Foutmelding 0x00000051

  • tessie

    Goedemiddag,

    Mijn laptop start sinds gisteren niet meer normaal op. Ik krijg steeds een blauw scherm met bovenstaande melding. Ik heb jullie stappenplan opgevolgd en plaats hieronder de logjes. Dit probleem is sinds gisteren nadat ik een document in mail opende dat in Word was opgemaakt. Ik hoop dat iemand mij kan helpen. Alvast bedankt voor het lezen.

    AdwCleaner v2.306 - Verslag gemaakt op 08/08/2013 om 14:21:49

    # Geactualiseerd op 19/07/2013 door Xplode

    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

    # Gebruiker : Gerard - MANKO1

    # Opstarten Modus : Veillige modus met netwerk

    # Gelanceerd vanaf : C:\Users\Gerard\Desktop\adwcleaner.exe

    # Optie

    ***** *****

    ***** *****

    Map Verwijderd : C:\Program Files (x86)\Conduit

    Map Verwijderd : C:\ProgramData\IBUpdaterService

    Map Verwijderd : C:\Users\Gerard\AppData\LocalLow\Conduit

    Map Verwijderd : C:\Users\Gerard\AppData\Roaming\file scout

    Map Verwijderd : C:\Users\Gerard\AppData\Roaming\PerformerSoft

    ***** *****

    Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\SmartBar

    Sleutel Verwijderd : HKCU\Software\Conduit

    Sleutel Verwijderd : HKCU\Software\Softonic

    Sleutel Verwijderd : HKCU\Software\systweak

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\secman.DLL

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2865317

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

    Sleutel Verwijderd : HKLM\Software\Conduit

    Sleutel Verwijderd : HKLM\Software\systweak

    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

    ***** *****

    -\\ Internet Explorer v10.0.9200.16635

    Het register bevat geen enkele ongeoorloofde invoer.

    -\\ Google Chrome v28.0.1500.95

    File : C:\Users\Gerard\AppData\Local\Google\Chrome\User Data\Default\Preferences

    De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner.txt - -

    ########## EOF - C:\AdwCleaner.txt - ##########

    Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300

    www.malwarebytes.org

    Databaseversie: v2013.08.08.04

    Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden)

    Internet Explorer 10.0.9200.16635

    Gerard :: MANKO1

    Bescherming: Uitgeschakeld

    8-8-2013 14:32:01

    mbam-log-2013-08-08 (14-32-01).txt

    Scan type: Snelle scan

    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scan opties: P2P

    Objecten gescand: 200096

    Verstreken tijd: 6 minuut/minuten, 25 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    Logfile of random's system information tool 1.09 (written by random/random)

    Run by Gerard at 2013-08-08 16:45:32

    Microsoft Windows 7 Home Premium Service Pack 1

    System drive C: has 1 GB (1%) free of 122 GB

    Total RAM: 4000 MB (64% free)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 16:45:37, on 8-8-2013

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v10.0 (10.00.9200.16635)

    Boot mode: Safe mode with network support

    Running processes:

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\trend micro\Gerard.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

    F2 - REG:system.ini: UserInit=userinit.exe

    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121009232230.dll (file missing)

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll” (file missing)

    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll” (file missing)

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime

    O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe” -app -hosterid:1

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE” /splash

    O4 - HKLM\..\RunOnce: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

    O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

    O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background

    O4 - HKCU\..\Run: “C:\Users\Gerard\AppData\Roaming\Spotify\Spotify.exe” /uri spotify:autostart

    O4 - HKCU\..\Run: “C:\Users\Gerard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”

    O4 - HKCU\..\Run: “C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun

    O4 - HKCU\..\RunOnce: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex

    O4 - HKCU\..\RunOnce: C:\AdwCleaner.txt

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: FancyStart daemon.lnk = ?

