Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
lg
Na en handmatige schoonmaak hierbij de gevraagde logfile's
Wat kan er nog meer weg op deze zeer trage lapop
LG
Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.09.04.03
Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Gebruiker :: ACER-BD85AC6005
Bescherming: Ingeschakeld
4-9-2013 10:37:21
mbam-log-2013-09-04 (10-37-21).txt
Scan type: Volledige scan (C:\|D:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 256481
Verstreken tijd: 1 uur/uren, 16 minuut/minuten, 17 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
Mappen gedetecteerd: 3
C:\Documents and Settings\Gebruiker\Local Settings\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Gebruiker\Local Settings\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Gebruiker\Local Settings\Temp\mt_ffx\Delta\delta\1.8.10.0 (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.
Bestanden gedetecteerd: 2
C:\Documents and Settings\Gebruiker\Local Settings\Temp\Addons\144EEE38\dealply.exe (PUP.Optional.Dealply) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Gebruiker\Local Settings\Temp\499162DA-BAB0-7891-9B08-A8609A08AD16\MyBabylonTB.exe (PUP.Optional.Delta) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
# AdwCleaner v3.002 - Report created 03/09/2013 at 21:56:27
# Updated 01/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Gebruiker - ACER-BD85AC6005
# Running from : C:\Documents and Settings\Gebruiker\Bureaublad\adwcleaner.exe
# Option : Clean
***** *****
***** *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Program Files\AskBarDis
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Gebruiker\IECompatCache
Folder Deleted : C:\Documents and Settings\Gebruiker\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Gebruiker\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Gebruiker\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Gebruiker\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
***** *****
***** *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\BFlix
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BFlix
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
***** *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v
Deleted : homepage
Deleted : urls_to_restore_on_startup
Deleted : search_url
Deleted : keyword
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gebruiker at 2013-09-04 16:02:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (45%) free of 26 GB
Total RAM: 502 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:04:47, on 4-9-2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gebruiker\Bureaublad\RSIT.exe
C:\Program Files\trend micro\Gebruiker.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: AGRSMMSG.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: Alaunch
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: SkyTel.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1326456576531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
–
End of file - 6341 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\MpIdleTask.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
======Registry dump======
AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
“AGRSMMSG”=C:\WINDOWS\AGRSMMSG.exe
“igfxtray”=C:\WINDOWS\system32\igfxtray.exe
“igfxhkcmd”=C:\WINDOWS\system32\hkcmd.exe
“igfxpers”=C:\WINDOWS\system32\igfxpers.exe
“Boot”=C:\Acer\Empowering Technology\ePower\Boot.exe
“eRecoveryService”=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
“ePower_DMC”=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
“MSC”=C:\Program Files\Microsoft Security Client\msseces.exe
“LaunchApp”=Alaunch
“RTHDCPL”=C:\WINDOWS\RTHDCPL.EXE
“SkyTel”=C:\WINDOWS\SkyTel.EXE
“Alcmtr”=C:\WINDOWS\ALCMTR.EXE
“AzMixerSel”=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
“ctfmon.exe”=C:\WINDOWS\system32\ctfmon.exe
bthprops.cpl,,BluetoothAuthenticationAgent
C:\WINDOWS\system32\igfxdev.dll
C:\WINDOWS\system32\WgaLogon.dll
