Trage laptop

lg

01-09-2013 17:41

Na het verwijderen van diverse software hierbij de de vraagde logfiles.
Na de schoonmaak draait hij al beter maar wat kan er nog meer weg?MvG,
MvG,
LG
# AdwCleaner v3.001 - Report created 01/09/2013 at 15:53:50
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gerie - GERIE-PC
# Running from : C:\Users\Gerie\Desktop\adwcleaner.exe
# Option : Clean
***** *****
***** *****
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\PHPNukeDU
Folder Deleted : C:\Program Files (x86)\ToggleDU
Folder Deleted : C:\Users\Gerie\AppData\Local\Conduit
Folder Deleted : C:\Users\Gerie\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Gerie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Gerie\AppData\LocalLow\PHPNukeDU
Folder Deleted : C:\Users\Gerie\AppData\LocalLow\ToggleDU
Folder Deleted : C:\Users\Gerie\AppData\Roaming\Systweak
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Gerie\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** *****
***** *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46735DEE-F862-49D1-876D-6382794DC625}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1EBF9CD-BE17-4D2D-8044-0671D4C9141D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BA17A4-635D-4475-BA0C-9D055ADDF714}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\PHPNukeDU
Key Deleted : HKCU\Software\AppDataLow\Software\ToggleDU
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\PHPNukeDU
Key Deleted : HKLM\Software\ToggleDU
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToggleDU Toolbar
***** *****
-\\ Internet Explorer v10.0.9200.16660
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.09.01.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Gerie :: GERIE-PC
1-9-2013 15:57:34
mbam-log-2013-09-01 (15-57-34).txt
Scan type: Volledige scan (C:\|D:\|E:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 358255
Verstreken tijd: 1 uur/uren, 14 minuut/minuten, 25 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 22
C:\Program Files (x86)\PopCap Games\Bejeweled\Parche.exe (RiskWare.Tool.CK) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\Zylom Games\SCRABBLE(R) WETTIG GEDEPONEERD kruiswoordpuzzelspel\scrabble.exe (PUP.Downloader.ZYL) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\AppData\Local\Temp\nsm282A.tmp\webcake_2205-a3f0f0d9.exe (Trojan.PUP.WebCake.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\AppData\Local\Zylom Games\Bookworm Deluxe\Bookworm.exe (PUP.Downloader.ZYL) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\AppData\Local\Zylom Games\Scrabble Deluxe\scrabble.exe (PUP.Downloader.ZYL) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\iLvSetup-r544-n-bc (1).exe (PUP.Optional.Bandoo) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\iLvSetup-r544-n-bc (2).exe (PUP.Optional.Bandoo) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\iLvSetup-r544-n-bc (3).exe (PUP.Optional.Bandoo) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\iLvSetup-r544-n-bc (4).exe (PUP.Optional.Bandoo) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\iLvSetup-r544-n-bc.exe (PUP.Optional.Bandoo) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\rcpsetup_onlyad2 (1).exe (PUP.Optional.RegCleanerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\rcpsetup_onlyad2.exe (PUP.Optional.RegCleanerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\rcpsetup_softonic_new_nl_ros_new (1).exe (PUP.Optional.RegCleanerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\rcpsetup_softonic_new_nl_ros_new (2).exe (PUP.Optional.RegCleanerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\rcpsetup_softonic_new_nl_ros_new (3).exe (PUP.Optional.RegCleanerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\rcpsetup_softonic_new_nl_ros_new (4).exe (PUP.Optional.RegCleanerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\rcpsetup_softonic_new_nl_ros_new (5).exe (PUP.Optional.RegCleanerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\rcpsetup_softonic_new_nl_ros_new.exe (PUP.Optional.RegCleanerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\REPOST Scrabble Deluxe ZELF INSTALLEREN\scrabbledownload.exe (PUP.Downloader.ZYL) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Windows\ccdxmmde.dat (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Windows\drss.dat (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Windows\xessmsxe.dat (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gerie at 2013-09-01 17:27:31
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 202 GB (70%) free of 290 GB
Total RAM: 2934 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:27:39, on 1-9-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Gerie.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnederland.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKCU\..\Run: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 7331 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
“c:\Program Files\Microsoft Security Client\MsMpEng.exe”
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 40237040
\??\C:\Windows\system32\conhost.exe "9500988659302161241447551708126577283583321394010822447227456804641953762
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe”
“C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe”
“C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe”
“C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe”
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
“taskhost.exe”
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
“C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe”
WLIDSvcM.exe 1964
“c:\Program Files\Microsoft Security Client\NisSrv.exe”
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”
“C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe”
“C:\Program Files\Synaptics\SynTP\SynTPHelper.exe”
“C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe” -s
“C:\Program Files (x86)\Realtek\Audio\OSD\RTVOSD64.EXE”
“C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe”
“C:\Windows\System32\igfxtray.exe”
“C:\Windows\System32\hkcmd.exe”
“C:\Windows\System32\igfxpers.exe”
“C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
“C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe” -hidden
C:\Windows\system32\wbem\wmiprvse.exe
“C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
C:\Windows\system32\SearchIndexer.exe /Embedding
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”
“C:\Program Files\Internet Explorer\IEXPLORE.EXE”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:4084 CREDAT:209921 /prefetch:2
taskeng.exe {9551D04A-216D-422E-88B3-19E3B763E8A6}
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe”
C:\Windows\system32\sppsvc.exe
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe”
“C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:4084 CREDAT:537613 /prefetch:2
C:\Windows\system32\wbem\wmiprvse.exe
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe” /hidden
“C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe” “HP Wireless AssistantWLAN: AanC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico1953491437C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:4084 CREDAT:144408 /prefetch:2
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
“C:\Windows\system32\SearchFilterHost.exe” 0 516 520 528 65536 524
C:\Windows\system32\svchost.exe -k SDRSVC
“C:\Users\Gerie\Desktop\Spy\RSITx64.exe”
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
======Registry dump======
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
“IAAnotif”=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
