hacktool w 32

ricardo

07-07-2013 05:42

hallo lezers van het forum
ik heb een virus genaamd hacktool w32 of zo iets windows live Essentials krijgt deze echter niet verwijderd
wat nu verder te doen ??
ik heb hierbij een logje geplaatst
weet niet of ik nog meer moet plaatsen
online scanner heeft niets gevonden en mbam ook niet ???
ik hoor het wel
groetjes ricardo
info.txt logfile of random's system information tool 1.09 2013-07-07 05:24:07
======Uninstall list======
–>MsiExec /X{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}
Aangifte inkomstenbelasting 2012–>C:\Program Files (x86)\Belastingdienst\Aangifte inkomstenbelasting\2012\ib2012u.exe
Adobe Flash Player 11 ActiveX–>C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin–>C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -maintain plugin
Adobe Reader X (10.1.7) - Nederlands–>MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AA1000000001}
Adobe Shockwave Player 11.6–>“C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe”
Apple Application Support–>MsiExec.exe /I{F5266D28-E0B2-4130-BFC5-EE155AD514DC}
Apple Software Update–>MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Ashampoo Burning Studio 9.21–>“C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 9\unins000.exe”
CCleaner–>“C:\Program Files\CCleaner\uninst.exe”
D3DX10–>MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{FEE83E48-5D21-4EEC-A345-5C5887869DBE}” “1043” “0”
eMule–>“C:\Program Files (x86)\eMule\Uninstall.exe”
FrostWire 5.5.5–>C:\Program Files (x86)\FrostWire 5\Uninstall.exe
Google Chrome–>“C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\setup.exe” –uninstall –multi-install –chrome –system-level
Google Toolbar for Internet Explorer–>“C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_80ACC8E3971CD605.exe” /uninstall
Google Toolbar for Internet Explorer–>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper–>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
IncrediMail 2.0–>C:\Program Files (x86)\IncrediMail\Bin\ImSetup.exe /uninstallProduct /addon:incredimail
IncrediMail–>MsiExec.exe /X{FDFE5E63-116A-4655-9B4D-29F4AFE441B3}
Java 7 Update 25–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217017FF}
Java(TM) 6 Update 31 (64-bit)–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416031FF}
Logitech Vid HD–>C:\Program Files (x86)\Logitech\Vid HD\uninst.exe
Logitech Webcam Software–>MsiExec.exe /I{987FE247-4E69-4A2E-A961-D14F901FDBF6}
Logitech Webcam Software-stuurprogrammapakket–>“C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\LgDrvInst.exe” -remove -instdir“C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\” -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey“lvdrivers_12.10” /clone_wait /hide_progress
Malwarebytes Anti-Malware versie 1.75.0.1300–>“C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe”
Messenger Plus! 5–>“C:\Program Files (x86)\Yuna Software\Messenger Plus!\Uninstall.exe”
Microsoft .NET Framework 4 Client Profile NLD Language Pack–>MsiExec.exe /X{4567EA14-6BCA-3EF9-859B-92CE48B1D704}
Microsoft .NET Framework 4 Client Profile–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile–>MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended NLD Language Pack–>MsiExec.exe /X{021B6358-4373-3FC0-A0B4-4709B7E0D3E5}
Microsoft .NET Framework 4 Extended–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended–>MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Antimalware Service NL-NL Language Pack–>MsiExec.exe /X{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}
Microsoft Antimalware–>MsiExec.exe /X{05BFB060-4F22-4710-B0A2-2801A1B606C5}
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0015-0413-1000-0000000FF1CE}” “{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0016-0413-1000-0000000FF1CE}” “{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0018-0413-1000-0000000FF1CE}” “{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0019-0413-1000-0000000FF1CE}” “{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001A-0413-1000-0000000FF1CE}” “{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001B-0413-1000-0000000FF1CE}” “{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0407-1000-0000000FF1CE}” “{70A3169E-288F-454F-A08D-20DF66639B50}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0409-1000-0000000FF1CE}” “{0242505C-4E90-407F-9299-B5B275F50D86}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-040C-1000-0000000FF1CE}” “{B51389C8-2890-4633-81D8-47D2A7402274}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0413-1000-0000000FF1CE}” “{AA4240DC-855A-477B-8E38-89FBC16056E3}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002C-0413-1000-0000000FF1CE}” “{F6144043-F441-49EE-BC99-ECAAFD3C3A65}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0413-1000-0000000FF1CE}” “{ACB44C8D-AA50-44D2-B1DC-408A7F215FA2}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0044-0413-1000-0000000FF1CE}” “{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-006E-0413-1000-0000000FF1CE}” “{BA6AF386-8886-4907-8CDF-BE7B7071944A}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-00A1-0413-1000-0000000FF1CE}” “{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}” “1043” “0”
Microsoft Office 2010 Service Pack 1 (SP1)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-00BA-0413-1000-0000000FF1CE}” “{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}” “1043” “0”
Microsoft Office Access MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0015-0413-1000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0016-0413-1000-0000000FF1CE}
Microsoft Office Groove MUI (Dutch) 2010–>MsiExec.exe /X{90140000-00BA-0413-1000-0000000FF1CE}
Microsoft Office InfoPath MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0044-0413-1000-0000000FF1CE}
Microsoft Office Office 32-bit Components 2010–>MsiExec.exe /X{90140000-0043-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Dutch) 2010–>MsiExec.exe /X{90140000-00A1-0413-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2010–>MsiExec.exe /X{90140000-001A-0413-1000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0018-0413-1000-0000000FF1CE}
