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\_ssl.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\msvcp100.dll

c:\users\Glenn\AppData\Local\Temp\_MEI36803\msvcr100.dll

c:\users\Glenn\AppData\Local\Temp\_MEI36803\pyexpat.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\pysqlite2._sqlite.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\python27.dll

c:\users\Glenn\AppData\Local\Temp\_MEI36803\pythoncom27.dll

c:\users\Glenn\AppData\Local\Temp\_MEI36803\PyWinTypes27.dll

c:\users\Glenn\AppData\Local\Temp\_MEI36803\select.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\unicodedata.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\win32api.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\win32com.shell.shell.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\win32crypt.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\win32event.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\win32file.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\win32inet.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\win32pdh.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\win32process.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\win32profile.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\win32security.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\win32ts.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\windows._cacheinvalidation.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\wx._controls_.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\wx._core_.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\wx._gdi_.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\wx._html2.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\wx._misc_.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\wx._windows_.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\wx._wizard.pyd

c:\users\Glenn\AppData\Local\Temp\_MEI36803\wxbase294u_net_vc90.dll

c:\users\Glenn\AppData\Local\Temp\_MEI36803\wxbase294u_vc90.dll

c:\users\Glenn\AppData\Local\Temp\_MEI36803\wxmsw294u_adv_vc90.dll

c:\users\Glenn\AppData\Local\Temp\_MEI36803\wxmsw294u_core_vc90.dll

c:\users\Glenn\AppData\Local\Temp\_MEI36803\wxmsw294u_html_vc90.dll

c:\users\Glenn\AppData\Local\Temp\_MEI36803\wxmsw294u_webview_vc90.dll

c:\users\Glenn\AppData\Roaming\inst.exe

c:\users\Glenn\AppData\Roaming\vso_ts_preview.xml

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-07-21 to 2013-08-21 ))))))))))))))))))))))))))))))

.

.

2013-08-21 09:35 . 2013-08-21 09:38 -------- d-----w- c:\users\Glenn\AppData\Local\temp

2013-08-21 09:35 . 2013-08-21 09:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-08-21 09:35 . 2013-08-21 09:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-27 08:45 . 2013-07-27 09:02 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2013-07-27 08:44 . 2013-07-27 08:44 -------- d-----w- c:\program files\AVG

2013-07-27 08:44 . 2013-07-27 08:44 -------- d-----w- c:\programdata\avg9

2013-07-25 10:52 . 2013-07-25 10:52 -------- d-----w- c:\program files\Microsoft Silverlight

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-11 08:39 . 2012-12-26 10:59 47360 ----a-w- c:\users\Glenn\AppData\Roaming\pcouffin.sys

2013-07-12 20:07 . 2012-09-03 19:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-07-12 20:07 . 2012-09-03 19:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-24 08:08 . 2013-06-24 08:08 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-06-24 08:08 . 2012-09-03 19:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-06-24 08:08 . 2012-09-03 19:16 789416 ----a-w- c:\windows\system32\deployJava1.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2013-01-20 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-01-24 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2013-07-27 2077536]

.

c:\users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2012-08-28 13:52 3671904 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]

2013-03-18 15:47 448736 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-10-20 12400]

R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-20 1343400]

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2013-07-27 52872]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2013-07-27 226016]

S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2013-07-27 243152]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-20 242240]

S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2013-07-27 308136]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 09:40]

.

2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-04 11:19]

.

2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-04 11:19]

.

.

------- Bijkomende Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.130.3 195.130.131.3

FF - ProfilePath - c:\users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\rlfc55vh.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=384&systemid=406&sr=0&q=

FF - ExtSQL: 2013-07-27 11:13; {3f963a5b-e555-4543-90e2-c3908898db71}; c:\program files\AVG\AVG9\Firefox

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\AUDIODG.EXE

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\AVG\AVG9\avgam.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\conhost.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\NVIDIA Corporation\Display\nvtray.exe

c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Voltooingstijd: 2013-08-21 11:41:42 - machine werd herstart

ComboFix-quarantined-files.txt 2013-08-21 09:41

.

Pre-Run: 56.156.090.368 bytes beschikbaar

Post-Run: 60.277.514.240 bytes beschikbaar

.

- - End Of File - - 69034A6B1743AEC645DCDFDEB8B0C052

A36C5E4F47E84449FF07ED3517B43A31

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Schakel alle antivirus- en antispywareprogramma's uit, want deze kunnen namelijk conflicteren met ComboFix.

