Foutmelding 0x00000051

tessie

08-08-2013 17:02

Goedemiddag,
Mijn laptop start sinds gisteren niet meer normaal op. Ik krijg steeds een blauw scherm met bovenstaande melding. Ik heb jullie stappenplan opgevolgd en plaats hieronder de logjes. Dit probleem is sinds gisteren nadat ik een document in mail opende dat in Word was opgemaakt. Ik hoop dat iemand mij kan helpen. Alvast bedankt voor het lezen.
AdwCleaner v2.306 - Verslag gemaakt op 08/08/2013 om 14:21:49
# Geactualiseerd op 19/07/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : Gerard - MANKO1
# Opstarten Modus : Veillige modus met netwerk
# Gelanceerd vanaf : C:\Users\Gerard\Desktop\adwcleaner.exe
# Optie
***** *****
***** *****
Map Verwijderd : C:\Program Files (x86)\Conduit
Map Verwijderd : C:\ProgramData\IBUpdaterService
Map Verwijderd : C:\Users\Gerard\AppData\LocalLow\Conduit
Map Verwijderd : C:\Users\Gerard\AppData\Roaming\file scout
Map Verwijderd : C:\Users\Gerard\AppData\Roaming\PerformerSoft
***** *****
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\SmartBar
Sleutel Verwijderd : HKCU\Software\Conduit
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\systweak
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Sleutel Verwijderd : HKLM\Software\Conduit
Sleutel Verwijderd : HKLM\Software\systweak
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** *****
-\\ Internet Explorer v10.0.9200.16635
Het register bevat geen enkele ongeoorloofde invoer.
-\\ Google Chrome v28.0.1500.95
File : C:\Users\Gerard\AppData\Local\Google\Chrome\User Data\Default\Preferences
De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.08.08.04
Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 10.0.9200.16635
Gerard :: MANKO1
Bescherming: Uitgeschakeld
8-8-2013 14:32:01
mbam-log-2013-08-08 (14-32-01).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 200096
Verstreken tijd: 6 minuut/minuten, 25 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gerard at 2013-08-08 16:45:32
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1 GB (1%) free of 122 GB
Total RAM: 4000 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:45:37, on 8-8-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Gerard.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121009232230.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll” (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll” (file missing)
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe” -app -hosterid:1
O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE” /splash
O4 - HKLM\..\RunOnce: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: “C:\Users\Gerard\AppData\Roaming\Spotify\Spotify.exe” /uri spotify:autostart
O4 - HKCU\..\Run: “C:\Users\Gerard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”
O4 - HKCU\..\Run: “C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver
O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKCU\..\RunOnce: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex
O4 - HKCU\..\RunOnce: C:\AdwCleaner.txt
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 12230 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
ctfmon.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
“C:\Program Files\Internet Explorer\iexplore.exe”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:756 CREDAT:209921 /prefetch:2
“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe”
C:\Windows\system32\wbem\wmiprvse.exe
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:756 CREDAT:3552301 /prefetch:2
“C:\Users\Gerard\Desktop\RSITx64.exe”
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3408539280-2068026174-2983876654-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3408539280-2068026174-2983876654-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
C:\Windows\tasks\ParetoLogic Update Version3.job
C:\Windows\tasks\PC Health Advisor Defrag.job
C:\Windows\tasks\PC Health Advisor.job
======Registry dump======
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121009232230.dll
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
MSS+ Identifier - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121009232230.dll
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
“IgfxTray”=C:\Windows\system32\igfxtray.exe
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe
“ETDCtrl”=C:\Program Files\Elantech\ETDCtrl.exe
“AmIcoSinglun64”=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
“RtHDVBg”=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
“KiesHelper”=C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
“KiesPDLR”=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
“msnmsgr”=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
