Archief - Processorverbruik alijd op 100%

michiel6661 · 24 dec 2011

Orginele topic:
https://www.beyondgaming.be/archive/hardware.21/processorverbruik-alijd-op-100.835905

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:20:20, on 24/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
G:\Program files\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Michiel\AppData\Local\SanctionedMedia\Smad\Smad.exe
C:\Users\Michiel\27l4ozqjbh.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Michiel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michiel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michiel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michiel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Michiel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michiel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michiel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michiel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
R3 - URLSearchHook: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBit0.dll
F2 - REG

ystem.ini: UserInit=userinit.exe
O2 - BHO: BittorrentBar_NL - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBit0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\prxtbBit0.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files (x86)\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [27l4ozqjbh] C:\ProgramData\27l4ozqjbh.exe
O4 - HKCU\..\Run: [Steam] "G:\Program files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Michiel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Smad] "C:\Users\Michiel\AppData\Local\SanctionedMedia\Smad\Smad.exe"
O4 - HKCU\..\Run: [27l4ozqjbh] C:\Users\Michiel\27l4ozqjbh.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Bootcamp.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michiel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michiel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C23C9741-3A17-4584-A857-BEFBB205CB50}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: jtskyee - C:\Windows\system32\config\systemprofile\AppData\Local\jtskyee.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMService - Unknown owner - C:\Windows\TEMP\ijufwp\setup.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe (file missing)
O23 - Service: Apple Time Service (AppleTimeSrv) - Unknown owner - C:\Windows\system32\AppleTimeSrv.exe (file missing)
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HideMyIpSRV - Hide My IP - C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14174 bytes

Juisterr · 24 dec 2011

Jotti Virusscan Jotti's malware scan
Bovenin staat “file to upload”.
Ga via “bladeren” naar onderstaand bestand, laat het scannen door eerst op “openen” en daarna op “submit” te klikken.

C:\Users\Michiel\27l4ozqjbh.exe <<<<<<<<<<

Kopieer het antwoord dat je krijgt in je volgende post.

Als de server te druk is kun je het bestand ook hier laten scannen:
Kaspersky filescanner Free Virus Scan - Kaspersky Lab

michiel6661 · 25 dec 2011

Bestandsnaam: 27l4ozqjbh.exe
Status: Scan voltooid. 13 uit 20 scanners vonden malware.
Scan genomen op: za 24 dec 2011 17:52:44 (CET) Permalink

Scanners

2011-12-24 Niets gevonden

2011-12-24 Niets gevonden

2011-12-24 Win32:QHost-CEL

2011-12-24 Gen:Variant.Kazy.47131

2011-12-24 Win32/Cryptor

2011-12-24 Gen:Variant.Kazy.47131

2011-12-24 TR/Dldr.Cutwail.BE

2011-12-24 Trojan-Spy.Agent

2011-12-24 Gen:Variant.Kazy.47131

2011-12-24 Trojan.Win32.Diple.dwpy

2011-12-24 Niets gevonden

2011-12-24 Niets gevonden

2011-12-24 Niets gevonden

2011-12-24 TrojanDownloader.Cutwail.be

2011-12-24 Trojan.DownLoader5.27084

2011-12-24 Troj/Bredo-OD

2011-12-24 Trojan-Spy.Agent!IK

2011-12-22 Niets gevonden

2011-12-24 Win32/Kryptik.XQS

2011-12-24 Niets gevonden

Extra informatie
Bestandsgrootte: 37888 bytes
Bestandstype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 3aa192f319585c9baa30d1cb9d27e044
SHA1: d498a813e33f4b7e9775394c2227a16ca04e4e06

Juisterr · 26 dec 2011

Download zoek.exe
Plaats hem op je bureaublad en dubbelklik hem om te starten.