“RTHDVCPL”=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
“RtkOSD”=C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
“HP Quick Launch”=C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
“HPWirelessAssistant”=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
“IgfxTray”=C:\Windows\system32\igfxtray.exe
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe
“Persistence”=C:\Windows\system32\igfxpers.exe
“MSC”=c:\Program Files\Microsoft Security Client\msseces.exe
“LightScribe Control Panel”=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
“msnmsgr”=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –no-startup-window
C:\PROGRA~2\MYPCBA~1\MYPCBA~1.EXE
C:\Windows\system32\igfxdev.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableLUA”=0
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoDriveTypeAutoRun”=145
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“MSVideo8”=VfWWDM32.dll
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2013-09-01 17:27:31 —-D—- C:\rsit
2013-09-01 17:27:31 —-D—- C:\Program Files\trend micro
2013-09-01 15:56:51 —-D—- C:\Users\Gerie\AppData\Roaming\Malwarebytes
2013-09-01 15:52:55 —-D—- C:\AdwCleaner
2013-09-01 15:35:38 —-D—- C:\Program Files (x86)\Microsoft Security Client
2013-09-01 15:35:36 —-D—- C:\Program Files\Microsoft Security Client
2013-09-01 15:33:26 —-D—- C:\ProgramData\Malwarebytes
2013-09-01 15:33:25 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-01 15:33:25 —-A—- C:\Windows\system32\drivers\mbam.sys
2013-09-01 15:18:29 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-09-01 15:18:25 —-D—- C:\Windows\system32\Macromed
2013-09-01 15:00:18 —-D—- C:\Windows\pss
2013-09-01 14:56:53 —-D—- C:\Program Files\CCleaner
2013-08-14 02:59:20 —-A—- C:\Windows\SYSWOW64\ieui.dll
2013-08-14 02:59:20 —-A—- C:\Windows\system32\ieui.dll
2013-08-14 02:59:19 —-A—- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-08-14 02:59:19 —-A—- C:\Windows\SYSWOW64\iesysprep.dll
2013-08-14 02:59:19 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2013-08-14 02:59:19 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2013-08-14 02:59:19 —-A—- C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 02:59:19 —-A—- C:\Windows\system32\iesetup.dll
2013-08-14 02:59:19 —-A—- C:\Windows\system32\iernonce.dll
2013-08-14 02:59:19 —-A—- C:\Windows\system32\ie4uinit.exe
2013-08-14 02:59:18 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2013-08-14 02:59:18 —-A—- C:\Windows\system32\iesysprep.dll
2013-08-14 02:59:18 —-A—- C:\Windows\system32\iertutil.dll
2013-08-14 02:59:17 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2013-08-14 02:59:17 —-A—- C:\Windows\system32\msfeeds.dll
2013-08-14 02:59:16 —-A—- C:\Windows\SYSWOW64\jscript.dll
2013-08-14 02:59:16 —-A—- C:\Windows\system32\jscript9.dll
2013-08-14 02:59:16 —-A—- C:\Windows\system32\jscript.dll
2013-08-14 02:59:15 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2013-08-14 02:59:14 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2013-08-14 02:59:14 —-A—- C:\Windows\system32\urlmon.dll
2013-08-14 02:59:13 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2013-08-14 02:59:13 —-A—- C:\Windows\system32\jsproxy.dll
2013-08-14 02:59:12 —-A—- C:\Windows\SYSWOW64\wininet.dll
2013-08-14 02:59:12 —-A—- C:\Windows\system32\wininet.dll
2013-08-14 02:59:11 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2013-08-14 02:59:09 —-A—- C:\Windows\system32\ieframe.dll
2013-08-14 02:59:08 —-A—- C:\Windows\system32\mshtml.dll
2013-08-14 02:59:06 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2013-08-14 02:52:41 —-D—- C:\Windows\system32\MRT
2013-08-14 01:13:44 —-A—- C:\Windows\SYSWOW64\wintrust.dll
2013-08-14 01:13:44 —-A—- C:\Windows\SYSWOW64\cryptsvc.dll
2013-08-14 01:13:44 —-A—- C:\Windows\SYSWOW64\cryptnet.dll