“Spotify”=C:\Users\Gerard\AppData\Roaming\Spotify\Spotify.exe
“Spotify Web Helper”=C:\Users\Gerard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
“Facebook Update”=C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe
“Skype”=C:\Program Files (x86)\Skype\Phone\Skype.exe
“FlashPlayerUpdate”=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
“Report”=C:\AdwCleaner.txt
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“ASUSPRP”=C:\Program Files (x86)\ASUS\APRP\APRP.EXE
“ASUSWebStorage”=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
“SonicMasterTray”=C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
“ATKOSD2”=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
“ATKMEDIA”=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
“HControlUser”=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
“Wireless Console 3”=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
“QuickTime Task”=C:\Program Files (x86)\QuickTime\QTTask.exe
“KiesTrayAgent”=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
“APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
“iTunesHelper”=C:\Program Files (x86)\iTunes\iTunesHelper.exe
“F-Secure Hoster (45123)”=C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
“F-Secure Manager”=C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE
“Malwarebytes Anti-Malware”=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
FancyStart daemon.lnk - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Windows\system32\igfxdev.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“DisableTaskMgr”=0
“EnableLinkedConnections”=1
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“NoRun”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“MSVideo8”=VfWWDM32.dll
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2013-08-08 16:45:33 —-D—- C:\Program Files\trend micro
2013-08-08 16:45:32 —-D—- C:\rsit
2013-08-08 14:40:07 —-D—- C:\Program Files (x86)\ESET
2013-08-08 14:38:24 —-D—- C:\Users\Gerard\AppData\Roaming\ParetoLogic
2013-08-08 14:38:24 —-D—- C:\Users\Gerard\AppData\Roaming\DriverCure
2013-08-08 14:38:12 —-D—- C:\ProgramData\ParetoLogic
2013-08-08 14:38:12 —-D—- C:\Program Files (x86)\ParetoLogic
2013-08-08 14:31:13 —-D—- C:\Users\Gerard\AppData\Roaming\Malwarebytes
2013-08-08 14:31:07 —-D—- C:\ProgramData\Malwarebytes
2013-08-08 14:31:07 —-A—- C:\Windows\system32\drivers\mbam.sys
2013-08-08 14:31:06 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-08 14:21:49 —-A—- C:\AdwCleaner.txt
2013-08-07 19:23:41 —-A—- C:\Windows\ntbtlog.txt
2013-07-16 14:33:48 —-A—- C:\Windows\system32\drivers\fsbts.sys
2013-07-16 14:27:41 —-A—- C:\Windows\SYSWOW64\drivers\fsbts.sys
2013-07-16 14:27:24 —-A—- C:\Windows\prodsett_copy.ini
2013-07-16 14:20:20 —-D—- C:\Windows\Minidump
2013-07-16 14:02:23 —-D—- C:\Program Files (x86)\Internetbeveiliging
2013-07-16 13:59:40 —-D—- C:\ProgramData\F-Secure
2013-07-13 01:01:20 —-A—- C:\Windows\SYSWOW64\ieui.dll
2013-07-13 01:01:19 —-A—- C:\Windows\system32\ieui.dll
2013-07-13 01:01:18 —-A—- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-07-13 01:01:18 —-A—- C:\Windows\SYSWOW64\iesysprep.dll
2013-07-13 01:01:18 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2013-07-13 01:01:18 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2013-07-13 01:01:18 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2013-07-13 01:01:18 —-A—- C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 01:01:18 —-A—- C:\Windows\system32\iesysprep.dll
2013-07-13 01:01:18 —-A—- C:\Windows\system32\iesetup.dll
2013-07-13 01:01:18 —-A—- C:\Windows\system32\iertutil.dll
2013-07-13 01:01:18 —-A—- C:\Windows\system32\iernonce.dll
2013-07-13 01:01:18 —-A—- C:\Windows\system32\ie4uinit.exe
2013-07-13 01:01:17 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2013-07-13 01:01:17 —-A—- C:\Windows\system32\msfeeds.dll
2013-07-13 01:01:16 —-A—- C:\Windows\SYSWOW64\jscript.dll
2013-07-13 01:01:16 —-A—- C:\Windows\system32\jscript.dll
2013-07-13 01:01:15 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2013-07-13 01:01:15 —-A—- C:\Windows\system32\jscript9.dll
2013-07-13 01:01:14 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2013-07-13 01:01:14 —-A—- C:\Windows\system32\urlmon.dll
2013-07-13 01:01:12 —-A—- C:\Windows\SYSWOW64\wininet.dll
2013-07-13 01:01:12 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2013-07-13 01:01:12 —-A—- C:\Windows\system32\jsproxy.dll
2013-07-13 01:01:11 —-A—- C:\Windows\system32\wininet.dll
2013-07-13 01:01:10 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2013-07-13 01:01:08 —-A—- C:\Windows\system32\ieframe.dll
2013-07-13 01:01:07 —-A—- C:\Windows\system32\mshtml.dll