Microsoft Office Professional Plus 2010–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe” /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010–>MsiExec.exe /X{90140000-0011-0000-1000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2010–>MsiExec.exe /X{90140000-001F-0413-1000-0000000FF1CE}
Microsoft Office Proof (English) 2010–>MsiExec.exe /X{90140000-001F-0409-1000-0000000FF1CE}
Microsoft Office Proof (French) 2010–>MsiExec.exe /X{90140000-001F-040C-1000-0000000FF1CE}
Microsoft Office Proof (German) 2010–>MsiExec.exe /X{90140000-001F-0407-1000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2010–>MsiExec.exe /X{90140000-002C-0413-1000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0019-0413-1000-0000000FF1CE}
Microsoft Office Shared 32-bit MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0043-0413-1000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2010–>MsiExec.exe /X{90140000-006E-0413-1000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2010–>MsiExec.exe /X{90140000-001B-0413-1000-0000000FF1CE}
Microsoft Security Client NL-NL Language Pack–>MsiExec.exe /I{DC911ADF-7B60-40F2-A112-FB1EB6402D07}
Microsoft Security Client–>MsiExec.exe /I{42738DB0-FC3E-4672-A99B-9372F5696E30}
Microsoft Security Essentials–>C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable (x64)–>MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)–>MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17–>MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161–>MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17–>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161–>MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319–>MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319–>MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
MP3 Jukebox 5.3.0–>“C:\Program Files (x86)\MP3 Jukebox\unins000.exe”
MSVCRT–>MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSVCRT110_amd64–>MsiExec.exe /I{E9FA781F-3E80-4399-825A-AD3E11C28C77}
MSVCRT110–>MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
NVIDIA 3D Vision controllerstuurprogramma 314.22–>“C:\Windows\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\installer.{4CD139BC-5D46-49F0-B91D-25822DE9EFDE}\NVI2.DLL”,UninstallPackage Display.NVIRUSB
NVIDIA 3D Vision stuurprogramma 314.22–>“C:\Windows\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\installer.{4CD139BC-5D46-49F0-B91D-25822DE9EFDE}\NVI2.DLL”,UninstallPackage Display.3DVision
NVIDIA Grafisch stuurprogramma 314.22–>“C:\Windows\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\installer.{4CD139BC-5D46-49F0-B91D-25822DE9EFDE}\NVI2.DLL”,UninstallPackage Display.Driver
NVIDIA HD Audio-stuurprogramma 1.3.23.1–>“C:\Windows\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\installer.{4CD139BC-5D46-49F0-B91D-25822DE9EFDE}\NVI2.DLL”,UninstallPackage HDAudio.Driver
NVIDIA PhysX systeemsoftware 9.12.1031–>“C:\Windows\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\installer.{567859C6-0AB7-410E-AB64-802196B9C29B}\NVI2.DLL”,UninstallPackage Display.PhysX
NVIDIA PhysX–>MsiExec.exe /I{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}
NVIDIA Stereoscopic 3D Driver–>“C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe” /uninstall /ask
NVIDIA Update 1.12.12–>“C:\Windows\SysWOW64\RunDll32.EXE” “C:\Program Files\NVIDIA Corporation\Installer2\installer.{4CD139BC-5D46-49F0-B91D-25822DE9EFDE}\NVI2.DLL”,UninstallPackage Display.Update
NZBEE–>C:\ProgramData\Caphyon\Advanced Installer\{3401EE44-39E4-4193-96A8-8D9C1961764D}\setup.exe /x {3401EE44-39E4-4193-96A8-8D9C1961764D}
NZBEE–>MsiExec.exe /I{3401EE44-39E4-4193-96A8-8D9C1961764D}
Photo Common–>MsiExec.exe /X{743FD554-A73F-4FE8-BE7B-C283D16297F9}
PlayReady PC Runtime amd64–>MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}
QuickPar 0.9–>C:\Program Files (x86)\QuickPar\uninst.exe
QuickTime–>MsiExec.exe /I{B67BAFBA-4C9F-48FA-9496-933E3B255044}
RocketDock 1.3.5–>“C:\Program Files (x86)\RocketDock\unins000.exe”
Security Update for CAPICOM (KB931906)–>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E7F6B64E-E11F-3D1C-868D-3F1443DA5A15} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)–>c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)–>c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)–>c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)–>c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Extended
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{D2EC0616-5207-48E4-8AC2-478F107EF383}” “1043” “0”
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{B79A2491-254E-444C-AEB0-740B35265523}” “1043” “0”
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{922AB926-89A0-45D2-8588-3FAA755E1516}” “1043” “0”
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{28399A49-DAB3-4392-BDE6-40060D616A3D}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2553091)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{527AC538-7A51-40A5-89D7-5C1FEBBEA4C3}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2553096)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{C4BF81CC-3786-4CE4-9D9F-DD393678B9EC}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{0F6C4F72-6084-437B-9B35-F59B09E3C1B0}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{7C04E5C7-C747-43DE-B648-09B97811D93E}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{297E6E47-5F6E-4DD8-B880-75944B5C1C7C}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{2B4B504B-6620-4FFD-94CB-3D640AB3FCD2}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{19B568F6-93AF-4C11-A085-7277ADEF8F04}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{19B568F6-93AF-4C11-A085-7277ADEF8F04}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{9DAE52D2-834F-4743-ABF7-DEBAB9A932E5}” “1043” “0”
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{8D46C16E-6980-4970-B17B-20DAC8CAFFCE}” “1043” “0”