Typ C gevolgd door Enter om "Delete files/folders" te starten.
Een bestand met de naam "input.txt" zal openen.
Kopieer hier de volgende code in:

Code:

C:\bestand1.exe;
C:\Users\Michiel\27l4ozqjbh.exe;

Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.
Hierna begint de verwijderscan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.

michiel6661 · 26 dec 2011

==================
Zoek.exe by smeenk
Updated 22-03-2011
==================
Deleting files\folders

"C:\bestand1.exe" not found
"C:\Users\Michiel\27l4ozqjbh.exe" deleted

Het duurde wel enorm lang dus heb ik het stopgezet, en dat kwam als log eruit.

Juisterr · 28 dec 2011

Mooi zo, hoe staat het met de problemen nu ?

michiel6661 · 31 dec 2011

Nog altijd hetzelfde :/

Juisterr · 1 jan 2012

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier staat een handleiding over hoe je deze kan uitschakelen

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

michiel6661 · 8 jan 2012

KREEG HEM NIET IN EEN SPOILER
Maar alles is opgelost, bedankt voor de goede hulp!

ComboFix 12-01-07.03 - Michiel 08/01/2012 10:56:00.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.4094.2611 [GMT 1:00]
Gestart vanuit: c:\users\Michiel\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\27l4ozqjbh.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Michiel\27l4ozqjbh.exe
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\kwrd.dll
c:\windows\system32\consrv.dll
c:\windows\system32\java.exe
c:\windows\System64
G:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AMService
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-08 to 2012-01-08 ))))))))))))))))))))))))))))))
.
.
2012-01-08 10:01 . 2012-01-08 10:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-07 14:55 . 2012-01-07 14:55 -------- d-----w- C:\.jagex_cache_32
2012-01-07 10:39 . 2012-01-07 10:39 -------- d-----w- c:\windows\.rs-reborn_cache_464
2012-01-06 20:45 . 2012-01-06 20:45 -------- d-----w- c:\windows\lhsp
2012-01-06 20:45 . 2012-01-06 20:45 -------- d-----w- c:\program files (x86)\CFS-Technologies
2012-01-02 16:02 . 2012-01-02 16:02 -------- d-----w- c:\windows\.soulsplit
2012-01-02 12:56 . 2012-01-02 13:00 -------- d-----w- C:\.rs2_remake
2011-12-30 19:56 . 2011-12-30 19:56 -------- d-----w- c:\users\Michiel\NearRealityCachev12.2
2011-12-30 19:53 . 2011-12-30 19:54 -------- d-----w- C:\zsc2
2011-12-30 16:10 . 2011-12-30 16:11 -------- d-----w- C:\Inceptioncache81
2011-12-24 16:35 . 2011-12-24 16:36 -------- d-----w- c:\users\Michiel\AppData\Local\Microsoft Games
2011-12-24 09:19 . 2011-12-24 09:19 388096 ----a-r- c:\users\Michiel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-24 09:19 . 2011-12-24 09:19 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-23 12:53 . 2011-12-23 12:53 -------- d-----w- C:\$AVG
2011-12-23 12:42 . 2011-12-23 12:42 -------- d--h--w- c:\programdata\Common Files
2011-12-23 12:41 . 2011-12-24 01:14 -------- d-----w- c:\programdata\AVG2012
2011-12-23 12:41 . 2011-12-23 12:41 -------- d-----w- c:\program files (x86)\AVG
2011-12-23 12:39 . 2011-12-24 01:14 -------- d-----w- c:\programdata\MFAData
2011-12-22 13:31 . 2011-12-23 12:15 -------- d-----w- c:\users\Michiel\AppData\Roaming\Synthesia
2011-12-22 13:27 . 2011-12-22 13:28 -------- d-----w- c:\program files (x86)\Synthesia
2011-12-20 21:28 . 2011-12-24 01:12 -------- d-----w- c:\users\Michiel\AppData\Local\SanctionedMedia
2011-12-20 21:11 . 2011-12-20 21:17 -------- d-----w- c:\program files (x86)\WinPcap
2011-12-20 17:56 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F07A6BC-742B-4D71-B33A-9498C6333744}\mpengine.dll
2011-12-19 21:18 . 2011-12-24 01:16 -------- d-----w- c:\users\Claudine
2011-12-19 21:09 . 2011-12-19 21:09 -------- d-----w- c:\programdata\ATI
2011-12-19 21:08 . 2011-12-24 01:12 -------- d-----w- c:\program files (x86)\AMD APP
2011-12-19 20:54 . 2011-12-19 20:54 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-12-19 20:43 . 2011-12-19 20:43 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 10:04 . 2011-09-23 14:16 23080 ----a-w- c:\windows\gdrv.sys