2013-07-13 01:01:04 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2013-07-11 11:27:35 —-A—- C:\Windows\SYSWOW64\qedit.dll
2013-07-11 11:27:35 —-A—- C:\Windows\system32\qedit.dll
2013-07-11 11:27:33 —-A—- C:\Windows\SYSWOW64\WMVDECOD.DLL
2013-07-11 11:27:33 —-A—- C:\Windows\system32\WMVDECOD.DLL
2013-07-11 11:27:27 —-A—- C:\Windows\system32\win32k.sys
2013-07-11 11:27:18 —-A—- C:\Windows\system32\DWrite.dll
2013-07-11 11:27:17 —-A—- C:\Windows\SYSWOW64\DWrite.dll
======List of files/folders modified in the last 1 month======
2013-08-08 16:45:33 —-RD—- C:\Program Files
2013-08-08 14:40:07 —-RD—- C:\Program Files (x86)
2013-08-08 14:38:27 —-D—- C:\Windows\Tasks
2013-08-08 14:38:12 —-HD—- C:\ProgramData
2013-08-08 14:38:12 —-D—- C:\Program Files (x86)\Common Files
2013-08-08 14:31:07 —-D—- C:\Windows\system32\drivers
2013-08-08 14:29:51 —-D—- C:\Windows
2013-08-08 14:26:45 —-D—- C:\Windows\SysWOW64
2013-08-08 14:24:06 —-HD—- C:\ASUS.DAT
2013-08-08 14:11:31 —-D—- C:\Windows\Temp
2013-08-07 19:27:48 —-D—- C:\Users\Gerard\AppData\Roaming\Skype
2013-08-07 19:27:44 —-D—- C:\Users\Gerard\AppData\Roaming\Spotify
2013-08-07 17:14:48 —-D—- C:\Windows\system32\config
2013-08-07 11:30:23 —-D—- C:\Windows\Prefetch
2013-08-07 11:19:24 —-A—- C:\Windows\SYSWOW64\log.txt
2013-08-07 11:17:26 —-A—- C:\Windows\system32\AutoRunFilter.ini
2013-08-07 11:14:34 —-A—- C:\Windows\system32\ServiceFilter.ini
2013-08-07 11:11:50 —-D—- C:\Users\Gerard\AppData\Roaming\uTorrent
2013-08-03 21:49:32 —-D—- C:\Users\Gerard\AppData\Roaming\vlc
2013-07-22 14:17:36 —-SHD—- C:\System Volume Information
2013-07-16 14:33:48 —-D—- C:\Windows\system32\catroot
2013-07-16 14:27:41 —-SHD—- C:\Windows\Installer
2013-07-16 14:27:41 —-D—- C:\Windows\SYSWOW64\drivers
2013-07-16 14:13:32 —-D—- C:\Windows\inf
2013-07-16 14:02:38 —-D—- C:\Windows\winsxs
2013-07-13 13:27:54 —-RSD—- C:\Windows\assembly
2013-07-13 13:27:54 —-D—- C:\Windows\Microsoft.NET
2013-07-13 11:55:05 —-D—- C:\Program Files\Microsoft Silverlight
2013-07-13 11:55:03 —-D—- C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 11:53:45 —-D—- C:\Windows\System32
2013-07-13 11:53:45 —-D—- C:\Program Files\Windows Defender
2013-07-13 11:53:45 —-D—- C:\Program Files (x86)\Windows Defender
2013-07-13 11:53:45 —-D—- C:\Program Files (x86)\Internet Explorer
2013-07-13 11:53:44 —-D—- C:\Program Files\Windows Journal
2013-07-13 11:53:44 —-D—- C:\Program Files\Internet Explorer
2013-07-13 11:53:20 —-D—- C:\Users\Gerard\AppData\Roaming\SoftGrid Client
2013-07-13 01:08:24 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-07-13 01:02:35 —-A—- C:\Windows\system32\MRT.exe
2013-07-13 01:01:36 —-D—- C:\Windows\system32\catroot2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 fsbts;fsbts; C:\Windows\system32\Drivers\fsbts.sys
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys
S1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
S1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\HIPS\drivers\fshs.sys
S1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
S2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys
S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys
S3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
S3 fsni;fsni; \??\C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Scanning\fsni64.sys
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys
S3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys
S3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys
S3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys
S3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); C:\Windows\system32\DRIVERS\sscebus.sys
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; C:\Windows\system32\DRIVERS\sscemdfl.sys
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; C:\Windows\system32\DRIVERS\sscemdm.sys
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM); C:\Windows\system32\DRIVERS\ssceserd.sys
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
S2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
S2 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
S2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
S2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
S2 fshoster;F-Secure Dll Hoster; C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
S2 FSORSPClient;F-Secure ORSP Client; C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
S2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe
S2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
S2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
S3 FSMA;F-Secure Management Agent; C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
S3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
—————–EOF—————–
fazantje