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{8D46C16E-6980-4970-B17B-20DAC8CAFFCE}” “1043” “0”
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{35586368-06B9-44C6-A43E-8AE6039B9B7F}” “1043” “0”
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{FA3E8ADD-F1A5-4960-B9F9-A76B73E9889A}” “1043” “0”
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{A45236F4-03D7-4F04-A196-98DD2D005287}” “1043” “0”
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{000B67CC-2C25-46AA-8D02-752BB0DD6D86}” “1043” “0”
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)–>c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP
Skype™ 6.5–>MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Spotnet–>“C:\Program Files (x86)\Spotnet\unins000.exe”
swMSM–>MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1043 /parameterfolder ClientLP
Taalpakket voor Microsoft .NET Framework 4 Extended - NLD–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /x64 /lcid 1043 /parameterfolder ExtendedLP
Total Commander (Remove or Repair)–>c:\totalcmd\tcuninst.exe
Unzbin Usenet NZB Client–>C:\Program Files (x86)\Unzbin\uninst.exe
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8C286FD4-AB38-37A6-BC8A-6F16AFE9AB1F} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)–>c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)–>c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2600217)–>c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2836939)–>c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {8C286FD4-AB38-37A6-BC8A-6F16AFE9AB1F} /parameterfolder Extended
Update for Microsoft Office 2010 (KB2553065)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{57CEB66B-DD29-4883-92A2-671331657B52}” “1043” “0”
Update for Microsoft Office 2010 (KB2553092)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{E636FE63-842B-4F4B-9884-DA189ACC0B91}” “1043” “0”
Update for Microsoft Office 2010 (KB2553092)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0044-0413-1000-0000000FF1CE}” “{E636FE63-842B-4F4B-9884-DA189ACC0B91}” “1043” “0”
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}” “1043” “0”
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}” “1043” “0”
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{3E381AC3-30C3-41D7-9B27-B3F3E17BDCB8}” “1043” “0”
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0413-1000-0000000FF1CE}” “{6442DF77-AD16-4311-A564-7AA3ECB50A73}” “1043” “0”
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-006E-0413-1000-0000000FF1CE}” “{EBD3B8A4-32BC-48C7-8E95-360F367854F6}” “1043” “0”
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{CABC3FE9-02BD-47C8-8576-EA3E8BB1BE1A}” “1043” “0”
Update for Microsoft Office 2010 (KB2566458)–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{A6C194EA-C6CB-4314-9E43-AD1F4A1E9D74}” “1043” “0”
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0407-1000-0000000FF1CE}” “{2D507B6C-B472-447F-B61F-8EF54D9893A5}” “1043” “0”
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0409-1000-0000000FF1CE}” “{A8EC00BF-EDF5-46F0-B466-C4312722D8F3}” “1043” “0”
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-040C-1000-0000000FF1CE}” “{02A7E7E4-15FB-4240-963D-61E9029E0135}” “1043” “0”
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{7750DF63-F5DC-4198-8B8B-AE03B212F462}” “1043” “0”
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{7750DF63-F5DC-4198-8B8B-AE03B212F462}” “1043” “0”
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{B6AD7E27-012A-4B63-82BA-AF62893E5435}” “1043” “0”
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{204B60A2-CCEA-4075-9F58-B7BC1BA5E742}” “1043” “0”
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-00A1-0413-1000-0000000FF1CE}” “{B58EED94-C75E-4A38-87E5-0CCE4A294032}” “1043” “0”
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{0977F620-BD31-41EC-B18C-31E341D5935E}” “1043” “0”
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001A-0413-1000-0000000FF1CE}” “{5FF5C034-CF96-4B41-AC1C-4A1064510518}” “1043” “0”
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{7861C766-2AA2-4A50-AB75-A57D451CEA76}” “1043” “0”
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001A-0413-1000-0000000FF1CE}” “{A64559C6-EF86-48DF-A721-189794C7D2BF}” “1043” “0”
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{AF61D314-0E39-485E-A603-2B2F03AB7376}” “1043” “0”
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{E1757044-ECB2-4551-B1D5-5E39F7E109CE}” “1043” “0”
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{E1757044-ECB2-4551-B1D5-5E39F7E109CE}” “1043” “0”
VLC media player 2.0.6–>C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Vuze–>C:\Program Files\Vuze\uninstall.exe
Windows Live Communications Platform–>MsiExec.exe /I{0454BB9A-2A7A-4214-BDFF-937F7A711A44}
Windows Live Essentials–>C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials–>MsiExec.exe /I{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}
Windows Live ID Sign-in Assistant–>MsiExec.exe /I{CE52672C-A0E9-4450-8875-88A221D5CD50}
Windows Live Installer–>MsiExec.exe /I{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}
Windows Live Messenger–>MsiExec.exe /X{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}
Windows Live Messenger–>MsiExec.exe /X{F2235E5E-7881-4293-9B6F-04B2609FBFF0}
Windows Live Photo Common–>MsiExec.exe /X{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}
Windows Live PIMT Platform–>MsiExec.exe /I{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}
Windows Live Safety Scanner–>RunDll32.exe “C:\Program Files\Windows Live Safety Center\wlscCore.dll”,UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live SOXE Definitions–>MsiExec.exe /I{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}
Windows Live SOXE–>MsiExec.exe /I{FE7C0B3D-50B9-4951-BE78-A321CBF86552}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{4AA2A466-8031-403A-8236-5301B4E391FB}
Windows Live UX Platform–>MsiExec.exe /I{4CCBD1F4-CEEC-452A-9CB8-46564B501315}