    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

    O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe

    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe

    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE

    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe

    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    End of file - 12230 bytes

    ======Listing Processes======

    \SystemRoot\System32\smss.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    wininit.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    winlogon.exe

    C:\Windows\system32\services.exe

    C:\Windows\system32\lsass.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\Explorer.EXE

    ctfmon.exe

    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

    “C:\Program Files\Internet Explorer\iexplore.exe”

    “C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:756 CREDAT:209921 /prefetch:2

    “C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe”

    C:\Windows\system32\wbem\wmiprvse.exe

    “C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:756 CREDAT:3552301 /prefetch:2

    “C:\Users\Gerard\Desktop\RSITx64.exe”

    C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

    ======Scheduled tasks folder======

    C:\Windows\tasks\Adobe Flash Player Updater.job

    C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3408539280-2068026174-2983876654-1000Core.job

    C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3408539280-2068026174-2983876654-1000UA.job

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    C:\Windows\tasks\ParetoLogic Registration3.job

    C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job

    C:\Windows\tasks\ParetoLogic Update Version3.job

    C:\Windows\tasks\PC Health Advisor Defrag.job

    C:\Windows\tasks\PC Health Advisor.job

    ======Registry dump======

    scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121009232230.dll

    Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    MSS+ Identifier - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

    scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121009232230.dll

    Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll

    {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll

    “IgfxTray”=C:\Windows\system32\igfxtray.exe

    “HotKeysCmds”=C:\Windows\system32\hkcmd.exe

    “ETDCtrl”=C:\Program Files\Elantech\ETDCtrl.exe

    “AmIcoSinglun64”=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

    “RtHDVBg”=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

    “KiesHelper”=C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe

    “KiesPDLR”=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

    “msnmsgr”=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

    “Spotify”=C:\Users\Gerard\AppData\Roaming\Spotify\Spotify.exe

    “Spotify Web Helper”=C:\Users\Gerard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

    “Facebook Update”=C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe

    “Skype”=C:\Program Files (x86)\Skype\Phone\Skype.exe

    “FlashPlayerUpdate”=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe

    “Report”=C:\AdwCleaner.txt

    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe

    C:\Windows\AsScrPro.exe

    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    “Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    “ASUSPRP”=C:\Program Files (x86)\ASUS\APRP\APRP.EXE

    “ASUSWebStorage”=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe

    “SonicMasterTray”=C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

    “ATKOSD2”=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

    “ATKMEDIA”=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

    “HControlUser”=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

    “Wireless Console 3”=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

    “QuickTime Task”=C:\Program Files (x86)\QuickTime\QTTask.exe

    “KiesTrayAgent”=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    “APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

    “iTunesHelper”=C:\Program Files (x86)\iTunes\iTunesHelper.exe

    “F-Secure Hoster (45123)”=C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe

    “F-Secure Manager”=C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE

    “Malwarebytes Anti-Malware”=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

    Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    FancyStart daemon.lnk - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe

    McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

    C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

    MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

    C:\Windows\system32\igfxdev.dll

    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    “SecurityProviders”=credssp.dll

    “ConsentPromptBehaviorAdmin”=5

    “ConsentPromptBehaviorUser”=3

    “EnableUIADesktopToggle”=0

    “dontdisplaylastusername”=0

    “legalnoticecaption”=

    “legalnoticetext”=

    “shutdownwithoutlogon”=1

    “undockwithoutlogon”=1

    “DisableTaskMgr”=0

    “EnableLinkedConnections”=1

    “NoActiveDesktop”=1

    “NoActiveDesktopChanges”=1

    “ForceActiveDesktopOn”=0

    “NoRun”=0

    “vidc.mrle”=msrle32.dll

    “vidc.msvc”=msvidc32.dll

    “msacm.imaadpcm”=imaadp32.acm

    “msacm.msg711”=msg711.acm

    “msacm.msgsm610”=msgsm32.acm

    “msacm.msadpcm”=msadp32.acm

    “midimapper”=midimap.dll

    “wavemapper”=msacm32.drv

    “VIDC.UYVY”=msyuv.dll

    “VIDC.YUY2”=msyuv.dll

    “VIDC.YVYU”=msyuv.dll

    “VIDC.IYUV”=iyuv_32.dll

    “vidc.i420”=iyuv_32.dll

    “VIDC.YVU9”=tsbyuv.dll

    “msacm.l3acm”=C:\Windows\System32\l3codeca.acm

    “MSVideo8”=VfWWDM32.dll

    “wave”=wdmaud.drv

    “midi”=wdmaud.drv

    “mixer”=wdmaud.drv

    “aux”=wdmaud.drv

    “wave1”=wdmaud.drv

    “midi1”=wdmaud.drv

    “mixer1”=wdmaud.drv

    “aux1”=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    .js - open - C:\Windows\System32\WScript.exe “%1” %*