08-08-2013 17:29

Hoi Tessie,
Je kunt niet meer in normale modus starten begrijp ik:S
We gaan even wat dieper kijken op besmettingen en als dit niet de oplossing geeft wat ik verwacht, gaan we softwarematig stap voor stap bekijken wat de oorzaak is.
Download zoek.exe naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze in conflict komen met zoek.exe
Dubbelklik op Zoek.exe om de tool te starten.
Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster.
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
firefoxlook;
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
Klik nu op de knop “Run script”.
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.
Vertel gelijk hoe het nu is met jou probleem.
Succes,
Huib;)
tessie

08-08-2013 18:54

Hallo Huib,
Bedankt dat je mij wilt helpen.
Hierbij het logje.
Hij moest wel nog een keer opstarten voordat het logje kwam. En bij dat opstarten kwam weer dezelfde melding. Ik ben nu in veilige modus opgestart.
Ik zal zo nog een keer opstarten.
Zoek.exe Version 4.0.0.4 Updated 07-August-2013
Tool run by Gerard on do 08-08-2013 at 18:33:58,97.
InstallShield* 6.1.7601 x64 WMI=failure
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Gerard\Desktop\zoek.exe
==== System Restore Info ======================
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Users\Gerard\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
“C:\Windows\SysNative\roboot64.exe” deleted
“C:\Program Files (x86)\ParetoLogic” deleted
“C:\Program Files (x86)\Common Files\ParetoLogic” deleted
“C:\Users\Gerard\AppData\Roaming\ParetoLogic” deleted
“C:\Users\Gerard\AppData\Roaming\DriverCure” deleted
“C:\Users\Gerard\AppData\Roaming\Systweak” deleted
“C:\ProgramData\ParetoLogic” deleted
“C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic” deleted
“C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic” deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4001 MB
CPU Info: Intel(R) Celeron(R) CPU B815 @ 1.60GHz
CPU Speed: 1635,2 MHz
Sound Card: Not detected
Display Adapters: | RDP Encoder Mirror Driver
Monitors: 1x;
Screen Resolution: 800 X 600 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | 802.11n Wireless LAN Card | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
CD / DVD Drives: 2x (E: | F: | ) E: TSSTcorpCDDVDW SN-208BB | F: MagicISOVirtual DVD-ROM
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 119,2GB | D: 144,1GB
Hard Disks - Free: C: 1,4GB | D: 63,6GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 04/18/12 | _ASUS_ - 6222004
Time Zone: West-Europa (standaardtijd)
Motherboard *: ASUSTeK Computer Inc. K54C
Internet Explorer Version: 10.0.9200.16635
Sun Java version: No Java Installed?
Country: Nederland
Language: NLD
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-07-16 12:27:24 3C2EBF7FEF764EE59983AF2F600A664D 19612 —-a-w- C:\Windows\prodsett_copy.ini
====== C:\Users\Gerard\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
2013-07-16 12:27:41 343786E182B9C9AE3066E00DEC650F50 42672 —-a-w- C:\Windows\SysWOW64\drivers\fsbts.sys
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-08-08 12:31:07 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-07-16 12:33:48 F59F2C574AA5D84477EB89F87C938F16 56016 —-a-w- C:\Windows\Sysnative\drivers\fsbts.sys
====== C:\Windows\Tasks ======
2013-08-08 12:38:13 FC78FEC1FE2708DB5690DF53469238C4 402 —-a-w- C:\Windows\Tasks\PC Health Advisor Defrag.job
2013-08-08 12:38:13 BC95F8257E9D51F29BA7171E7D35EE0A 384 —-a-w- C:\Windows\Tasks\PC Health Advisor.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-08-08 14:45:33 ——– d—–w- C:\Program Files\trend micro
======= C:\Program Files (x86) =====
2013-08-08 12:40:07 ——– d—–w- C:\Program Files (x86)\ESET
2013-07-16 12:02:23 ——– d—–w- C:\Program Files (x86)\Internetbeveiliging
======= C: =====
2013-08-08 12:21:49 78C4DB847F557C3F045770BF334626E9 2274 —-a-w- C:\AdwCleaner.txt
====== C:\Users\Gerard\AppData\Roaming ======
2013-08-08 12:30:56 ——– d—–w- C:\users\Gerard\AppData\Local\Programs
2013-08-08 12:11:42 ——– d—–w- C:\users\Gerard\AppData\Local\ElevatedDiagnostics
====== C:\Users\Gerard ======
2013-08-08 14:45:26 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Gerard\Desktop\RSITx64.exe