Winrar 3.93–>C:\Program Files (x86)\Winrar\Uninstall.exe
WinRAR 4.00 (64-bit)–>C:\Program Files\WinRAR\uninstall.exe
x64 Components v3.5.6–>“C:\Program Files\Shark007\unins000.exe”
======System event log======
Computer Name: ricardo-PC
Event Code: 7036
Message: De Microsoft Network Inspection-service heeft nu de status wordt uitgevoerd.
Record Number: 29020
Source Name: Service Control Manager
Time Written: 20130323193037.524414-000
Event Type: Informatie
User:
Computer Name: ricardo-PC
Event Code: 7036
Message: De IPsec Policy Agent-service heeft nu de status wordt uitgevoerd.
Record Number: 29019
Source Name: Service Control Manager
Time Written: 20130323193037.243164-000
Event Type: Informatie
User:
Computer Name: ricardo-PC
Event Code: 7036
Message: De Computer Browser-service heeft nu de status wordt uitgevoerd.
Record Number: 29018
Source Name: Service Control Manager
Time Written: 20130323193037.196289-000
Event Type: Informatie
User:
Computer Name: ricardo-PC
Event Code: 3002
Message: Real-timebeveiligingsonderdeel van Microsoft Antimalware heeft een fout aangetroffen en is niet uitgevoerd.
Onderdeel: Gedragscontrole
Foutcode: 0x80004005
Foutbeschrijving: Niet nader omschreven fout
Reden: Het filterstuurprogramma werkt niet zonder een bijgewerkte engine. U moet de laatste definitie-updates installeren om realtime-beveiliging mogelijk te maken.
Record Number: 29017
Source Name: Microsoft Antimalware
Time Written: 20130323193046.000000-000
Event Type: Fout
User:
Computer Name: ricardo-PC
Event Code: 7036
Message: De Application Experience-service heeft nu de status wordt uitgevoerd.
Record Number: 29016
Source Name: Service Control Manager
Time Written: 20130323193036.665039-000
Event Type: Informatie
User:
=====Application event log=====
Computer Name: ricardo-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 4287939
Source Name: NVIDIA OpenGL Driver
Time Written: 20130701124748.000000-000
Event Type: Waarschuwing
User:
Computer Name: ricardo-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 4287938
Source Name: NVIDIA OpenGL Driver
Time Written: 20130701124748.000000-000
Event Type: Waarschuwing
User:
Computer Name: ricardo-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 4287937
Source Name: NVIDIA OpenGL Driver
Time Written: 20130701124748.000000-000
Event Type: Waarschuwing
User:
Computer Name: ricardo-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 4287936
Source Name: NVIDIA OpenGL Driver
Time Written: 20130701124748.000000-000
Event Type: Waarschuwing
User:
Computer Name: ricardo-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 4287935
Source Name: NVIDIA OpenGL Driver
Time Written: 20130701124748.000000-000
Event Type: Waarschuwing
User:
=====Security event log=====
Computer Name: WIN-O7KD6Q51FSM
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: WIN-O7KD6Q51FSM$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x1fc
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 853
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120313173511.862633-000
Event Type: Controle geslaagd
User:
Computer Name: WIN-O7KD6Q51FSM
Event Code: 4672
Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Bevoegdheden: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 852
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120313173510.645831-000
Event Type: Controle geslaagd
User:
Computer Name: WIN-O7KD6Q51FSM
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: WIN-O7KD6Q51FSM$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x1fc
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 851
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120313173510.645831-000
Event Type: Controle geslaagd
User:
Computer Name: WIN-O7KD6Q51FSM
Event Code: 4738
Message: Er is een gebruikersaccount gewijzigd.
Onderwerp:
Beveiligings-id: S-1-5-21-4079765491-2898740382-3388337644-500
Accountnaam: Administrator
Accountdomein: WIN-O7KD6Q51FSM
Aanmeldings-id: 0x2603d
Doelaccount:
Beveiligings-id: S-1-5-21-4079765491-2898740382-3388337644-500
Accountnaam: Administrator
Accountdomein: WIN-O7KD6Q51FSM
Gewijzigde kenmerken:
SAM-accountnaam: -
Weergavenaam: -
Principal-naam van gebruiker: -
Basismap: -
Basisstation: -
Pad naar script: -
Pad naar profiel: -
Gebruikerswerkstations: -
Wachtwoord voor het laatst ingesteld: -
Account verloopt op: -
Primaire groeps-id: -
Mag overdragen aan: -
Oude UAC-waarde: 0x211
Nieuwe UAC-waarde: 0x211
Gebruikersaccountbeheer: -
Gebruikersparameters: -
SID-geschiedenis: -
Aantal uren aangemeld: -
Aanvullende gegevens:
Bevoegdheden: -
Record Number: 850
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120313173507.385426-000
Event Type: Controle geslaagd
User:
Computer Name: WIN-O7KD6Q51FSM
Event Code: 1102
Message: Het controlelogboek is gewist.
Onderwerp:
Beveiligings-id: S-1-5-21-4079765491-2898740382-3388337644-500
Accountnaam: Administrator
Domeinnaam: WIN-O7KD6Q51FSM
Aanmeldings-id: 0x2603d
Record Number: 849
Source Name: Microsoft-Windows-Eventlog
Time Written: 20120313173456.137806-000
Event Type: Controle geslaagd
User:
======Environment variables======
“ComSpec”=%SystemRoot%\system32\cmd.exe
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“Path”=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%PROGRAMFILES%\Internet Explorer;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
“PROCESSOR_ARCHITECTURE”=AMD64
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“USERNAME”=SYSTEM
“windir”=%SystemRoot%
“PSModulePath”=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
“NUMBER_OF_PROCESSORS”=4
“PROCESSOR_LEVEL”=6
“PROCESSOR_IDENTIFIER”=Intel64 Family 6 Model 23 Stepping 7, GenuineIntel
“PROCESSOR_REVISION”=1707
“windows_tracing_logfile”=C:\BVTBin\Tests\installpackage\csilogfile.log
“windows_tracing_flags”=3
“configsetroot”=%SystemRoot%\ConfigSetRoot
“CLASSPATH”=.;C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip
“QTJAVA”=C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip
—————–EOF—————–
Ben