    ======List of files/folders created in the last 1 month======

    2013-08-08 16:45:33 —-D—- C:\Program Files\trend micro

    2013-08-08 16:45:32 —-D—- C:\rsit

    2013-08-08 14:40:07 —-D—- C:\Program Files (x86)\ESET

    2013-08-08 14:38:24 —-D—- C:\Users\Gerard\AppData\Roaming\ParetoLogic

    2013-08-08 14:38:24 —-D—- C:\Users\Gerard\AppData\Roaming\DriverCure

    2013-08-08 14:38:12 —-D—- C:\ProgramData\ParetoLogic

    2013-08-08 14:38:12 —-D—- C:\Program Files (x86)\ParetoLogic

    2013-08-08 14:31:13 —-D—- C:\Users\Gerard\AppData\Roaming\Malwarebytes

    2013-08-08 14:31:07 —-D—- C:\ProgramData\Malwarebytes

    2013-08-08 14:31:07 —-A—- C:\Windows\system32\drivers\mbam.sys

    2013-08-08 14:31:06 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2013-08-08 14:21:49 —-A—- C:\AdwCleaner.txt

    2013-08-07 19:23:41 —-A—- C:\Windows\ntbtlog.txt

    2013-07-16 14:33:48 —-A—- C:\Windows\system32\drivers\fsbts.sys

    2013-07-16 14:27:41 —-A—- C:\Windows\SYSWOW64\drivers\fsbts.sys

    2013-07-16 14:27:24 —-A—- C:\Windows\prodsett_copy.ini

    2013-07-16 14:20:20 —-D—- C:\Windows\Minidump

    2013-07-16 14:02:23 —-D—- C:\Program Files (x86)\Internetbeveiliging

    2013-07-16 13:59:40 —-D—- C:\ProgramData\F-Secure

    2013-07-13 01:01:20 —-A—- C:\Windows\SYSWOW64\ieui.dll

    2013-07-13 01:01:19 —-A—- C:\Windows\system32\ieui.dll

    2013-07-13 01:01:18 —-A—- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe

    2013-07-13 01:01:18 —-A—- C:\Windows\SYSWOW64\iesysprep.dll

    2013-07-13 01:01:18 —-A—- C:\Windows\SYSWOW64\iesetup.dll

    2013-07-13 01:01:18 —-A—- C:\Windows\SYSWOW64\iertutil.dll

    2013-07-13 01:01:18 —-A—- C:\Windows\SYSWOW64\iernonce.dll

    2013-07-13 01:01:18 —-A—- C:\Windows\system32\RegisterIEPKEYs.exe

    2013-07-13 01:01:18 —-A—- C:\Windows\system32\iesysprep.dll

    2013-07-13 01:01:18 —-A—- C:\Windows\system32\iesetup.dll

    2013-07-13 01:01:18 —-A—- C:\Windows\system32\iertutil.dll

    2013-07-13 01:01:18 —-A—- C:\Windows\system32\iernonce.dll

    2013-07-13 01:01:18 —-A—- C:\Windows\system32\ie4uinit.exe

    2013-07-13 01:01:17 —-A—- C:\Windows\SYSWOW64\msfeeds.dll

    2013-07-13 01:01:17 —-A—- C:\Windows\system32\msfeeds.dll

    2013-07-13 01:01:16 —-A—- C:\Windows\SYSWOW64\jscript.dll

    2013-07-13 01:01:16 —-A—- C:\Windows\system32\jscript.dll

    2013-07-13 01:01:15 —-A—- C:\Windows\SYSWOW64\jscript9.dll

    2013-07-13 01:01:15 —-A—- C:\Windows\system32\jscript9.dll

    2013-07-13 01:01:14 —-A—- C:\Windows\SYSWOW64\urlmon.dll

    2013-07-13 01:01:14 —-A—- C:\Windows\system32\urlmon.dll

    2013-07-13 01:01:12 —-A—- C:\Windows\SYSWOW64\wininet.dll

    2013-07-13 01:01:12 —-A—- C:\Windows\SYSWOW64\jsproxy.dll

    2013-07-13 01:01:12 —-A—- C:\Windows\system32\jsproxy.dll

    2013-07-13 01:01:11 —-A—- C:\Windows\system32\wininet.dll

    2013-07-13 01:01:10 —-A—- C:\Windows\SYSWOW64\ieframe.dll

    2013-07-13 01:01:08 —-A—- C:\Windows\system32\ieframe.dll

    2013-07-13 01:01:07 —-A—- C:\Windows\system32\mshtml.dll