2013-08-14 01:13:44 —-A—- C:\Windows\SYSWOW64\crypt32.dll
2013-08-14 01:13:44 —-A—- C:\Windows\system32\wintrust.dll
2013-08-14 01:13:44 —-A—- C:\Windows\system32\cryptsvc.dll
2013-08-14 01:13:44 —-A—- C:\Windows\system32\cryptnet.dll
2013-08-14 01:13:44 —-A—- C:\Windows\system32\crypt32.dll
2013-08-14 01:13:35 —-A—- C:\Windows\SYSWOW64\tzres.dll
2013-08-14 01:13:35 —-A—- C:\Windows\system32\tzres.dll
2013-08-14 01:13:30 —-A—- C:\Windows\SYSWOW64\WMVDECOD.DLL
2013-08-14 01:13:30 —-A—- C:\Windows\SYSWOW64\rpcrt4.dll
2013-08-14 01:13:30 —-A—- C:\Windows\system32\WMVDECOD.DLL
2013-08-14 01:13:30 —-A—- C:\Windows\system32\rpcrt4.dll
2013-08-14 01:13:29 —-A—- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-08-14 01:13:28 —-A—- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-08-14 01:13:28 —-A—- C:\Windows\system32\ntoskrnl.exe
2013-08-14 01:13:28 —-A—- C:\Windows\system32\ntdll.dll
2013-08-14 01:13:27 —-A—- C:\Windows\SYSWOW64\wow32.dll
2013-08-14 01:13:27 —-A—- C:\Windows\SYSWOW64\user.exe
2013-08-14 01:13:27 —-A—- C:\Windows\SYSWOW64\setup16.exe
2013-08-14 01:13:27 —-A—- C:\Windows\SYSWOW64\ntvdm64.dll
2013-08-14 01:13:27 —-A—- C:\Windows\SYSWOW64\ntdll.dll
2013-08-14 01:13:27 —-A—- C:\Windows\SYSWOW64\instnm.exe
2013-08-14 01:13:27 —-A—- C:\Windows\system32\wow64.dll
2013-08-14 01:13:25 —-A—- C:\Windows\system32\drivers\tssecsrv.sys
2013-08-14 01:13:24 —-A—- C:\Windows\system32\drivers\tcpip.sys
======List of files/folders modified in the last 1 month======
2013-09-01 17:27:31 —-RD—- C:\Program Files
2013-09-01 17:25:21 —-D—- C:\Windows\Temp
2013-09-01 17:22:21 —-D—- C:\Windows\system32\config
2013-09-01 17:22:08 —-A—- C:\Windows\SYSWOW64\log.txt
2013-09-01 17:20:30 —-D—- C:\ProgramData\Windows
2013-09-01 15:53:54 —-D—- C:\Windows\System32
2013-09-01 15:53:50 —-RD—- C:\Program Files (x86)
2013-09-01 15:53:50 —-HD—- C:\ProgramData
2013-09-01 15:47:41 —-D—- C:\Windows\SysWOW64
2013-09-01 15:37:02 —-SHD—- C:\System Volume Information
2013-09-01 15:36:17 —-D—- C:\Windows
2013-09-01 15:35:42 —-SHD—- C:\Windows\Installer
2013-09-01 15:35:39 —-D—- C:\Windows\system32\drivers
2013-09-01 15:35:39 —-D—- C:\Windows\system32\catroot
2013-09-01 15:35:38 —-SD—- C:\ProgramData\Microsoft
2013-09-01 15:29:26 —-D—- C:\Program Files (x86)\Common Files
2013-09-01 15:25:22 —-D—- C:\Windows\system32\Tasks
2013-09-01 15:25:22 —-D—- C:\Program Files (x86)\Google
2013-09-01 15:25:21 —-D—- C:\Windows\Tasks
2013-09-01 15:13:28 —-D—- C:\ProgramData\MFAData
2013-09-01 15:06:37 —-D—- C:\Program Files (x86)\Microsoft
2013-09-01 15:03:42 —-D—- C:\Program Files (x86)\Mozilla Firefox
2013-09-01 15:03:41 —-D—- C:\Users\Gerie\AppData\Roaming\Mozilla
2013-08-31 01:28:55 —-D—- C:\Windows\Prefetch
2013-08-15 23:25:50 —-D—- C:\Windows\rescache
2013-08-15 23:09:59 —-D—- C:\Windows\Microsoft.NET
2013-08-15 23:09:58 —-RSD—- C:\Windows\assembly
2013-08-14 18:28:53 —-D—- C:\Windows\winsxs
2013-08-14 18:26:01 —-D—- C:\Windows\SYSWOW64\nl-NL
2013-08-14 18:26:01 —-D—- C:\Windows\system32\nl-NL
2013-08-14 18:26:00 —-D—- C:\Program Files (x86)\Internet Explorer
2013-08-14 18:25:57 —-D—- C:\Program Files\Internet Explorer
2013-08-14 18:25:55 —-D—- C:\Windows\AppPatch
2013-08-14 02:59:43 —-D—- C:\Windows\system32\catroot2
2013-08-14 02:56:08 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-08-14 02:56:07 —-D—- C:\Windows\inf
2013-08-14 02:52:32 —-A—- C:\Windows\system32\MRT.exe
2013-08-14 02:52:13 —-A—- C:\Windows\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R3 BCM43XX;Stuurprogramma voor de Broadcom 802.11-netwerkadapter; C:\Windows\system32\DRIVERS\bcmwl664.sys
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
R2 HPWMISVC;HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S4 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
—————–EOF—————–
Ben