07-07-2013 10:01

Hallo,
Waar is het logje van AdwCleaner, hier terug te vinden C:\AdwCleaner.txt
En van RSIT zou ik graag het tekst.log willen zien. (RSIT heeft er 2 gemaakt)
Gr.Ben
ricardo

07-07-2013 10:19

hoi ben
hierbij het logje van adw cleaner
# AdwCleaner v2.300 - Verslag gemaakt op 15/05/2013 om 06:53:16
# Geactualiseerd op 28/04/2013 door Xplode
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Gebruiker : ricardo - RICARDO-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\ricardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBOPDBIO\adwcleaner.exe
# Optie
***** *****
***** *****
File Verwijdert : C:\END
Map Verwijdert : C:\Program Files (x86)\DealPly
Map Verwijdert : C:\ProgramData\Ask
Map Verwijdert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Map Verwijdert : C:\Users\ricardo\AppData\Local\APN
Map Verwijdert : C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Map Verwijdert : C:\Users\ricardo\AppData\Local\Temp\AskSearch
Map Verwijdert : C:\Users\ricardo\AppData\Roaming\DealPly
***** *****
Sleutel Verwijdert : HKCU\Software\APN PIP
Sleutel Verwijdert : HKCU\Software\Conduit
Sleutel Verwijdert : HKCU\Software\DealPly
Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Sleutel Verwijdert : HKCU\Software\IM
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Sleutel Verwijdert : HKCU\Software\Softonic
Sleutel Verwijdert : HKLM\Software\DealPly
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Sleutel Verwijdert : HKLM\Software\PIP
Sleutel Verwijdert : HKLM\Software\TENCENT
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** *****
-\\ Internet Explorer v9.0.8112.16476
Het register bevat geen enkele ongeoorloofde invoer.
-\\ Google Chrome v26.0.1410.64
File : C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Default\Preferences
Verwijdert : icon_url = “hxxp://www.ask.com/favicon.ico”,
Verwijdert : keyword = “ask.com”,
Verwijdert : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=4C
Verwijdert : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
Ben

07-07-2013 10:21

Hallo,
Download zoek.exe naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
* Dubbelklik op Zoek.exe om de tool te starten.
* Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
firefoxlook;
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
*Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post nu de inhoud van het geopende logje in het volgende bericht.
Gr.Ben
ricardo