    2013-07-13 01:01:04 —-A—- C:\Windows\SYSWOW64\mshtml.dll

    2013-07-11 11:27:35 —-A—- C:\Windows\SYSWOW64\qedit.dll

    2013-07-11 11:27:35 —-A—- C:\Windows\system32\qedit.dll

    2013-07-11 11:27:33 —-A—- C:\Windows\SYSWOW64\WMVDECOD.DLL

    2013-07-11 11:27:33 —-A—- C:\Windows\system32\WMVDECOD.DLL

    2013-07-11 11:27:27 —-A—- C:\Windows\system32\win32k.sys

    2013-07-11 11:27:18 —-A—- C:\Windows\system32\DWrite.dll

    2013-07-11 11:27:17 —-A—- C:\Windows\SYSWOW64\DWrite.dll

    ======List of files/folders modified in the last 1 month======

    2013-08-08 16:45:33 —-RD—- C:\Program Files

    2013-08-08 14:40:07 —-RD—- C:\Program Files (x86)

    2013-08-08 14:38:27 —-D—- C:\Windows\Tasks

    2013-08-08 14:38:12 —-HD—- C:\ProgramData

    2013-08-08 14:38:12 —-D—- C:\Program Files (x86)\Common Files

    2013-08-08 14:31:07 —-D—- C:\Windows\system32\drivers

    2013-08-08 14:29:51 —-D—- C:\Windows

    2013-08-08 14:26:45 —-D—- C:\Windows\SysWOW64

    2013-08-08 14:24:06 —-HD—- C:\ASUS.DAT

    2013-08-08 14:11:31 —-D—- C:\Windows\Temp

    2013-08-07 19:27:48 —-D—- C:\Users\Gerard\AppData\Roaming\Skype

    2013-08-07 19:27:44 —-D—- C:\Users\Gerard\AppData\Roaming\Spotify

    2013-08-07 17:14:48 —-D—- C:\Windows\system32\config

    2013-08-07 11:30:23 —-D—- C:\Windows\Prefetch

    2013-08-07 11:19:24 —-A—- C:\Windows\SYSWOW64\log.txt

    2013-08-07 11:17:26 —-A—- C:\Windows\system32\AutoRunFilter.ini

    2013-08-07 11:14:34 —-A—- C:\Windows\system32\ServiceFilter.ini

    2013-08-07 11:11:50 —-D—- C:\Users\Gerard\AppData\Roaming\uTorrent

    2013-08-03 21:49:32 —-D—- C:\Users\Gerard\AppData\Roaming\vlc

    2013-07-22 14:17:36 —-SHD—- C:\System Volume Information

    2013-07-16 14:33:48 —-D—- C:\Windows\system32\catroot

    2013-07-16 14:27:41 —-SHD—- C:\Windows\Installer

    2013-07-16 14:27:41 —-D—- C:\Windows\SYSWOW64\drivers

    2013-07-16 14:13:32 —-D—- C:\Windows\inf

    2013-07-16 14:02:38 —-D—- C:\Windows\winsxs

    2013-07-13 13:27:54 —-RSD—- C:\Windows\assembly

    2013-07-13 13:27:54 —-D—- C:\Windows\Microsoft.NET

    2013-07-13 11:55:05 —-D—- C:\Program Files\Microsoft Silverlight

    2013-07-13 11:55:03 —-D—- C:\Program Files (x86)\Microsoft Silverlight

    2013-07-13 11:53:45 —-D—- C:\Windows\System32

    2013-07-13 11:53:45 —-D—- C:\Program Files\Windows Defender

    2013-07-13 11:53:45 —-D—- C:\Program Files (x86)\Windows Defender

    2013-07-13 11:53:45 —-D—- C:\Program Files (x86)\Internet Explorer

    2013-07-13 11:53:44 —-D—- C:\Program Files\Windows Journal

    2013-07-13 11:53:44 —-D—- C:\Program Files\Internet Explorer

    2013-07-13 11:53:20 —-D—- C:\Users\Gerard\AppData\Roaming\SoftGrid Client

    2013-07-13 01:08:24 —-A—- C:\Windows\system32\PerfStringBackup.INI

    2013-07-13 01:02:35 —-A—- C:\Windows\system32\MRT.exe

    2013-07-13 01:01:36 —-D—- C:\Windows\system32\catroot2

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 fsbts;fsbts; C:\Windows\system32\Drivers\fsbts.sys