2012-01-08 09:48 . 2011-11-16 19:54 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2011-12-25 12:10 . 2011-10-01 10:11 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-25 12:10 . 2011-09-30 19:18 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-25 11:59 . 2011-09-30 19:18 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-01 01:59 . 2011-12-01 01:59 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-12-01 01:59 . 2011-12-01 01:59 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2011-11-24 16:48 . 2011-09-30 19:18 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-11-19 13:47 . 2011-10-10 17:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 13:29 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-13 13:05 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2011-11-13 13:05 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2011-11-13 13:05 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
2011-11-13 13:05 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2011-11-13 13:05 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2011-11-10 03:16 . 2010-09-29 01:55 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-11-10 03:15 . 2010-09-29 01:54 927232 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-10 03:06 . 2011-10-12 20:04 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-10 02:40 . 2010-09-29 01:30 4061696 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-10 02:33 . 2010-09-29 01:28 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-10 02:29 . 2010-09-29 01:22 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-10 02:24 . 2010-09-29 01:21 7439360 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-10 02:18 . 2011-04-19 23:27 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 02:11 . 2010-09-29 01:14 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-10 02:11 . 2011-10-12 19:29 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-10 02:11 . 2010-09-29 01:13 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-10 02:11 . 2010-09-29 01:13 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-09 21:39 . 2011-11-09 21:39 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-11-09 21:39 . 2011-11-09 21:39 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-11-09 21:39 . 2011-11-09 21:39 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-11-09 21:39 . 2011-11-09 21:39 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-11-09 21:39 . 2011-11-09 21:39 17442304 ----a-w- c:\windows\system32\amdocl64.dll
2011-11-09 21:38 . 2011-11-09 21:38 14375936 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-11-09 15:52 . 2011-11-09 15:52 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-29 13:04 . 2011-10-29 13:04 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-10-25 20:21 . 2011-10-25 20:21 66560 ----a-w- c:\windows\system32\OVDecoder64.dll
2011-10-25 20:21 . 2011-10-25 20:21 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll
2011-10-25 19:02 . 2011-10-25 19:02 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-10-21 19:16 . 2011-10-21 19:16 1843200 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2011-10-21 19:15 . 2011-10-21 19:15 104448 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2011-10-21 19:12 . 2011-10-21 19:12 2763264 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-10-21 19:07 . 2011-10-21 19:07 125440 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-10-14 20:42 . 2011-10-14 20:42 1409 ----a-w- c:\windows\SysWow64\tmp8A303.FOT
2011-10-14 20:42 . 2011-10-14 20:42 1409 ----a-w- c:\windows\SysWow64\tmp7B303.FOT
2011-10-14 20:42 . 2011-10-14 20:42 1409 ----a-w- c:\windows\SysWow64\tmp6D303.FOT
2011-10-12 16:56 . 2011-10-12 16:56 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-10-12 16:55 . 2011-10-12 16:55 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-11-13 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-11-13 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2d8d9acc-f6d7-4362-8876-a275ca929591}"= "c:\program files (x86)\BittorrentBar_NL\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{2d8d9acc-f6d7-4362-8876-a275ca929591}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2d8d9acc-f6d7-4362-8876-a275ca929591}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BittorrentBar_NL\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 10:17 1233288 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-06-23 18:05 194848 ------w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2d8d9acc-f6d7-4362-8876-a275ca929591}"= "c:\program files (x86)\BittorrentBar_NL\prxtbBit0.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{2d8d9acc-f6d7-4362-8876-a275ca929591}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\program files\Steam\steam.exe" [2011-08-02 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-11-07 28846216]