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoDriveTypeAutoRun”=145
“HonorAutoRunSetting”=1
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019”
"C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\MFCPSDEP\incredimail_install.exe“=”C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\MFCPSDEP\incredimail_install.exe:*:Enabled:IncrediMail Installer"
“C:\Program Files\IncrediMail\bin\ImApp.exe”=“C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail”
“C:\Program Files\IncrediMail\bin\IncMail.exe”=“C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail”
“C:\Program Files\IncrediMail\bin\ImpCnt.exe”=“C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail”
"C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\533JH50E\magentic_install.exe“=”C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\533JH50E\magentic_install.exe:*:Enabled:IncrediMail Installer"
“C:\Program Files\AVG\AVG10\avgmfapx.exe”=“C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Installer voor AVG”
“%windir%\Network Diagnostic\xpnetdiag.exe”=“%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000”
“C:\Program Files\AVG\AVG2012\avgmfapx.exe”=“C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Installer voor AVG”
“C:\Program Files\AVG\AVG2013\avgmfapx.exe”=“C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Installer voor AVG”
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019”
“%windir%\Network Diagnostic\xpnetdiag.exe”=“%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000”
“midimapper”=midimap.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msadpcm”=msadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.trspch”=tssoft32.acm
“vidc.cvid”=iccvid.dll
“vidc.I420”=msh263.drv
“vidc.iv31”=ir32_32.dll
“vidc.iv32”=ir32_32.dll
“vidc.iv41”=ir41_32.ax
“VIDC.IYUV”=iyuv_32.dll
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVU9”=tsbyuv.dll
“VIDC.YVYU”=msyuv.dll
“wavemapper”=msacm32.drv
“MSVideo”=vfwwdm32.dll
“MSVideo8”=VfWWDM32.dll
“msacm.msg723”=msg723.acm
“vidc.M263”=msh263.drv
“vidc.M261”=msh261.drv
“msacm.msaudio1”=msaud32.acm
“msacm.sl_anet”=sl_anet.acm
“msacm.iac2”=C:\WINDOWS\system32\iac25_32.ax
“vidc.iv50”=ir50_32.dll
“msacm.l3acm”=C:\WINDOWS\system32\l3codeca.acm
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-09-04 16:03:11 —-D—- C:\Program Files\trend micro
2013-09-04 16:02:49 —-D—- C:\rsit
2013-09-04 15:48:20 —-SHD—- C:\FOUND.001
2013-09-04 13:34:50 —-A—- C:\WINDOWS\system32\RtlCPAPI.dll
2013-09-04 13:34:50 —-A—- C:\WINDOWS\system32\ChCfg.exe
2013-09-04 13:34:00 —-A—- C:\WINDOWS\SoundMan.exe
2013-09-04 13:34:00 —-A—- C:\WINDOWS\SkyTel.exe
2013-09-04 13:33:59 —-A—- C:\WINDOWS\RtlUpd.exe
2013-09-04 13:33:52 —-A—- C:\WINDOWS\RTLCPL.exe
2013-09-04 13:33:46 —-A—- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2013-09-04 13:33:44 —-A—- C:\WINDOWS\RTHDCPL.exe
2013-09-04 13:33:40 —-A—- C:\WINDOWS\MicCal.exe
2013-09-04 13:33:36 —-A—- C:\WINDOWS\alcwzrd.exe
2013-09-04 13:33:35 —-D—- C:\Program Files\Realtek
2013-09-04 13:33:35 —-A—- C:\WINDOWS\Alcmtr.exe
2013-09-04 13:33:24 —-A—- C:\WINDOWS\RtlExUpd.dll
2013-09-04 12:42:07 —-N—- C:\WINDOWS\system32\MpSigStub.exe
2013-09-04 12:38:14 —-D—- C:\Program Files\Microsoft Security Client
2013-09-04 11:21:18 —-HD—- C:\WINDOWS\$NtUninstallKB2712808$
2013-09-04 11:18:10 —-HD—- C:\WINDOWS\$NtUninstallKB2659262$
2013-09-04 11:14:13 —-HD—- C:\WINDOWS\$NtUninstallKB2758857$
2013-09-04 11:13:56 —-HD—- C:\WINDOWS\$NtUninstallKB2834886$
2013-09-04 11:10:41 —-HD—- C:\WINDOWS\$NtUninstallKB2850851$
2013-09-04 11:09:58 —-HD—- C:\WINDOWS\$NtUninstallKB2691442$
2013-09-04 10:59:37 —-D—- C:\WINDOWS\system32\MRT
2013-09-04 10:58:21 —-HD—- C:\WINDOWS\$NtUninstallKB2655992$
2013-09-04 10:58:04 —-HD—- C:\WINDOWS\$NtUninstallKB2802968$
2013-09-04 10:54:49 —-HD—- C:\WINDOWS\$NtUninstallKB2686509$
2013-09-04 10:50:27 —-HD—- C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-09-04 10:50:17 —-HD—- C:\WINDOWS\$NtUninstallKB2780091$