    R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys

    R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys

    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys

    R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys

    R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys

    R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys

    R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys

    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys

    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys

    R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys

    R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys

    R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys

    S1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

    S1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\HIPS\drivers\fshs.sys

    S1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys

    S2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

    S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys

    S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys

    S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys

    S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys

    S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys

    S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys

    S3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys

    S3 fsni;fsni; \??\C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Scanning\fsni64.sys

    S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys

    S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys

    S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys

    S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys

    S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys

    S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys

    S3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys

    S3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys

    S3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys

    S3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys

    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys

    S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); C:\Windows\system32\DRIVERS\sscebus.sys

    S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; C:\Windows\system32\DRIVERS\sscemdfl.sys

    S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; C:\Windows\system32\DRIVERS\sscemdm.sys

    S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM); C:\Windows\system32\DRIVERS\ssceserd.sys

    S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys

    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys

    S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys

    S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys

    S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys

    S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    S2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe

    S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    S2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

    S2 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe

    S2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

    S2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    S2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

    S2 fshoster;F-Secure Dll Hoster; C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe

    S2 FSORSPClient;F-Secure ORSP Client; C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe

    S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    S2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe

    S2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

    S2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

    S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe

    S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

    S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

    S3 FSMA;F-Secure Management Agent; C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE

    S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

    S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe

    S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

    S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    S3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe

    S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

    —————–EOF—————–

  • fazantje

    Hoi Tessie,

    Je kunt niet meer in normale modus starten begrijp ik:S

    We gaan even wat dieper kijken op besmettingen en als dit niet de oplossing geeft wat ik verwacht, gaan we softwarematig stap voor stap bekijken wat de oorzaak is.

    Download zoek.exe naar het bureaublad.

    Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze in conflict komen met zoek.exe

    Dubbelklik op Zoek.exe om de tool te starten.

    Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster.

    Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

    firefoxlook;

    chromelook;

    standardsearch;

    filesrcm;

    autoclean;

    startupall;

    Klik nu op de knop “Run script”.

    Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    Post nu de inhoud van het geopende logje in het volgende bericht.

    Vertel gelijk hoe het nu is met jou probleem.

    Succes,

    Huib;)

  • tessie

    Hallo Huib,

    Bedankt dat je mij wilt helpen.

    Hierbij het logje.

    Hij moest wel nog een keer opstarten voordat het logje kwam. En bij dat opstarten kwam weer dezelfde melding. Ik ben nu in veilige modus opgestart.

    Ik zal zo nog een keer opstarten.

    Zoek.exe Version 4.0.0.4 Updated 07-August-2013

    Tool run by Gerard on do 08-08-2013 at 18:33:58,97.

    InstallShield* 6.1.7601 x64 WMI=failure

    Running in: Safe Mode NETWORK Internet Access Detected

    Launched: C:\Users\Gerard\Desktop\zoek.exe

    ==== System Restore Info ======================

    ==== Deleting CLSID Registry Keys ======================

    ==== Deleting CLSID Registry Values ======================

    ==== Running Processes ======================

    C:\Users\Gerard\Desktop\zoek.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    ==== Deleting Services ======================

    ==== Deleting Files \ Folders ======================

    “C:\Windows\SysNative\roboot64.exe” deleted

    “C:\Program Files (x86)\ParetoLogic” deleted

    “C:\Program Files (x86)\Common Files\ParetoLogic” deleted

    “C:\Users\Gerard\AppData\Roaming\ParetoLogic” deleted

    “C:\Users\Gerard\AppData\Roaming\DriverCure” deleted

    “C:\Users\Gerard\AppData\Roaming\Systweak” deleted

    “C:\ProgramData\ParetoLogic” deleted

    “C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic” deleted

    “C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic” deleted

    ==== System Specs ======================

    Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

    Memory (RAM): 4001 MB

    CPU Info: Intel(R) Celeron(R) CPU B815 @ 1.60GHz

    CPU Speed: 1635,2 MHz

    Sound Card: Not detected

    Display Adapters: | RDP Encoder Mirror Driver

    Monitors: 1x;

    Screen Resolution: 800 X 600 - 32 bit

    Network: Network Present

    Network Adapters: Microsoft Virtual WiFi Miniport Adapter | 802.11n Wireless LAN Card | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)

    CD / DVD Drives: 2x (E: | F: | ) E: TSSTcorpCDDVDW SN-208BB | F: MagicISOVirtual DVD-ROM

    Ports: COM Ports NOT Present. LPT Port NOT Present.

