PC wordt traag

[paddepoel]

De laptop reageert sedert enige tijd vrij traag - opstarten van bvb. Excel duurt lang - soms 'bevriest' een toepassing of IE - een snelle scan met Mamwarebyutes Anti-Malware heeft geen besmettingen aantgetoond - hierbij een Hijackthis logje.

pcLogfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:49:19, on 12/01/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Teamviewer\Version7\TeamViewer.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Philips Display\SmartControl\DTHtml.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe

C:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Users\pgadebac\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe

C:\Program Files\Borland\StarTeam Toolbar\SBToolbar.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe

C:\PROGRA~1\COPERN~1\DESKTO~3.EXE

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\explorer.exe

C:\Users\pgadebac\Favorites\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120910080500.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Copernic Desktop Search - Corporate Toolbar - {B69A3268-DA39-49B0-B1A6-4E7E4B98BB45} - C:\Program Files\Copernic Desktop Search - Corporate\Toolbar\ToolbarContainer101000325.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [LogonV2] C:\MVA-Tools\loglogonV2.exe

O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10

O4 - HKLM\..\Run: [DT PLP] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PLP

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKCU\..\Run: [Copernic Desktop Search - Corporate] "C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" /tray

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} (ALM Platfrom Loader v11) - http://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.minfin.be/dana-cached/sc/JuniperSetupClient.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra

O17 - HKLM\System\CCS\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS1\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS2\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe

O23 - Service: AgentService - Autonomy Corporation plc - c:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe

O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Olof Lagerkvist - C:\Windows\system32\imdsksvc.exe

O23 - Service: Lotus Notes Smart Upgrade-service (LNSUSvc) - IBM Corp - C:\Program Files\IBM\Lotus\Notes\SUService.exe

O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

O23 - Service: MVA-Team Service (mvaservice) - Unknown owner - C:\MVA-Tools\srvany.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

O23 - Service: Sb2.Printer - Sb2 - C:\Program Files\Sb2\Sb2.Printer.exe

O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\Teamviewer\Version7\TeamViewer_Service.exe

O23 - Service: uvnc_service - UltraVNC - C:\Program Files\VNC\winvnc.exe

O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--

End of file - 12516 bytes

[Asus]

Gaat het hier over dezelfde laptop als de laptop in dit topic ?...

[paddepoel]

Het gaat niet over dezelfde laptop - het andere topic betrof een vorige laptop.

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: Copernic Desktop Search - Corporate Toolbar - {B69A3268-DA39-49B0-B1A6-4E7E4B98BB45} - C:\Program Files\Copernic Desktop Search - Corporate\Toolbar\ToolbarContainer101000325.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw logje van HijackThis.

[paddepoel]

Wanneer ik ComboFix wil installeren, krijg ik meerder malen foutmeldingen. Ik kan klikken op Afbreken, Negeren of Overslaan. Heb op Overslaan geklikt. Na installatie van ComboFix, opstarten en updtane krijg je het blauwe scherm, maar onmiddelijk de boodschap dat een bestand mist (wat logisch is). Hoe kan ik ComboFix volledig geïnstalleerd krijgen?

[kape]

Heb je het opstarten al eens in "veilige modus" geprobeerd ?

[paddepoel]

Hierbij het ComboFix logje:

Wanneer ik HijackThis wil opstarten krijg ik volgende foutmelding:

ComboFix 13-01-17.04 - pgadebac 20/01/2013 12:55:49.1.4 - x86 MINIMAL

Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3055.1841 [GMT 1:00]

Gestart vanuit: c:\users\pgadebac\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

C:\install.exe

c:\programdata\SEC7351.tmp

c:\windows\system32\ReadMe.txt

c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll

c:\windows\system32\ZoomIt.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_mvaservice

-------\Service_uvnc_service

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-12-20 to 2013-01-20 ))))))))))))))))))))))))))))))

.

.