07-07-2013 10:22

en hierbij het logje van resit
ik hoop dat ik het zo goed gedaan heb
groetjes Ricardo
Logfile of random's system information tool 1.09 (written by random/random)
Run by ricardo at 2013-07-07 10:21:11
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 197 GB (52%) free of 380 GB
Total RAM: 6074 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:14, on 7-7-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\ricardo.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: “C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe” /hide
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKCU\..\Run: “C:\Program Files (x86)\RocketDock\RocketDock.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe (file missing)
–
End of file - 9458 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
“C:\Windows\system32\nvvsvc.exe”
“C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe”
C:\Windows\system32\svchost.exe -k RPCSS
“c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe”
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
“C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe”
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
“C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe”
“C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe” -Embedding
“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe”
“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
WLIDSvcM.exe 1664
“taskhost.exe”
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
“c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe”
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
“C:/Program Files/NVIDIA Corporation/Display/nvtray.exe” -user_has_logged_in 1
“C:\Program Files (x86)\RocketDock\RocketDock.exe”
“C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe” /hide
“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
C:\Windows\system32\SearchIndexer.exe /Embedding
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
“C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe” -Embedding
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe”
“C:\Program Files\Internet Explorer\iexplore.exe”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:3096 CREDAT:209921 /prefetch:2
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:3096 CREDAT:930835 /prefetch:2
“C:\Windows\System32\MsSpellCheckingFacility.exe” -Embedding
“C:\Users\ricardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCTFJKB\RSITx64.exe”
taskeng.exe {EC6529B8-8056-444A-84C3-5B959038B039}
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
“MSC”=c:\Program Files\Microsoft Security Client\msseces.exe
“BCSSync”=C:\Program Files\Microsoft Office\Office14\BCSSync.exe
“Rocketdock”=C:\Program Files (x86)\RocketDock\RocketDock.exe
“RocketDock”=C:\Program Files (x86)\RocketDock\RocketDock.exe
“IncrediMail”=C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“PlusService”=C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
“LogitechQuickCamRibbon”=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
“SunJavaUpdateSched”=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
“APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
“QuickTime Task”=C:\Program Files (x86)\QuickTime\QTTask.exe
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableLUA”=0
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoDriveTypeAutoRun”=145
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=lvcod64.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“msacm.l3pacm”=l3codecp.acm
“msacm.aacacm”=AACACM.acm
“msacm.ac3acm”=ac3acm.acm
“VIDC.LAGS”=lagarith.dll
“VIDC.FFDS”=ff_vfw.dll
“msacm.avis”=ff_acm.acm
“vidc.x264”=x264vfw.dll
“msacm.ac3filter”=ac3filter.acm
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“MSVideo”=vfwwdm32.dll
“MSVideo8”=VfWWDM32.dll
“wave5”=wdmaud.drv
“midi5”=wdmaud.drv
“mixer5”=wdmaud.drv
“aux1”=wdmaud.drv
“wave6”=wdmaud.drv
“midi6”=wdmaud.drv
“mixer6”=wdmaud.drv
“aux2”=wdmaud.drv
“wave7”=wdmaud.drv
“midi7”=wdmaud.drv
“mixer7”=wdmaud.drv
“aux3”=wdmaud.drv
“wave3”=wdmaud.drv
“midi3”=wdmaud.drv
“mixer3”=wdmaud.drv
“wave4”=wdmaud.drv
“midi4”=wdmaud.drv
“mixer4”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2013-07-07 05:23:57 —-D—- C:\rsit
2013-07-07 05:23:57 —-D—- C:\Program Files\trend micro
2013-07-07 05:17:09 —-A—- C:\AdwCleaner.txt
2013-06-29 21:02:57 —-D—- C:\ProgramData\Google
2013-06-21 17:12:50 —-A—- C:\Windows\SYSWOW64\javaws.exe
2013-06-21 17:12:48 —-A—- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-06-21 17:12:48 —-A—- C:\Windows\SYSWOW64\javaw.exe
2013-06-21 17:12:48 —-A—- C:\Windows\SYSWOW64\java.exe
2013-06-15 06:54:06 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2013-06-15 06:54:06 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2013-06-15 06:54:06 —-A—- C:\Windows\system32\urlmon.dll
2013-06-15 06:54:05 —-A—- C:\Windows\SYSWOW64\ieui.dll
2013-06-15 06:54:05 —-A—- C:\Windows\system32\iertutil.dll
2013-06-15 06:54:04 —-A—- C:\Windows\system32\ieui.dll
2013-06-15 06:54:03 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2013-06-15 06:54:03 —-A—- C:\Windows\system32\ieframe.dll
2013-06-15 06:54:01 —-A—- C:\Windows\system32\mshtml.dll
2013-06-15 06:53:59 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2013-06-12 07:09:32 —-A—- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-06-12 07:09:32 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2013-06-12 07:09:32 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2013-06-12 07:09:32 —-A—- C:\Windows\system32\iesetup.dll
2013-06-12 07:09:32 —-A—- C:\Windows\system32\iernonce.dll
2013-06-12 07:09:32 —-A—- C:\Windows\system32\ie4uinit.exe
2013-06-12 07:09:31 —-A—- C:\Windows\SYSWOW64\iesysprep.dll