    Mouse: 5 Button Wheel Mouse Present

    Hard Disks: C: 119,2GB | D: 144,1GB

    Hard Disks - Free: C: 1,4GB | D: 63,6GB

    Manufacturer *: American Megatrends Inc.

    BIOS Info: AT/AT COMPATIBLE | 04/18/12 | _ASUS_ - 6222004

    Time Zone: West-Europa (standaardtijd)

    Motherboard *: ASUSTeK Computer Inc. K54C

    Internet Explorer Version: 10.0.9200.16635

    Sun Java version: No Java Installed?

    Country: Nederland

    Language: NLD

    ==== Files Recently Created / Modified ======================

    ====== C:\Windows ====

    2013-07-16 12:27:24 3C2EBF7FEF764EE59983AF2F600A664D 19612 —-a-w- C:\Windows\prodsett_copy.ini

    ====== C:\Users\Gerard\AppData\Local\Temp ====

    ====== C:\Windows\SysWOW64 =====

    ====== C:\Windows\SysWOW64\drivers =====

    2013-07-16 12:27:41 343786E182B9C9AE3066E00DEC650F50 42672 —-a-w- C:\Windows\SysWOW64\drivers\fsbts.sys

    ====== C:\Windows\Sysnative =====

    ====== C:\Windows\Sysnative\drivers =====

    2013-08-08 12:31:07 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys

    2013-07-16 12:33:48 F59F2C574AA5D84477EB89F87C938F16 56016 —-a-w- C:\Windows\Sysnative\drivers\fsbts.sys

    ====== C:\Windows\Tasks ======

    2013-08-08 12:38:13 FC78FEC1FE2708DB5690DF53469238C4 402 —-a-w- C:\Windows\Tasks\PC Health Advisor Defrag.job

    2013-08-08 12:38:13 BC95F8257E9D51F29BA7171E7D35EE0A 384 —-a-w- C:\Windows\Tasks\PC Health Advisor.job

    ====== C:\Windows\Temp ======

    ======= C:\Program Files =====

    2013-08-08 14:45:33 ——– d—–w- C:\Program Files\trend micro

    ======= C:\Program Files (x86) =====

    2013-08-08 12:40:07 ——– d—–w- C:\Program Files (x86)\ESET

    2013-07-16 12:02:23 ——– d—–w- C:\Program Files (x86)\Internetbeveiliging

    ======= C: =====

    2013-08-08 12:21:49 78C4DB847F557C3F045770BF334626E9 2274 —-a-w- C:\AdwCleaner.txt

    ====== C:\Users\Gerard\AppData\Roaming ======

    2013-08-08 12:30:56 ——– d—–w- C:\users\Gerard\AppData\Local\Programs

    2013-08-08 12:11:42 ——– d—–w- C:\users\Gerard\AppData\Local\ElevatedDiagnostics

    ====== C:\Users\Gerard ======

    2013-08-08 14:45:26 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Gerard\Desktop\RSITx64.exe

    2013-08-08 12:21:27 4C47469F47FD9F8437B62A86F6E0874F 666633 —-a-w- C:\Users\Gerard\Desktop\adwcleaner.exe

    2013-07-16 12:02:45 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ziggo Internetbeveiliging

    2013-07-16 11:59:40 ——– d—–w- C:\ProgramData\F-Secure

    ====== C: exe-files ==

    2013-08-08 14:45:33 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Gerard.exe

    2013-08-08 14:45:26 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Gerard\Desktop\RSITx64.exe

    2013-08-08 12:40:12 CE0D0B11986FD2C0247AE88A59B36A6E 579904 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

    2013-08-08 12:40:12 BDB7D97012F9B3102DB72AA76A24942A 546944 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

    2013-08-08 12:40:12 7C9EEC809FB9CDA26EFC245C001EA980 2347384 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

    2013-08-08 12:40:12 7ABF8849E76732C357F419B1AF5668F2 546944 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe

    2013-08-08 12:40:12 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

    2013-08-08 12:40:06 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 —-a-w- C:\Users\Gerard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVV26FYY\esetsmartinstaller_enu.exe

    2013-08-08 12:30:52 683FDD3D773C58B262DC07CD0C6CE938 10285040 —-a-w- C:\Users\Gerard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7R1ZQETA\mbam-setup-1.75.0.1300.exe

    2013-08-08 12:21:27 4C47469F47FD9F8437B62A86F6E0874F 666633 —-a-w- C:\Users\Gerard\Desktop\adwcleaner.exe