2013-01-20 11:59 . 2013-01-20 11:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-20 11:59 . 2013-01-20 11:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-01-19 12:39 . 2013-01-19 12:39 -------- d-----w- c:\program files\ESET

2013-01-19 12:17 . 2013-01-15 01:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143E78F2-3223-4EDA-ADB0-DE12834B57EB}\mpengine.dll

2013-01-19 12:17 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe

2013-01-18 14:16 . 2012-11-30 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-18 14:15 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs

2013-01-12 09:54 . 2013-01-12 09:54 -------- d-----w- c:\users\pgadebac\AppData\Local\Programs

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-15 16:34 . 2012-09-23 16:40 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-15 16:34 . 2012-07-03 07:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-19 08:48 . 2012-07-09 07:28 5995172 ----a-w- c:\windows\FramePkg.exe

2012-12-14 15:49 . 2012-07-07 06:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-17 12:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2012-11-17 12:55 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-11-14 12:16 . 2012-11-14 12:16 4608 ----a-w- c:\windows\system32\w95inf32.dll

2012-11-14 12:16 . 2012-11-14 12:16 2272 ----a-w- c:\windows\system32\w95inf16.dll

2012-03-13 04:38 . 2012-07-03 07:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Copernic Desktop Search - Corporate"="c:\program files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" [2010-09-07 1743320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-26 13830760]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-14 215656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708]

"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"LogonV2"="c:\mva-tools\loglogonV2.exe" [2013-01-07 310779]

"PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]

"DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-08-15 121648]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2012-08-21 333416]

"LaCie Safe Manager Startup"="c:\program files\LaCie\Safe Manager\LSMDaemon.exe" [2010-04-02 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= -

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]

"Script"=\\finbel\findata\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentUiRunKey]

2011-06-26 19:57 239104 ----a-w- c:\program files\Iron Mountain\Connected BackupPC\Agent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]

2012-10-30 10:20 1315400 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]

2012-10-19 22:02 70728 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-07-05 13:43 116648 ----atw- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]

2005-09-29 18:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Safe Manager Startup]

2010-04-02 14:27 45568 ----a-w- c:\program files\LaCie\Safe Manager\LSMDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]

2011-06-14 16:39 279552 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

.

R2 VmbService;Vodafone Mobile Broadband-service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]

R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 EUBAKUP0;EUBAKUP0;c:\windows\system32\drivers\EUBAKUP0.sys [x]

R3 EUBKMON0;EUBKMON0;c:\windows\system32\drivers\EUBKMON0.sys [x]

R3 EUFDDISK0;EUFDDISK0;c:\windows\system32\drivers\EUFDDISK0.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x]

R3 Sb2.Printer;Sb2.Printer;c:\program files\Sb2\Sb2.Printer.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 UacCtl2;GN Netcom Control Driver;c:\windows\system32\DRIVERS\uacctl2.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]

S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]

S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]

S2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [x]

S2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\DRIVERS\CipcCdp.sys [x]

S2 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [x]

S2 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys [x]

S2 LNSUSvc;Lotus Notes Smart Upgrade-service;c:\program files\IBM\Lotus\Notes\SUService.exe [x]

S2 Lotus Notes Diagnostics;Lotus Notes Diagnostische Service;c:\program files\IBM\Lotus\Notes\nsd.exe [x]

S2 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker.sys [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]

S2 TeamViewer7;TeamViewer 7;c:\program files\Teamviewer\Version7\TeamViewer_Service.exe [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - mfeavfk01

.

Inhoud van de 'Gedeelde Taken' map

.

2013-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 16:34]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job

- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job

- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://intranet

mStart Page = hxxp://intranet

TCP: DhcpNameServer = 195.130.130.130 195.130.131.130

TCP: Interfaces\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11

DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab

FF - ProfilePath - c:\users\pgadebac\AppData\Roaming\Mozilla\Firefox\Profiles\3itkizca.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: network.proxy.type - 4

FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

.

.

------- Bestandsassociaties -------

.

inifile=%SystemRoot%\SciTE.exe "%1"

txtfile=%SystemRoot%\SciTE.exe "%1"

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(4624)

c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll

c:\program files\Copernic Desktop Search - Corporate\DeskbandIntegration304000026.dll

c:\program files\Copernic Desktop Search - Corporate\SearchPlatform-s.dll

c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll

c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

c:\program files\Stardock\Fences\FencesMenu.dll

c:\program files\stardock\fences\DesktopDock.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

- - - - - - - > 'explorer.exe'(3528)

c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\IDT\WDM\STacSV.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Juniper Networks\Common Files\dsNcService.exe

c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\IBM\Lotus\Notes\ntmulti.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

c:\windows\system32\conhost.exe

c:\windows\system32\taskhost.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\CCM\CcmExec.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Teamviewer\Version7\TeamViewer.exe

c:\windows\system32\conhost.exe

c:\program files\Teamviewer\Version7\tv_w32.exe

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

c:\program files\Philips Display\SmartControl\DTHtml.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe

c:\program files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe

c:\program files\Portrait Displays\Pivot Pro Plugin\floater.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\System32\vds.exe

c:\windows\system32\msiexec.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\wbem\WmiApSrv.exe

.