2013-09-04 10:49:58 —-HD—- C:\WINDOWS\$NtUninstallKB2845187$
2013-09-04 10:45:21 —-HD—- C:\WINDOWS\$NtUninstallKB2719985$
2013-09-04 10:45:06 —-HD—- C:\WINDOWS\$NtUninstallKB2753842-v2$
2013-09-04 10:44:54 —-HD—- C:\WINDOWS\$NtUninstallKB2770660$
2013-09-04 10:44:32 —-HD—- C:\WINDOWS\$NtUninstallKB2850869$
2013-09-04 10:44:15 —-HD—- C:\WINDOWS\$NtUninstallKB2859537$
2013-09-04 10:43:54 —-HD—- C:\WINDOWS\$NtUninstallKB2807986$
2013-09-04 10:43:40 —-HD—- C:\WINDOWS\$NtUninstallKB2820917$
2013-09-04 10:43:27 —-HD—- C:\WINDOWS\$NtUninstallKB2757638$
2013-09-04 10:43:15 —-HD—- C:\WINDOWS\$NtUninstallKB2820197$
2013-09-04 10:43:04 —-HD—- C:\WINDOWS\$NtUninstallKB2749655$
2013-09-04 10:42:44 —-HD—- C:\WINDOWS\$NtUninstallKB2863058$
2013-09-04 10:39:40 —-HD—- C:\WINDOWS\$NtUninstallKB2698365$
2013-09-04 10:39:24 —-HD—- C:\WINDOWS\$NtUninstallKB2849470$
2013-09-04 10:39:07 —-HD—- C:\WINDOWS\$NtUninstallKB2705219-v2$
2013-09-04 10:38:56 —-HD—- C:\WINDOWS\$NtUninstallKB2727528$
2013-09-04 10:38:45 —-HD—- C:\WINDOWS\$NtUninstallKB2723135-v2$
2013-09-04 10:38:34 —-HD—- C:\WINDOWS\$NtUninstallKB2661254-v2$
2013-09-04 10:38:22 —-HD—- C:\WINDOWS\$NtUninstallKB2813345$
2013-09-04 10:37:42 —-HD—- C:\WINDOWS\$NtUninstallKB2676562$
2013-09-03 22:03:51 —-D—- C:\Documents and Settings\Gebruiker\Application Data\Malwarebytes
2013-09-03 22:03:14 —-D—- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-09-03 22:03:00 —-A—- C:\WINDOWS\system32\drivers\mbam.sys
2013-09-03 22:02:59 —-D—- C:\Program Files\Malwarebytes' Anti-Malware
2013-09-03 21:52:36 —-D—- C:\AdwCleaner
2013-09-03 21:14:40 —-A—- C:\WINDOWS\system32\drivers\avgtpx86.sys
2013-09-03 20:34:59 —-D—- C:\Program Files\CCleaner
======List of files/folders modified in the last 1 month======
2013-09-04 15:49:28 —-A—- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2013-09-04 13:36:12 —-A—- C:\WINDOWS\SchedLgU.Txt
2013-09-04 11:20:42 —-A—- C:\WINDOWS\imsins.BAK
2013-09-04 10:48:28 —-A—- C:\WINDOWS\win.ini
2013-09-03 20:37:02 —-A—- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-05 16:00:46 —-A—- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys
R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys
R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys
R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys
R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys
R1 WmiAcpi;Microsoft Windows Beheerinterface voor ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys
R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
R3 Rasirda;WAN-minipoort (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys
S3 Arp1394;1394 ARP-clientprotocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys
S3 BthEnum;Bluetooth-enumeratorservice; C:\WINDOWS\system32\DRIVERS\BthEnum.sys
S3 BthPan;Bluetooth-apparaat (PAN - Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Poortstuurprogramma voor Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio's; C:\WINDOWS\System32\Drivers\BTHUSB.sys
S3 CCDECODE;Closed Caption-decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
S3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\system32\DRIVERS\lv321av.sys
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\WINDOWS\system32\drivers\MSTEE.sys
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
S3 NdisIP;Microsoft TV/Video-verbinding; C:\WINDOWS\system32\DRIVERS\NdisIP.sys
S3 NIC1394;1394-stuurprogramma; C:\WINDOWS\system32\DRIVERS\nic1394.sys
S3 NSCIRDA;Stuurprogramma voor NSC-infraroodapparaat; C:\WINDOWS\system32\DRIVERS\nscirda.sys
S3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys
S3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys
S3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys
S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 WSTCODEC;World Standard Teletext-codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe
R2 Irmon;Infraroodmonitor; C:\WINDOWS\system32\svchost.exe
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe
—————–EOF—————–