01-09-2013 17:58

Hallo,
Download
Zoek.zip naar het bureaublad.
Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.[
Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
Dubbelklik vervolgens op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
firefoxlook;
chromelook;
{A3BC75A2-1F87-4686-AA43-5347D756017C};c
{CCC7A320-B3CA-4199-B1A6-9F516DD69829};c
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1};c
standardsearch;
filesrcm;
autoclean;
startupall;
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht.
Gr.Ben
lg

01-09-2013 18:18

Zoals gevraagd
Zoek.exe Version 4.0.0.4 Updated 31-08-2013
Tool run by Gerie on zo 01-09-2013 at 18:07:11,06.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gerie\Desktop\zoek\zoek.exe
==== System Restore Info ======================
1-9-2013 18:07:45 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-66021288-411892084-39669315-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully
HKEY_USERS\S-1-5-21-66021288-411892084-39669315-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
==== Running Processes ======================
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Users\Gerie\Desktop\zoek\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
“C:\ProgramData\36a23e0f-f270-4dbf-8f62-6d064bc8997a” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\003f1974-1f8c-4461-a98c-6bc9f66d4fef” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\0c0e34ad-2159-4da7-aeff-d5e18555655b” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\0c32a939-61a9-4e49-bf5e-714a1db5e0c2” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\1184b574-69ec-4aa6-b194-bc62e0dcbb31” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\12fdc178-7507-4136-9ff6-a0d2988b02fc” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\16f52c60-e953-4f09-a5f4-c20b0f9a72a2” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\179d87d8-e517-4897-af6f-f64cfc4eba3f” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\1d3573ff-206b-490e-9564-fdd7aec08c5c” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\307da055-a73d-4fb2-bc81-4a3b7fca4205” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\38590c15-e268-4b0f-9467-08b326e205bb” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\402aa2cb-50e3-4f5e-b22e-3f43d99ed8b3” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\45e3743e-a53e-4e4f-88ac-e1b257abf4d0” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\497a72db-bd1e-4fe1-ade6-433484c3c652” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\56468ccb-2a6e-4154-b03d-5e338b61e417” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\56ddfd18-0a8c-44e6-9497-29b7882ba371” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\5b77d9b5-11a0-4c85-8fea-3a4099e2b5f6” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\7a43e630-df5c-4a63-89c8-cb3afa5101d8” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\9340ed9c-772b-4f4b-9b27-fac4cf2cd60b” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\9988ea6b-691f-4099-a37d-ac04ab082303” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\a0e81ad2-9bd5-4d9e-ac01-f115cdd81dd0” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\a95936ef-7866-4771-becb-3367cb6aca28” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\b86a8dd0-d995-4e63-a4d4-7b468548be1c” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\c42bd326-cd52-4ccc-a08b-1e10a158fcb7” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\c866af5c-369a-4740-8513-7929df06fc6e” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\d0508b6d-c9a1-46a6-994e-ff430bfebccf” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\d7af8ee2-e2f9-4bc6-87e3-8cf99b098617” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\db947b20-d205-4523-9cde-4529cb53e715” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\de334334-71d6-4394-9380-fd63e290ca26” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\dece3d00-5f30-48df-aed8-4811069c162d” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\e5eccce2-200b-40fc-ab69-5620d47d3224” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\ec885701-74bb-4d0b-b983-dd92a70d981f” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\f10db7fe-6847-4837-90c3-15270785d129” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7\ff2e3f04-f8ba-4d09-9bca-eecfa8dd6890” deleted
“C:\ProgramData\1fc7794a-ec09-4d73-a0b2-37ce4a8445a7” deleted
“C:\Programdata\Windows” deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 2934 MB
CPU Info: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
CPU Speed: 2196,1 MHz
Sound Card: Luidsprekers (Realtek High Defi |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Broadcom 4313 (802.11b/g/n)
CD / DVD Drives: 1x (F: | ) F: hp DVD RW AD-7701H
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 283,6GB | D: 14,2GB | E: 99,3MB
Hard Disks - Free: C: 197,6GB | D: 2,0GB | E: 72,7MB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 06/28/10 | HPQOEM - 1
Time Zone: West-Europa (standaardtijd)
Motherboard *: Hewlett-Packard 1439
Internet Explorer Version: 10.0.9200.16660
Sun Java version: No Java Installed?
Country: Nederland
Language: NLD
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-09-01 13:36:17 E185BDA84E5F03F4E1D8DCA30E209277 1912 —-a-w- C:\Windows\epplauncher.mif
====== C:\Users\Gerie\AppData\Local\Temp ====
2013-09-01 12:58:01 895C4812245E244B2F81C71BAD0C4E55 3863136 —-a-w- C:\Users\Gerie\AppData\Local\Temp\ConduitEngine.dll
2013-08-21 10:20:01 D07444BDB22757545CD2FA91654F2FD0 328019 —-a-w- C:\Users\Gerie\AppData\Local\Temp\Quarantine.exe
====== C:\Windows\SysWOW64 =====
2013-09-01 13:18:29 81360ACBCA851F9FEE87E6BDC53E1289 692104 —-a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-09-01 13:33:25 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-08-13 23:13:25 4CE278FC9671BA81A138D70823FCAA09 39936 —-a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