    === C: other files ==

    2013-08-08 16:34:08 0BE568FD1E7D6C6D64D2272649F5C716 111 —-a-w- C:\Users\Gerard\AppData\Local\Temp\scripttest.vbs

    2013-08-08 12:31:07 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys

    ==== Startup Registry Enabled ======================

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “KiesHelper”=“C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s”

    “KiesPDLR”=“C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe”

    “msnmsgr”=“C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background”

    “Spotify”=“C:\Users\Gerard\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart”

    “Spotify Web Helper”=“C:\Users\Gerard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”

    “Facebook Update”=“C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver”

    “Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “FlashPlayerUpdate”=“C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex”

    “Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    “ASUSPRP”=“C:\Program Files (x86)\ASUS\APRP\APRP.EXE”

    “ASUSWebStorage”=“C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S”

    “SonicMasterTray”=“C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe”

    “ATKOSD2”=“C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe”

    “ATKMEDIA”=“C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe”

    “HControlUser”=“C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe”

    “Wireless Console 3”=“C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe”

    “QuickTime Task”=“C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime”

    “KiesTrayAgent”=“C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe”

    “APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”

    “iTunesHelper”=“C:\Program Files (x86)\iTunes\iTunesHelper.exe”

    “F-Secure Hoster (45123)”=“C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe -app -hosterid:1”

    “F-Secure Manager”=“C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE /splash”

    “Malwarebytes Anti-Malware”=“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent”

    “KiesHelper”=“C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s”

    “KiesPDLR”=“C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe”

    “msnmsgr”=“C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background”

    “Spotify”=“C:\Users\Gerard\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart”

    “Spotify Web Helper”=“C:\Users\Gerard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”

    “Facebook Update”=“C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver”

    “Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”

    “FlashPlayerUpdate”=“C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex”

    ==== Startup Registry Enabled x64 ======================

    “IgfxTray”=“C:\Windows\system32\igfxtray.exe”

    “HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”

    “AmIcoSinglun64”=“C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe”

    “RtHDVBg”=“C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 ”

    “ETDCtrl”=“%ProgramFiles%\Elantech\ETDCtrl.exe ”

    ==== Startup Registry Disabled x64 ======================

    “command”=“C:\\Program Files (x86)\\ASUS\\Splendid\\ACMON.exe”

    “hkey”=“HKLM”

    “item”=“ACMON”

    “key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”

    “command”=“\”C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\“”

    “hkey”=“HKLM”

    “item”=“Adobe Reader Speed Launcher”

    “key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”

    “command”=“C:\\Windows\\AsScrPro.exe”

    “hkey”=“HKLM”

    “item”=“ASUS Screen Saver Protector”

    “key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”

    “command”=“\”C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\“”

    “hkey”=“HKLM”

    “item”=“CLMLServer”

    “key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”

    “command”=“C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s”

    “hkey”=“HKLM”

    “item”=“RtHDVCpl”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    ==== Startup Folders ======================

    2012-12-01 10:49:24 995 —-a-w- C:\users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

    2012-10-16 17:28:10 1367 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

    2012-05-10 03:06:49 2617 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk

    2013-05-01 09:56:55 2048 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:@C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3408539280-2068026174-2983876654-1000Core.job –a—— C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe

    C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3408539280-2068026174-2983876654-1000UA.job –a—— C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe

    C:\Windows\tasks\ParetoLogic Registration3.job –a—— C:\Windows\system32\rundll32GC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll

    C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job –a—— C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

    C:\Windows\tasks\ParetoLogic Update Version3.job –a—— C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

    C:\Windows\tasks\PC Health Advisor Defrag.job –a—— C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe

    C:\Windows\tasks\PC Health Advisor.job –a—— C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe

    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

    cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Gerard\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

    cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Gerard\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx

    Google Docs - Gerard - Default\Extensions\aohghmighlieiainnegkcijnfilokake

    Google Drive - Gerard - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

    YouTube - Gerard - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

    Google Search - Gerard - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

    Gmail - Gerard - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

    ==== Set IE to Default ======================

    Old Values:

    “Start Page”=“http://startpagina.nl/”

    “DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”

    New Values:

    “Start Page”=“http://startpagina.nl/”

    “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”

    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-3408539280-2068026174-2983876654-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

    HKEY_USERS\S-1-5-21-3408539280-2068026174-2983876654-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

    HKEY_USERS\S-1-5-21-3408539280-2068026174-2983876654-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully

    HKEY_USERS\S-1-5-21-3408539280-2068026174-2983876654-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully

    HKEY_USERS\S-1-5-21-3408539280-2068026174-2983876654-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

    HKEY_USERS\S-1-5-21-3408539280-2068026174-2983876654-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

    HKEY_CLASSES_ROOT\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully

    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully

    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

    ==== Deleting CLSID Registry Values ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

    ==== HijackThis Entries ======================

    R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

    F2 - REG:system.ini: UserInit=userinit.exe

    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime

    O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe” -app -hosterid:1

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE” /splash

    O4 - HKLM\..\RunOnce: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

    O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

    O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background

    O4 - HKCU\..\Run: “C:\Users\Gerard\AppData\Roaming\Spotify\Spotify.exe” /uri spotify:autostart

    O4 - HKCU\..\Run: “C:\Users\Gerard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”

    O4 - HKCU\..\Run: “C:\Users\Gerard\AppData\Local\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun

    O4 - HKCU\..\RunOnce: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex

    O4 - HKCU\..\RunOnce: C:\AdwCleaner.txt

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: FancyStart daemon.lnk = ?

    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

    O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe

    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe

    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE

    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe

    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    ==== Empty IE Cache ======================

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Gerard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Gerard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Users\Gerard\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    No FireFox Profiles found

    ==== Empty Chrome Cache ======================

    C:\users\Gerard\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    C:\users\Gerard\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    No Java Cache Found

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\Windows\Temp successfully emptied

    C:\Users\Gerard\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== EOF on do 08-08-2013 at 18:48:01,97 ======================

  • tessie

    Net weer opgestart. Krijg hetzelfde blauwe scherm en moet in veilige modus opstarten.

  • fazantje

    Hoi Tessie,

    Dat vermoeden had ik al helaas:X

    Een blue screen kan 1001 oorzaken hebben.

    Zoek exe heeft wel verwijderingen gedaan, maar die hebben/hadden geen invloed op de blue screen.

    Stel voor alle zekerheid bestanden e.d. die je wilt behouden veilig, want een herinstal van windows is misschien nodig om de blue screen weg te krijgen.

    Uiteraard gaan we nog wel de nodige zaken proberen om zo die melding op te sporen.

    Doe het volgende:

    In veilige modus ga je naar msconfig, tabblad opstarten en vink alles uit behalve de virus/malware protectie.

    Nu start je in normale modus op.

    Als dat goed gaat ga je opnieuw naar msconfig - tabblad opstarten en vink 2 programma's aan.

    Opslaan en weer opstarten.

    Iedere keer dat je opnieuw opstart, en het gaat goed, steeds blijven herhalen.

    Blijkt dan na het opnieuw aanvinken van programma's de melding komt, dan weet je dat het 1 van die 2 is.

    Vervolgens weer die 2 uit schakelen en dan 1 voor 1 inschakelen.

    Ik hoop dat je zo de “dader” kan vinden.

    Ik weet niet of je dit nog voor 21 uur gaat redden, maar ik moet om 21 uur naar mijn werk en Ben is op vakantie.

    Ik zie het anders morgenmiddag wel weer.

    Succes,

    Huib;)

  • tessie

    Hoi Huib,

    Ik heb alleen McAfree aangezet, maar zelfs dan doet ie het niet.

    groet, tessie

  • Jos H

    Hoi Tessie

    Probeer uit de volgende link de hotfix eens. http://support.microsoft.com/kb/810558/nl

    In veilige modus met netwerk ondersteuning.

  • fazantje

    Hoi Tessie,

    Je kunt nog een ouder systeemherstelpunt nemen van voor het probleem.

    Werkt dit ook niet, dan zit er niets anders op dan een herinstal van windows.

    Dit kan d.m.v. CD/DVD of een recovery (als die op je computer zit). Meestal F8.

    Een recovery stelt de computer terug naar de fabrieksinstellingen, dus zo als je hem kocht.

    Ik zal Jos H van het hard- en software prikbord vragen om jou hierin verder te helpen.

    Groetjes Huib;)

  • fazantje

    (:D:D(tu)

    Bedankt(tu)

    Groetjes Huib;)

  • fazantje

    hoi Tessie,

    Voor ik het vergeet:

    Als er een herinstal moet, download dan absoluut niet via softsonic.

    Ik kwam deze tegen in 1 van de logjes en het is vragen om besmettingen als je via softsonic gaat downloaden.

    Groetjes Huib;)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.