2013-08-08 12:21:27 4C47469F47FD9F8437B62A86F6E0874F 666633 —-a-w- C:\Users\Gerard\Desktop\adwcleaner.exe
2013-07-16 12:02:45 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ziggo Internetbeveiliging
2013-07-16 11:59:40 ——– d—–w- C:\ProgramData\F-Secure
====== C: exe-files ==
2013-08-08 14:45:33 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Gerard.exe
2013-08-08 14:45:26 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Gerard\Desktop\RSITx64.exe
2013-08-08 12:40:12 CE0D0B11986FD2C0247AE88A59B36A6E 579904 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2013-08-08 12:40:12 BDB7D97012F9B3102DB72AA76A24942A 546944 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2013-08-08 12:40:12 7C9EEC809FB9CDA26EFC245C001EA980 2347384 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2013-08-08 12:40:12 7ABF8849E76732C357F419B1AF5668F2 546944 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2013-08-08 12:40:12 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2013-08-08 12:40:06 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 —-a-w- C:\Users\Gerard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVV26FYY\esetsmartinstaller_enu.exe
2013-08-08 12:30:52 683FDD3D773C58B262DC07CD0C6CE938 10285040 —-a-w- C:\Users\Gerard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7R1ZQETA\mbam-setup-1.75.0.1300.exe
2013-08-08 12:21:27 4C47469F47FD9F8437B62A86F6E0874F 666633 —-a-w- C:\Users\Gerard\Desktop\adwcleaner.exe
=== C: other files ==
2013-08-08 16:34:08 0BE568FD1E7D6C6D64D2272649F5C716 111 —-a-w- C:\Users\Gerard\AppData\Local\Temp\scripttest.vbs
2013-08-08 12:31:07 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“KiesHelper”=“C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s”
“KiesPDLR”=“C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe”
“msnmsgr”=“C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background”
“Spotify”=“C:\Users\Gerard\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart”
“Spotify Web Helper”=“C:\Users\Gerard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”
“Facebook Update”=“C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver”
“Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“FlashPlayerUpdate”=“C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“ASUSPRP”=“C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
“ASUSWebStorage”=“C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S”
“SonicMasterTray”=“C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe”
“ATKOSD2”=“C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe”
“ATKMEDIA”=“C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe”
“HControlUser”=“C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe”
“Wireless Console 3”=“C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe”
“QuickTime Task”=“C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime”
“KiesTrayAgent”=“C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe”
“APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“iTunesHelper”=“C:\Program Files (x86)\iTunes\iTunesHelper.exe”
“F-Secure Hoster (45123)”=“C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe -app -hosterid:1”
“F-Secure Manager”=“C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE /splash”
“Malwarebytes Anti-Malware”=“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent”
“KiesHelper”=“C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s”
“KiesPDLR”=“C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe”
“msnmsgr”=“C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background”
“Spotify”=“C:\Users\Gerard\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart”
“Spotify Web Helper”=“C:\Users\Gerard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”
“Facebook Update”=“C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver”
“Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”
“FlashPlayerUpdate”=“C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex”
==== Startup Registry Enabled x64 ======================
“IgfxTray”=“C:\Windows\system32\igfxtray.exe”
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”
“AmIcoSinglun64”=“C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe”
“RtHDVBg”=“C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 ”
“ETDCtrl”=“%ProgramFiles%\Elantech\ETDCtrl.exe ”
==== Startup Registry Disabled x64 ======================
