Malware

rudi

16-11-2013 16:46

Heren, het laptoppie van mijn eega en dit keer is het mijn schuld.
Ze wilde Open Office (ik heb nota bene een officiele MS Office maar ze was zo aan Oon Off gewend ) en die heb ik gedownload. Bij de installatie begon Avast te gillen en meldde dat het iets tegen had gehouden. Ik heb de Installatie gestopt. Toen ik het internet op wilde (downloaden van Adwarecleaner) logen de pop-ups ( mydial o.i.d.) al om de oren. Bovendien kwam er een vervelende en m.i. zeer verdachte opstartpagina. Zouden jullie ff willen kijken?
Dank
De logjes van Adwarecleaner en Mbam ( Rsit volgt zo)
# AdwCleaner v3.012 - Report created 16/11/2013 at 15:15:05
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : renateadelerhof - RENATE
# Running from : C:\Users\renateadelerhof\Downloads\adwcleaner(4).exe
# Option : Clean
***** *****
***** *****
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Users\renateadelerhof\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\renateadelerhof\AppData\Roaming\Mozilla\Firefox\Profiles\tmvakgli.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Deleted : C:\Users\renateadelerhof\AppData\Roaming\Mozilla\Firefox\Profiles\tmvakgli.default\Extensions\ffxtlbr@mysearchdial.com
File Deleted : C:\Users\renateadelerhof\AppData\Roaming\Mozilla\Firefox\Profiles\tmvakgli.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\renateadelerhof\AppData\Roaming\Mozilla\Firefox\Profiles\tmvakgli.default\user.js
File Deleted : C:\Windows\Tasks\MySearchDial.job
File Deleted : C:\Windows\System32\Tasks\MySearchDial
***** *****
***** *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\Vittalia
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
***** *****
-\\ Internet Explorer v10.0.9200.16537
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
-\\ Mozilla Firefox v25.0 (nl)
Line Deleted : user_pref(“browser.search.defaultenginename”, “Mysearchdial”);
Line Deleted : user_pref(“browser.search.order.1”, “Mysearchdial”);
Line Deleted : user_pref(“browser.search.selectedEngine”, “Mysearchdial”);
Line Deleted : user_pref(“browser.startup.homepage”, "hxxp://start.mysearchdial.com/?f=1&a=irmsd103aw&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyBtDzy0E0EtBtB0C0FzytN0D0Tzu0SyCzzyCtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P
Line Deleted : user_pref(“extensions.enabledAddons”, "wrc%40avast.com:8.0.1497,%7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4,%7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3,ffxtlbr%40mysearchdial.com:1.6.0,%7B97
Line Deleted : user_pref(“extensions.mysearchdial.aflt”, “irmsd103aw”);
Line Deleted : user_pref(“extensions.mysearchdial.appId”, “{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}”);
Line Deleted : user_pref(“extensions.mysearchdial.cd”, “2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyBtDzy0E0EtBtB0C0FzytN0D0Tzu0SyCzzyCtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R”);
Line Deleted : user_pref(“extensions.mysearchdial.cntry”, “NL”);
Line Deleted : user_pref(“extensions.mysearchdial.cr”, “632595525”);
Line Deleted : user_pref(“extensions.mysearchdial.dfltLng”, “”);
Line Deleted : user_pref(“extensions.mysearchdial.dfltSrch”, true);
Line Deleted : user_pref(“extensions.mysearchdial.dnsErr”, true);
Line Deleted : user_pref(“extensions.mysearchdial.dpkLst”, "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285
Line Deleted : user_pref(“extensions.mysearchdial.excTlbr”, false);
Line Deleted : user_pref(“extensions.mysearchdial.hdrMd5”, “73660148BEA65CF438F25664DE948262”);
Line Deleted : user_pref(“extensions.mysearchdial.hmpg”, true);
Line Deleted : user_pref(“extensions.mysearchdial.hmpgUrl”, "hxxp://start.mysearchdial.com/?f=1&a=irmsd103aw&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyBtDzy0E0EtBtB0C0FzytN0D0Tzu0SyCzzyCtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1Czut
Line Deleted : user_pref(“extensions.mysearchdial.id”, “DC85DE709EE22CF9”);
Line Deleted : user_pref(“extensions.mysearchdial.instlDay”, “16025”);
Line Deleted : user_pref(“extensions.mysearchdial.instlRef”, “”);
Line Deleted : user_pref(“extensions.mysearchdial.lastB”, "hxxp://start.mysearchdial.com/?f=1&a=irmsd103aw&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyBtDzy0E0EtBtB0C0FzytN0D0Tzu0SyCzzyCtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCt
Line Deleted : user_pref(“extensions.mysearchdial.lastVrsnTs”, “1.8.21.015:1:37”);
Line Deleted : user_pref(“extensions.mysearchdial.newTabUrl”, "hxxp://start.mysearchdial.com/?f=2&a=irmsd103aw&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyBtDzy0E0EtBtB0C0FzytN0D0Tzu0SyCzzyCtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1Cz
Line Deleted : user_pref(“extensions.mysearchdial.pnu_base”, “{\”newVrsn\“:\”85\“,\”lastVrsn\“:\”85\“,\”vrsnLoad\“:\”\“,\”showMsg\“:\”false\“,\”showSilent\“:\”false\“,\”msgTs\“:0,\”lstMsgTs\“:\”0\“}”);
Line Deleted : user_pref(“extensions.mysearchdial.prdct”, “mysearchdial”);
Line Deleted : user_pref(“extensions.mysearchdial.prtnrId”, “mysearchdial”);
Line Deleted : user_pref(“extensions.mysearchdial.sg”, “none”);
Line Deleted : user_pref(“extensions.mysearchdial.srchPrvdr”, “Mysearchdial”);
Line Deleted : user_pref(“extensions.mysearchdial.tlbrId”, “base”);
Line Deleted : user_pref(“extensions.mysearchdial.tlbrSrchUrl”, "hxxp://start.mysearchdial.com/?f=3&a=irmsd103aw&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyBtDzy0E0EtBtB0C0FzytN0D0Tzu0SyCzzyCtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1
Line Deleted : user_pref(“extensions.mysearchdial.vrsn”, “1.8.21.0”);
Line Deleted : user_pref(“extensions.mysearchdial.vrsni”, “1.8.21.0”);
Line Deleted : user_pref(“extensions.mysearchdial_i.hmpg”, true);
Line Deleted : user_pref(“extensions.mysearchdial_i.newTab”, false);
Line Deleted : user_pref(“extensions.mysearchdial_i.smplGrp”, “none”);
Line Deleted : user_pref(“extensions.mysearchdial_i.vrsnTs”, “1.8.21.015:1:37”);
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.11.16.03
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
renateadelerhof :: RENATE
16-11-2013 15:21:38
MBAM-log-2013-11-16 (16-29-44).txt
Scan type: Volledige scan (C:\|D:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 380777
Verstreken tijd: 58 minuut/minuten, 20 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 5
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Geen actie ondernomen.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Geen actie ondernomen.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Geen actie ondernomen.
HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Geen actie ondernomen.
HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Geen actie ondernomen.
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 8
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialApp.dll.vir (PUP.Optional.MySearchDial.A) -> Geen actie ondernomen.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll.vir (PUP.Optional.MySearchDial.A) -> Geen actie ondernomen.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialsrv.exe.vir (PUP.Optional.MySearchDial.A) -> Geen actie ondernomen.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll.vir (PUP.Optional.MySearchDial.A) -> Geen actie ondernomen.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll.vir (PUP.Optional.MySearchDial.A) -> Geen actie ondernomen.
C:\AdwCleaner\Quarantine\C\Users\renateadelerhof\AppData\Roaming\Mysearchdial\UpdateProc\UpdateTask.exe.vir (PUP.Optional.MySearchDial.A) -> Geen actie ondernomen.
C:\Users\renateadelerhof\Downloads\installer_openoffice_Dutch.exe (PUP.Optional.InstallCore.A) -> Geen actie ondernomen.
C:\Users\renateadelerhof\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Geen actie ondernomen.
(einde)
rudi