**************************************************************************

.

Voltooingstijd: 2013-01-20 13:08:08 - machine werd herstart

ComboFix-quarantined-files.txt 2013-01-20 12:08

.

Pre-Run: 151.077.576.704 bytes beschikbaar

Post-Run: 151.718.653.952 bytes beschikbaar

.

- - End Of File - - 4EB561EE3A9E6A7BF2DBC7C35E7C061D

21 januari 2013 aangepast door kape
dubbellog verwijderd

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\users\pgadebac\AppData\Roaming\Mozilla\Firefox\Profiles\3itkizca.default\

FF - prefs.js: browser.search.defaulturl -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in de rode snelkoppeling van ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

En laat daarna ook even weten hoe het nu met de snelheid staat ?

[paddepoel]

Heb Combofix herstart in veilige modus en nadien ook hijackThis gerund. Hierbij de logjes:

ComboFix 13-01-27.03 - pgadebac 27/01/2013 10:27:21.2.4 - x86 MINIMAL

Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3055.1783 [GMT 1:00]

Gestart vanuit: c:\users\pgadebac\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\pgadebac\Desktop\CFScript.txt

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_mvaservice

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-12-27 to 2013-01-27 ))))))))))))))))))))))))))))))

.

.

2013-01-27 09:32 . 2013-01-27 09:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-27 09:32 . 2013-01-27 09:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-01-27 08:25 . 2013-01-27 08:26 -------- d-----w- c:\program files\Common Files\Adobe

2013-01-27 06:54 . 2013-01-27 06:54 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143E78F2-3223-4EDA-ADB0-DE12834B57EB}\offreg.dll

2013-01-26 14:31 . 2013-01-26 14:31 -------- d-----w- c:\users\pgadebac\AppData\Roaming\smkits

2013-01-20 11:59 . 2013-01-27 09:34 -------- d-----w- c:\users\pgadebac\AppData\Local\temp

2013-01-19 12:39 . 2013-01-19 12:39 -------- d-----w- c:\program files\ESET

2013-01-19 12:17 . 2013-01-15 01:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143E78F2-3223-4EDA-ADB0-DE12834B57EB}\mpengine.dll

2013-01-19 12:17 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe

2013-01-18 14:16 . 2012-11-30 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-18 14:15 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs

2013-01-12 09:54 . 2013-01-12 09:54 -------- d-----w- c:\users\pgadebac\AppData\Local\Programs

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-15 16:34 . 2012-09-23 16:40 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-15 16:34 . 2012-07-03 07:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-19 08:48 . 2012-07-09 07:28 5995172 ----a-w- c:\windows\FramePkg.exe

2012-12-14 15:49 . 2012-07-07 06:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-17 12:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2012-11-17 12:55 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-11-14 12:16 . 2012-11-14 12:16 4608 ----a-w- c:\windows\system32\w95inf32.dll

2012-11-14 12:16 . 2012-11-14 12:16 2272 ----a-w- c:\windows\system32\w95inf16.dll

2012-03-13 04:38 . 2012-07-03 07:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Copernic Desktop Search - Corporate"="c:\program files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" [2010-09-07 1743320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-26 13830760]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-14 215656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708]

"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"LogonV2"="c:\mva-tools\loglogonV2.exe" [2013-01-07 310779]

"PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]

"DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-08-15 121648]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2012-08-21 333416]

"LaCie Safe Manager Startup"="c:\program files\LaCie\Safe Manager\LSMDaemon.exe" [2010-04-02 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= -

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]

"Script"=\\finbel\findata\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentUiRunKey]

2011-06-26 19:57 239104 ----a-w- c:\program files\Iron Mountain\Connected BackupPC\Agent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]

2012-10-30 10:20 1315400 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]

2012-10-19 22:02 70728 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-07-05 13:43 116648 ----atw- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]

2005-09-29 18:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Safe Manager Startup]

2010-04-02 14:27 45568 ----a-w- c:\program files\LaCie\Safe Manager\LSMDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]

2011-06-14 16:39 279552 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

.