“command”=“C:\\Program Files (x86)\\ASUS\\Splendid\\ACMON.exe”
“hkey”=“HKLM”
“item”=“ACMON”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“command”=“\”C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\“”
“hkey”=“HKLM”
“item”=“Adobe Reader Speed Launcher”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“command”=“C:\\Windows\\AsScrPro.exe”
“hkey”=“HKLM”
“item”=“ASUS Screen Saver Protector”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“command”=“\”C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\“”
“hkey”=“HKLM”
“item”=“CLMLServer”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“command”=“C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s”
“hkey”=“HKLM”
“item”=“RtHDVCpl”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
==== Startup Folders ======================
2012-12-01 10:49:24 995 —-a-w- C:\users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
2012-10-16 17:28:10 1367 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
2012-05-10 03:06:49 2617 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
2013-05-01 09:56:55 2048 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:@C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3408539280-2068026174-2983876654-1000Core.job –a—— C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3408539280-2068026174-2983876654-1000UA.job –a—— C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\ParetoLogic Registration3.job –a—— C:\Windows\system32\rundll32GC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job –a—— C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
C:\Windows\tasks\ParetoLogic Update Version3.job –a—— C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
C:\Windows\tasks\PC Health Advisor Defrag.job –a—— C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
C:\Windows\tasks\PC Health Advisor.job –a—— C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Gerard\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Gerard\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx
Google Docs - Gerard - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Gerard - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Gerard - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Gerard - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - Gerard - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://startpagina.nl/”
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
New Values:
“Start Page”=“http://startpagina.nl/”
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3408539280-2068026174-2983876654-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3408539280-2068026174-2983876654-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3408539280-2068026174-2983876654-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully
HKEY_USERS\S-1-5-21-3408539280-2068026174-2983876654-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully
HKEY_USERS\S-1-5-21-3408539280-2068026174-2983876654-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-3408539280-2068026174-2983876654-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
==== HijackThis Entries ======================
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe” -app -hosterid:1
O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE” /splash
O4 - HKLM\..\RunOnce: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: “C:\Users\Gerard\AppData\Roaming\Spotify\Spotify.exe” /uri spotify:autostart
O4 - HKCU\..\Run: “C:\Users\Gerard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”
O4 - HKCU\..\Run: “C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver
O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKCU\..\RunOnce: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex
O4 - HKCU\..\RunOnce: C:\AdwCleaner.txt
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gerard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gerard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Gerard\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\users\Gerard\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\Gerard\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Gerard\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on do 08-08-2013 at 18:48:01,97 ======================
tessie