2013-08-13 23:13:24 DB74544B75566C974815E79A62433F29 1910208 —-a-w- C:\Windows\Sysnative\drivers\tcpip.sys
====== C:\Windows\Tasks ======
2013-09-01 13:18:32 D81BE09A58B7039A7A00EBE6F735BB16 940 —-a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-01 13:18:32 340537BFDB60516415FF5A8762B110CD 3878 —-a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-09-01 15:27:31 ——– d—–w- C:\Program Files\trend micro
======= C:\Program Files (x86) =====
======= C: =====
====== C:\Users\Gerie\AppData\Roaming ======
====== C:\Users\Gerie ======
====== C: exe-files ==
2013-09-01 15:27:31 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Gerie.exe
2013-09-01 15:25:11 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Gerie\Desktop\Spy\RSITx64.exe
2013-09-01 15:22:28 D41D8CD98F00B204E9800998ECF8427E 0 —-a-w- C:\Program Files (x86)\Zylom Games\SCRABBLE(R) WETTIG GEDEPONEERD kruiswoordpuzzelspel\scrabble.exe
2013-09-01 13:52:09 F7AF924D0D951FF8F7B05AD2E4FF50D3 994642 —-a-w- C:\Users\Gerie\Desktop\Spy\adwcleaner.exe
2013-09-01 13:34:40 49E73BA0664838DBA942995B66C9421C 13834944 —-a-w- C:\Users\Gerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6IVDW59\mseinstall.exe
2013-09-01 13:32:51 683FDD3D773C58B262DC07CD0C6CE938 10285040 —-a-w- C:\Users\Gerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXAOAPHQ\mbam-setup-1.75.0.1300.exe
2013-09-01 13:23:01 382514BFB8B37AFD88FD15B863785698 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-66021288-411892084-39669315-1000\$IM5JBOR.exe
2013-09-01 13:18:29 81360ACBCA851F9FEE87E6BDC53E1289 692104 —-a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-01 13:18:11 A6621A7AF40D534156F8FEEE9F9CD928 17139080 —-a-w- C:\Users\Gerie\AppData\Local\Temp\E2D0.dir\InstallFlashPlayer.exe
2013-09-01 12:56:24 096C3277599629BD22AF6959D20774B9 4454952 —-a-w- C:\Users\Gerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6IVDW59\ccsetup405.exe
=== C: other files ==
2013-09-01 16:06:06 BFA0B56BFDACAD7F10B4777C742086D1 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-66021288-411892084-39669315-1000\$IEKHG9B.zip
2013-09-01 16:04:36 D7B842F8E99848C71BEFB062B9B22070 3754639 —-a-w- C:\$Recycle.Bin\S-1-5-21-66021288-411892084-39669315-1000\$REKHG9B.zip
2013-09-01 13:33:25 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“LightScribe Control Panel”=“C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“LightScribe Control Panel”=“C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden”
==== Startup Registry Enabled x64 ======================
“IAAnotif”=“C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe”
“RTHDVCPL”=“C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s”
“RtkOSD”=“C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe”
“HP Quick Launch”=“C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe”
“HPWirelessAssistant”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden”
“IgfxTray”=“C:\Windows\system32\igfxtray.exe”
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”
“Persistence”=“C:\Windows\system32\igfxpers.exe”
“MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“SynTPEnh”=“%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe ”
==== Startup Registry Disabled x64 ======================
“item”=“MyPC Backup”
“path”=“C:\\Users\\Gerie\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MyPC Backup.lnk”
“backup”=“C:\\Windows\\pss\\MyPC Backup.lnk.Startup”
“backupExtension”=“.Startup”
“command”=“C:\\PROGRA~2\\MYPCBA~1\\MYPCBA~1.EXE”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job –a—— C:;C:\Windows\TEMP\F32625D4-6204-4B03-868D-705930B2F822.exe
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nneajnkjbffgblleaoojgaacokifdkhm - No path found
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.startnederland.nl/”
“Search Page”=“http://downloads.phpnuke.org/nl/index.php?rvs=google”
“Search Page”=“http://downloads.phpnuke.org/nl/index.php?rvs=google”
“Search Page”=“http://downloads.phpnuke.org/nl/index.php?rvs=google”
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
not found
New Values:
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Start Page”=“http://www.startnederland.nl/”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nneajnkjbffgblleaoojgaacokifdkhm deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKCU\..\Run: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Gerie\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Gerie\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on zo 01-09-2013 at 18:15:34,34 ======================
Ben

01-09-2013 18:26

Hallo,
Dit ziet er weer netjes uit, hoe gaat het nu met de pc?
Gr.Ben
lg

01-09-2013 18:38

Draait goed, nog even verder testen,
Windows backup geeft nog een probleem.
Zal een instelling zijn.
Bedankt voor het meedenken
LG.
Ben

01-09-2013 18:44

Hallo,
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download
Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Activate UAC
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools overgebleven zijn dan kan je die zelf verwijderen.
Gr.Ben
lg

02-09-2013 09:22

De laatste resten verwijderd alles daait weer goed.
Topic kan gesloten worden.
Dank wedrom LG.
Ben

02-09-2013 10:05

Hallo,
Bedankt en graag gedaan.
Gr.Ben
fazantje

02-09-2013 17:14

Omdat dit topic is opgelost word het gesloten.
Wilt U Uw topic als nog weer openen, stuur dan een privé bericht naar Ben of Huib (fazantje).
Zij zullen dan het “slotje” er van af halen en het topic is weer open.
Het AV team.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Trage laptop

lg

Ben

lg

Ben

lg

Ben

lg

Ben

fazantje