R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 EUBAKUP0;EUBAKUP0;c:\windows\system32\drivers\EUBAKUP0.sys [x]

R3 EUBKMON0;EUBKMON0;c:\windows\system32\drivers\EUBKMON0.sys [x]

R3 EUFDDISK0;EUFDDISK0;c:\windows\system32\drivers\EUFDDISK0.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x]

R3 Sb2.Printer;Sb2.Printer;c:\program files\Sb2\Sb2.Printer.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 UacCtl2;GN Netcom Control Driver;c:\windows\system32\DRIVERS\uacctl2.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]

S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]

S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]

S2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [x]

S2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\DRIVERS\CipcCdp.sys [x]

S2 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [x]

S2 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys [x]

S2 LNSUSvc;Lotus Notes Smart Upgrade-service;c:\program files\IBM\Lotus\Notes\SUService.exe [x]

S2 Lotus Notes Diagnostics;Lotus Notes Diagnostische Service;c:\program files\IBM\Lotus\Notes\nsd.exe [x]

S2 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker.sys [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]

S2 TeamViewer7;TeamViewer 7;c:\program files\Teamviewer\Version7\TeamViewer_Service.exe [x]

S2 VmbService;Vodafone Mobile Broadband-service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - mfeavfk01

.

Inhoud van de 'Gedeelde Taken' map

.

2013-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 16:34]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job

- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job

- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://intranet

mStart Page = hxxp://intranet

TCP: DhcpNameServer = 195.130.130.130 195.130.131.130

TCP: Interfaces\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11

DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab

FF - ProfilePath - c:\users\pgadebac\AppData\Roaming\Mozilla\Firefox\Profiles\3itkizca.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: network.proxy.type - 4

FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(5016)

c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll

c:\program files\Copernic Desktop Search - Corporate\DeskbandIntegration304000026.dll

c:\program files\Copernic Desktop Search - Corporate\SearchPlatform-s.dll

c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll

c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

c:\program files\Stardock\Fences\FencesMenu.dll

c:\program files\stardock\fences\DesktopDock.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\IDT\WDM\STacSV.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Juniper Networks\Common Files\dsNcService.exe

c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\IBM\Lotus\Notes\ntmulti.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\windows\system32\CCM\CcmExec.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\program files\Teamviewer\Version7\TeamViewer.exe

c:\windows\system32\conhost.exe

c:\program files\Teamviewer\Version7\tv_w32.exe

c:\windows\system32\msiexec.exe

c:\windows\System32\vds.exe

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

c:\program files\Philips Display\SmartControl\DTHtml.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe

c:\program files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe

c:\program files\Portrait Displays\Pivot Pro Plugin\floater.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\program files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\wbem\WmiApSrv.exe

.

**************************************************************************

.

Voltooingstijd: 2013-01-27 10:38:07 - machine werd herstart

ComboFix-quarantined-files.txt 2013-01-27 09:38

ComboFix2.txt 2013-01-20 12:08

.

Pre-Run: 149.251.698.688 bytes beschikbaar

Post-Run: 149.046.054.912 bytes beschikbaar

.

- - End Of File - - F5222B3AE20659D0872BA643700ADA3C

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:41:35, on 27/01/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Teamviewer\Version7\TeamViewer.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Program Files\Philips Display\SmartControl\DTHtml.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\LaCie\Safe Manager\LSMDaemon.exe

C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe

C:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\Documents\onderhoud PC\HijackThis.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120910080500.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [LogonV2] C:\MVA-Tools\loglogonV2.exe

O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10

O4 - HKLM\..\Run: [DT PLP] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PLP

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [LaCie Safe Manager Startup] "C:\Program Files\LaCie\Safe Manager\LSMDaemon.exe"

O4 - HKCU\..\Run: [Copernic Desktop Search - Corporate] "C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" /tray

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} (ALM Platfrom Loader v11) - http://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.minfin.be/dana-cached/sc/JuniperSetupClient.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra

O17 - HKLM\System\CCS\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS1\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS2\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe

O23 - Service: AgentService - Autonomy Corporation plc - c:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe

O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Olof Lagerkvist - C:\Windows\system32\imdsksvc.exe

O23 - Service: Lotus Notes Smart Upgrade-service (LNSUSvc) - IBM Corp - C:\Program Files\IBM\Lotus\Notes\SUService.exe

O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

O23 - Service: Sb2.Printer - Sb2 - C:\Program Files\Sb2\Sb2.Printer.exe

O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\Teamviewer\Version7\TeamViewer_Service.exe

O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--

End of file - 11334 bytes

- - - Updated - - -

Ik heb de indruk dat de portable vlotter draait. Wanneer ik op de McAfee > Info klik, heb ik volgende pop-up:

[kape]

Die foutmelding zou moeten verdwijnen indien je de laptop opnieuw opstart. Is dat het geval ?