"Smad"="c:\users\Michiel\AppData\Local\SanctionedMedia\Smad\Smad.exe" [2011-12-20 37376]
"avichannel"="c:\program files (x86)\Evaer\videochannel.exe" [2011-07-29 1689088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BtTray"="c:\program files (x86)\IVT Corporation\BlueSoleil\BtTray.exe" [2009-09-02 315478]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"D-Link AirPlus XtremeG"="c:\program files (x86)\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-03-28 1011712]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
.
c:\users\Michiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bootcamp.exe [2009-7-22 627504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-9-23 1148944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jtskyee]
2011-12-22 17:40 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\jtskyee.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe [2011-06-03 3249512]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-09 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [x]
S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-02-05 68136]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3964281324-2186914488-3046873150-1000Core.job
- c:\users\Michiel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 19:38]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3964281324-2186914488-3046873150-1000UA.job
- c:\users\Michiel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 19:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 134160]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2009-07-22 627504]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"combofix"="c:\combofix\CF18970.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Michiel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Michiel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 195.130.130.133 195.130.131.133
TCP: Interfaces\{C23C9741-3A17-4584-A857-BEFBB205CB50}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Michiel\AppData\Roaming\Mozilla\Firefox\Profiles\xnn7fgnc.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-27l4ozqjbh - c:\users\Michiel\27l4ozqjbh.exe
Wow6432Node-HKLM-Run-27l4ozqjbh - c:\programdata\27l4ozqjbh.exe
WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-PacSteamT - g:\pacsteamt\PacSteamT-Uninstall.exe
AddRemove-Steam App 105600 - g:\games\Steam\steam.exe
AddRemove-Steam App 12900 - f:\program files\Steam\steam.exe
AddRemove-Steam App 24960 - g:\games\Steam\steam.exe
AddRemove-Steam App 42690 - g:\pacsteamt\steam.exe
AddRemove-Steam App 42700 - g:\games\Steam\steam.exe
AddRemove-Steam App 42710 - g:\games\Steam\steam.exe
AddRemove-Steam App 60 - g:\games\Steam\steam.exe
AddRemove-Steam App 70300 - g:\games\Steam\steam.exe
AddRemove-Steam App 7940 - g:\games\Steam\steam.exe
AddRemove-Steam App 96200 - g:\games\Steam\steam.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3964281324-2186914488-3046873150-1000\Software\SecuROM\License information*]
"datasecu"=hex:ad,98,fe,54,90,11,70,e2,94,00,66,5e,ef,45,98,47,5f,6b,a1,39,76,
cf,42,ee,d5,9f,19,6a,00,34,cb,09,f6,4e,3a,dc,28,9b,57,36,51,96,69,3a,07,dc,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Voltooingstijd: 2012-01-08 11:11:09 - machine werd herstart
ComboFix-quarantined-files.txt 2012-01-08 10:11
.
Pre-Run: 63.335.206.912 bytes free
Post-Run: 63.745.093.632 bytes beschikbaar
.
- - End Of File - - FB238572DE11D26AF2FDEDDA9FF6608

Juisterr · 8 jan 2012

Vertel even hoe het nu gaat.

Archief - Processorverbruik alijd op 100%

michiel6661

Legacy Member

Juisterr

Legacy Member

michiel6661

Legacy Member

Juisterr

Legacy Member

michiel6661

Legacy Member

Juisterr

Legacy Member

michiel6661

Legacy Member

Juisterr

Legacy Member

michiel6661

Legacy Member

Juisterr

Legacy Member