2013-06-12 07:09:31 —-A—- C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-12 07:09:31 —-A—- C:\Windows\system32\iesysprep.dll
2013-06-12 07:09:30 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2013-06-12 07:09:30 —-A—- C:\Windows\SYSWOW64\jscript.dll
2013-06-12 07:09:30 —-A—- C:\Windows\system32\msfeeds.dll
2013-06-12 07:09:30 —-A—- C:\Windows\system32\jscript.dll
2013-06-12 07:09:29 —-A—- C:\Windows\system32\jscript9.dll
2013-06-12 07:09:28 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2013-06-12 07:09:26 —-A—- C:\Windows\SYSWOW64\wininet.dll
2013-06-12 07:09:26 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2013-06-12 07:09:26 —-A—- C:\Windows\system32\wininet.dll
2013-06-12 07:09:26 —-A—- C:\Windows\system32\jsproxy.dll
2013-06-12 06:25:33 —-A—- C:\Windows\system32\drivers\tcpip.sys
2013-06-12 06:25:33 —-A—- C:\Windows\system32\drivers\netio.sys
2013-06-12 06:25:33 —-A—- C:\Windows\system32\drivers\FWPKCLNT.SYS
2013-06-12 06:16:31 —-A—- C:\Windows\SYSWOW64\win32spl.dll
2013-06-12 06:16:31 —-A—- C:\Windows\system32\win32spl.dll
2013-06-12 06:16:29 —-A—- C:\Windows\SYSWOW64\cryptdlg.dll
2013-06-12 06:16:29 —-A—- C:\Windows\system32\cryptdlg.dll
2013-06-12 06:16:20 —-A—- C:\Windows\SYSWOW64\WindowsCodecs.dll
2013-06-12 06:16:20 —-A—- C:\Windows\system32\WindowsCodecs.dll
2013-06-12 06:15:31 —-A—- C:\Windows\system32\certutil.exe
2013-06-12 06:15:30 —-A—- C:\Windows\SYSWOW64\cryptsvc.dll
2013-06-12 06:15:30 —-A—- C:\Windows\SYSWOW64\cryptnet.dll
2013-06-12 06:15:30 —-A—- C:\Windows\SYSWOW64\crypt32.dll
2013-06-12 06:15:30 —-A—- C:\Windows\SYSWOW64\certutil.exe
2013-06-12 06:15:30 —-A—- C:\Windows\system32\cryptsvc.dll
2013-06-12 06:15:30 —-A—- C:\Windows\system32\cryptnet.dll
2013-06-12 06:15:30 —-A—- C:\Windows\system32\crypt32.dll
2013-06-12 06:15:30 —-A—- C:\Windows\system32\certenc.dll
2013-06-12 06:15:29 —-A—- C:\Windows\SYSWOW64\certenc.dll
2013-06-12 06:15:04 —-A—- C:\Windows\SYSWOW64\d3d11.dll
2013-06-12 06:15:04 —-A—- C:\Windows\system32\d3d11.dll
======List of files/folders modified in the last 1 month======
2013-07-07 10:20:09 —-D—- C:\Windows\Temp
2013-07-07 05:54:34 —-D—- C:\Windows\system32\config
2013-07-07 05:23:57 —-RD—- C:\Program Files
2013-07-07 05:19:05 —-D—- C:\ProgramData\NVIDIA
2013-07-07 05:18:48 —-RD—- C:\Program Files (x86)
2013-07-07 05:09:41 —-D—- C:\Windows\debug
2013-07-07 00:48:27 —-D—- C:\Users\ricardo\AppData\Roaming\Skype
2013-07-06 23:37:51 —-SHD—- C:\Windows\Installer
2013-07-06 22:52:54 —-D—- C:\Windows\inf
2013-07-06 22:52:54 —-D—- C:\Windows\Downloaded Program Files
2013-07-06 22:48:33 —-D—- C:\Windows\Prefetch
2013-07-06 22:45:50 —-D—- C:\Windows
2013-07-05 21:28:04 —-D—- C:\Windows\AutoKMS
2013-07-05 19:27:28 —-D—- C:\Windows\Minidump
2013-07-05 19:26:27 —-D—- C:\Program Files\CCleaner
2013-07-05 15:39:52 —-D—- C:\Windows\Tasks
2013-07-05 11:26:41 —-D—- C:\Users\ricardo\AppData\Roaming\.minecraft
2013-07-04 17:50:36 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-07-04 10:13:19 —-SHD—- C:\System Volume Information
2013-07-01 16:52:21 —-D—- C:\Windows\System32
2013-07-01 16:52:21 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-07-01 13:17:59 —-D—- C:\Windows\system32\NDF
2013-07-01 10:00:26 —-RSD—- C:\Windows\assembly
2013-07-01 10:00:26 —-D—- C:\Windows\Microsoft.NET
2013-07-01 09:57:15 —-D—- C:\Windows\system32\Tasks
2013-07-01 00:40:59 —-D—- C:\Windows\winsxs
2013-07-01 00:40:08 —-D—- C:\Windows\SysWOW64
2013-07-01 00:40:08 —-A—- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-06-30 10:52:35 —-D—- C:\Windows\system32\catroot
2013-06-30 10:50:32 —-D—- C:\Windows\system32\catroot2
2013-06-29 21:03:52 —-D—- C:\Program Files\Google
2013-06-29 21:03:52 —-D—- C:\Program Files (x86)\Google
2013-06-29 21:02:57 —-HD—- C:\ProgramData
2013-06-29 21:02:45 —-D—- C:\Windows\SYSWOW64\Macromed
2013-06-28 08:51:04 —-D—- C:\Windows\system32\DriverStore
2013-06-28 08:51:04 —-D—- C:\Windows\system32\drivers
2013-06-26 06:12:22 —-D—- C:\Users\ricardo\AppData\Roaming\vlc
2013-06-21 17:12:48 —-D—- C:\Program Files (x86)\Java
2013-06-16 13:11:42 —-D—- C:\Users\ricardo\AppData\Roaming\Azureus
2013-06-16 13:11:34 —-D—- C:\Windows\Panther
2013-06-16 13:11:32 —-D—- C:\Windows\Logs
2013-06-15 08:12:08 —-D—- C:\Program Files\Internet Explorer
2013-06-15 08:12:08 —-D—- C:\Program Files (x86)\Internet Explorer
2013-06-14 18:08:51 —-D—- C:\ProgramData\Skype
2013-06-14 18:08:51 —-D—- C:\Program Files (x86)\Windows Live
2013-06-14 18:08:50 —-RD—- C:\Program Files (x86)\Skype
2013-06-12 21:48:23 —-A—- C:\Windows\SYSWOW64\npdeployJava1.dll
2013-06-12 21:48:17 —-A—- C:\Windows\SYSWOW64\deployJava1.dll
2013-06-12 12:39:52 —-D—- C:\Windows\SYSWOW64\nl-NL
2013-06-12 12:39:52 —-D—- C:\Windows\system32\nl-NL
2013-06-12 07:10:05 —-A—- C:\Windows\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys
R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6232e.sys
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys
R3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys
S3 E1G60;Stuurprogramma voor Intel(R) PRO/1000 NDIS 6-adapter; C:\Windows\system32\DRIVERS\E1G6032E.sys
S3 lvpopf64;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopf64.sys
S3 LVPr2Mon;LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys
S3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver; C:\Windows\system32\drivers\Synth3dVsc.sys
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys
S3 tsusbhub;Remote Deskotop USB Hub; C:\Windows\system32\drivers\tsusbhub.sys
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe
R2 LVPrcS64;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe
S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
ricardo