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

Open een nieuw leeg Kladblok scherm, kopieer en plak hierin de volgende code. 

 
Firefox::
FF - ProfilePath - c:\users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\rlfc55vh.default\
FF - prefs.js: keyword.URL -

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

CFScript.gif

Nu zal ComboFix vanzelf worden gestart.

Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Je hebt het service pack 1 voor windows 7 nog niet geinstalleerd.

Is daar een speciale reden voor?

Doe je regelmatig de windows updates?

Je kan het Service Pack 1 downloaden op deze pagina.

Klik op downloaden, vink het bestand windows6.1-KB976932-X86.exe aan en klik dan op volgende.

Na de download dubbelklikken op het bestand om de installatie te starten.

Je hebt ook nog een oude versie van AVG.

Je kan de nieuwste versie (AVG 2013) hier downloaden.

Het upgraden van AVG kan eventueel nog even wachten maar de installatie van het service pack 1 voor windows 7 (en de andere windows updates) zou ik toch zo snel mogelijk doen.

Link naar reactie
Delen op andere sites
Glennb Leerling

Glennb

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 13-08-21.01 - Glenn 22/08/2013 12:16:15.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.3067.2257 [GMT 2:00]

Gestart vanuit: c:\users\Glenn\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Glenn\Desktop\CFScript.txt

AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Besmet exemplaar van c:\windows\system32\user32.dll werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-07-22 to 2013-08-22 ))))))))))))))))))))))))))))))

.

.

2013-08-22 10:49 . 2013-08-22 10:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-08-22 10:49 . 2013-08-22 10:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-27 09:02 . 2013-07-27 09:02 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2013-07-27 08:45 . 2013-07-27 09:01 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2013-07-27 08:45 . 2013-07-27 09:02 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2013-07-27 08:45 . 2013-07-27 09:01 226016 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-07-27 08:45 . 2013-08-22 09:41 -------- d-----w- c:\windows\system32\drivers\Avg

2013-07-27 08:45 . 2013-07-27 09:02 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2013-07-27 08:44 . 2013-07-27 08:44 -------- d-----w- c:\program files\AVG

2013-07-27 08:44 . 2013-07-27 08:44 -------- d-----w- c:\programdata\avg9

2013-07-25 10:52 . 2013-07-25 10:52 -------- d-----w- c:\program files\Microsoft Silverlight

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-21 09:40 . 2012-09-03 19:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-21 09:40 . 2012-09-03 19:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-08-11 08:39 . 2012-12-26 10:59 47360 ----a-w- c:\users\Glenn\AppData\Roaming\pcouffin.sys

2013-06-24 08:08 . 2013-06-24 08:08 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-06-24 08:08 . 2012-09-03 19:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-06-24 08:08 . 2012-09-03 19:16 789416 ----a-w- c:\windows\system32\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2013-07-27 2077536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

.

[HKLM\~\startupfolder\C:^Users^Glenn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]

path=c:\users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2012-08-28 13:52 3671904 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]

2013-06-27 14:11 20097696 ----a-w- c:\program files\Google\Drive\googledrivesync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2013-01-24 17:55 155648 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]

2013-03-18 15:47 448736 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-10-20 12400]

R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-20 1343400]

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2013-07-27 52872]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2013-07-27 226016]

S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2013-07-27 243152]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-20 242240]

S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2013-07-27 308136]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2013-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 09:40]

.

2013-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-04 11:19]

.

2013-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-04 11:19]

.

.

------- Bijkomende Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.130.3 195.130.131.3

FF - ProfilePath - c:\users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\rlfc55vh.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - ExtSQL: 2013-07-27 11:13; {3f963a5b-e555-4543-90e2-c3908898db71}; c:\program files\AVG\AVG9\Firefox

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\AVG\AVG9\avgam.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\NVIDIA Corporation\Display\nvtray.exe

.

**************************************************************************

.

Voltooingstijd: 2013-08-22 13:11:13 - machine werd herstart

ComboFix-quarantined-files.txt 2013-08-22 11:11

ComboFix2.txt 2013-08-21 09:41

.

Pre-Run: 58.069.684.224 bytes beschikbaar

Post-Run: 59.230.400.512 bytes beschikbaar

.

- - End Of File - - 426ACE8A0BD033A462C137D17C0C0B5B

A36C5E4F47E84449FF07ED3517B43A31

ik ga nu ook eens de service pack 1 installatie uitvoeren

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.