08-08-2013 18:59

Net weer opgestart. Krijg hetzelfde blauwe scherm en moet in veilige modus opstarten.
fazantje

08-08-2013 20:02

Hoi Tessie,
Dat vermoeden had ik al helaas:X
Een blue screen kan 1001 oorzaken hebben.
Zoek exe heeft wel verwijderingen gedaan, maar die hebben/hadden geen invloed op de blue screen.
Stel voor alle zekerheid bestanden e.d. die je wilt behouden veilig, want een herinstal van windows is misschien nodig om de blue screen weg te krijgen.
Uiteraard gaan we nog wel de nodige zaken proberen om zo die melding op te sporen.
Doe het volgende:
In veilige modus ga je naar msconfig, tabblad opstarten en vink alles uit behalve de virus/malware protectie.
Nu start je in normale modus op.
Als dat goed gaat ga je opnieuw naar msconfig - tabblad opstarten en vink 2 programma's aan.
Opslaan en weer opstarten.
Iedere keer dat je opnieuw opstart, en het gaat goed, steeds blijven herhalen.
Blijkt dan na het opnieuw aanvinken van programma's de melding komt, dan weet je dat het 1 van die 2 is.
Vervolgens weer die 2 uit schakelen en dan 1 voor 1 inschakelen.
Ik hoop dat je zo de “dader” kan vinden.
Ik weet niet of je dit nog voor 21 uur gaat redden, maar ik moet om 21 uur naar mijn werk en Ben is op vakantie.
Ik zie het anders morgenmiddag wel weer.
Succes,
Huib;)
tessie

08-08-2013 20:30

Hoi Huib,
Ik heb alleen McAfree aangezet, maar zelfs dan doet ie het niet.
groet, tessie
Jos H

08-08-2013 20:43

Hoi Tessie
Probeer uit de volgende link de hotfix eens. http://support.microsoft.com/kb/810558/nl
In veilige modus met netwerk ondersteuning.
fazantje

08-08-2013 20:47

Hoi Tessie,
Je kunt nog een ouder systeemherstelpunt nemen van voor het probleem.
Werkt dit ook niet, dan zit er niets anders op dan een herinstal van windows.
Dit kan d.m.v. CD/DVD of een recovery (als die op je computer zit). Meestal F8.
Een recovery stelt de computer terug naar de fabrieksinstellingen, dus zo als je hem kocht.
Ik zal Jos H van het hard- en software prikbord vragen om jou hierin verder te helpen.
Groetjes Huib;)
fazantje

08-08-2013 20:48

(:D(tu)
Bedankt(tu)
Groetjes Huib;)
fazantje

08-08-2013 20:55

hoi Tessie,
Voor ik het vergeet:
Als er een herinstal moet, download dan absoluut niet via softsonic.
Ik kwam deze tegen in 1 van de logjes en het is vragen om besmettingen als je via softsonic gaat downloaden.
Groetjes Huib;)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Foutmelding 0x00000051

tessie

fazantje

tessie

tessie

fazantje

tessie

Jos H

fazantje

fazantje

fazantje