07-07-2013 10:36

hoi ben ik zal vanavond is kijken of het me gaat lukken
we gaan nu lekker naar het strand
in ieder geval alvast bedankt voor de moeite en geniet van het mooie weer
gr ricardo
Ben

07-07-2013 10:37

Hallo,
Is goed bedankt.
Gr.Ben
ricardo

07-07-2013 23:12

hoi ben goedenavond
bij deze her gevraagde logje
groetjes Ricardo
Zoek.exe Version 4.0.0.3 Updated 05-July-2013
Tool run by ricardo on zo 07-07-2013 at 23:01:34,82.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== System Restore Info ======================
7-7-2013 23:02:52 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-655284166-3022289551-2495981129-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B0A251B4-FFC8-4C90-A8AE-FA40DC39187A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Users\ricardo\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
“C:\windows\SysNative\Tasks\DealPly” deleted
“C:\windows\SysNative\Tasks\DealPlyUpdate” deleted
“C:\Users\ricardo\AppData\Roaming\Unzbin” deleted
==== System Specs ======================
Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 6075 MB
CPU Info: Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz
CPU Speed: 2609,4 MHz
Sound Card: Luidsprekers (High Definition A |
Digitale audio (S/PDIF) (High D |
SAMSUNG-3 (NVIDIA High Definiti |
Display Adapters: NVIDIA GeForce GTX 550 Ti | NVIDIA GeForce GTX 550 Ti | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm |
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: Intel(R) 82566DC-2 Gigabit Network Connection
CD / DVD Drives: 1x (H: | ) H: DVDRW 20X20X12X
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 370,8GB | D: 34,3GB | E: 31,3GB | F: 164,0GB | G: 163,9GB | I: 10,6GB
Hard Disks - Free: C: 199,0GB | D: 3,4GB | E: 4,3GB | F: 7,0GB | G: 28,2GB | I: 2,3GB
Manufacturer *: Intel Corp.
BIOS Info: AT/AT COMPATIBLE | 03/06/08 | _ASUS_ - 19d
Time Zone: West-Europa (standaardtijd)
Motherboard *: Intel Corporation DP35DP
Internet Explorer Version: 10.0.9200.16618
Sun Java version: 1.7.0_25
Country: Nederland
Language: NLD
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\ricardo\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-06-12 04:25:33 C7D9854B615672577F00D3CBB8652015 288104 —-a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2013-06-12 04:25:33 3E94650745D4DAB67E161F5F32CEA597 1900392 —-a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2013-06-12 04:25:33 19846768CA0E066830E0BF6620B92C25 376680 —-a-w- C:\Windows\Sysnative\drivers\netio.sys
====== C:\Windows\Tasks ======
2013-06-16 10:02:26 C35FE335143CD98F968D72DE0E57E316 2896 —-a-w- C:\Windows\Sysnative\Tasks\AutoKMS
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-07-07 03:23:57 ——– d—–w- C:\Program Files\trend micro
======= C:\Program Files (x86) =====
======= C: =====
2013-07-07 03:17:09 BC34B2F44B5C50404FCF357F9418E37F 1456 —-a-w- C:\AdwCleaner.txt
====== C:\Users\ricardo\AppData\Roaming ======
====== C:\Users\ricardo ======
2013-06-29 19:02:57 ——– d—–w- C:\ProgramData\Google
====== C: exe-files ==
2013-07-07 08:20:05 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\ricardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCTFJKB\RSITx64.exe
2013-07-07 03:23:58 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\ricardo.exe
2013-07-07 03:16:33 1078C8BD8C62CF4DEE6FE1058C3D56A7 650027 —-a-w- C:\Users\ricardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2T6M1ILD\adwcleaner.exe
2013-07-07 03:08:42 53D481EE1B82833973F3464DA423501E 88283920 —-a-w- C:\Users\ricardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPGLLAGC\msert.exe
2013-07-06 21:30:40 C3190BA6ED6220369EEEED081A14DDFC 59784 —-atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe
2013-07-06 21:30:28 1017788353D8349BF6086B9CDDC8CB7B 59784 —-atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateBroker.exe
2013-07-06 21:29:56 5F42FBCE3A8D9ED552E9852A23CA382F 800024 —-a-w- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateSetup.exe
2013-07-06 21:27:11 CA35155F6B4C4DB2513AAAA868BAFF47 324488 —-atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exe
2013-07-06 21:27:04 09C87F376507122A5FE1CBE06E015512 239496 —-atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe
2013-07-06 21:26:07 506708142BC63DABA64F2D3AD1DCD5BF 116648 —-atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdate.exe
2013-07-06 21:26:04 5F42FBCE3A8D9ED552E9852A23CA382F 800024 —-a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.149\GoogleUpdateSetup.exe
2013-07-03 19:26:55 9FBEB983B3B2F9E9A87E0DE682EB4D65 33686880 —-a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\28.0.1500.71\28.0.1500.71_chrome_installer.exe
=== C: other files ==
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“RocketDock”=“C:\Program Files (x86)\RocketDock\RocketDock.exe”
“IncrediMail”=“C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“PlusService”=“C:\Program Files (x86)\Yuna Software\Messenger Plus\PlusService.exe”
“LogitechQuickCamRibbon”=“C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe /hide”
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime”
“RocketDock”=“C:\Program Files (x86)\RocketDock\RocketDock.exe”
“IncrediMail”=“C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c”
==== Startup Registry Enabled x64 ======================
“MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“BCSSync”=“C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices”
“Rocketdock”=“C:\Program Files (x86)\RocketDock\RocketDock.exe”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AutoKMS.job –a—— C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.zeelandnet.nl/”
New Values:
“Start Page”=“http://www.zeelandnet.nl/”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{7113DC5C-E4AD-44E7-92C1-29E755753943}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
{7113DC5C-E4AD-44E7-92C1-29E755753943} Google Url=“http://www.google.nl/search?hl=nl&q={searchTerms}&rlz=”
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: “C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe” /hide
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKCU\..\Run: “C:\Program Files (x86)\RocketDock\RocketDock.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ricardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ricardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\users\ricardo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\ricardo\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on zo 07-07-2013 at 23:09:57,96 ======================
Ben

08-07-2013 08:09

Hallo,
Dit ziet er netjes uit, alleen de hacktool melding krijg je weg als je AutoKMS verwijderd.
Gr.Ben
ricardo

08-07-2013 10:17

hoi ben
ehhhhh auto kms wat is dat precies dan??? wat doet het en hoe krijg ik dat dan weg ?????
groetjes ricardo

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

hacktool w 32

ricardo

Ben

ricardo

Ben

ricardo

ricardo

Ben

ricardo

Ben

ricardo