16-11-2013 16:51

Logfile of random's system information tool 1.09 (written by random/random)
Run by renateadelerhof at 2013-11-16 16:49:03
Microsoft Windows 8
System drive C: has 82 GB (67%) free of 122 GB
Total RAM: 3981 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:49:18, on 16-11-2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files\trend micro\renateadelerhof.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\WebStorage\2.0.4.229\ASUSWSLoader.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O11 - Options group: Accelerated graphics
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.4.229\AsusWSWinService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 8474 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
“dwm.exe”
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
“C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe”
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
“C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe”
“C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe”
“C:\Program Files\AVAST Software\Avast\AvastSvc.exe”
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe”
“C:\Program Files (x86)\ASUS\WebStorage\2.0.4.229\AsusWSWinService.exe”
dashost.exe {5641122d-a458-4114-bc98f12d7db87396}
“C:\Program Files\Intel\iCLS Client\HeciServer.exe”
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe”
“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe”
“C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe”
taskhostex.exe
“C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe”
“C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe”
“C:\Program Files\ASUS\P4G\BatteryLife.exe”
C:\Windows\Explorer.EXE
“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe”
“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
“C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe” -ServerName:Microsoft.WindowsLive.Platform.Server
C:\Windows\system32\wbem\wmiprvse.exe
“C:/Program Files/NVIDIA Corporation/Display/nvtray.exe” -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
KBFiltr.exe
“C:\Windows\System32\igfxtray.exe”
“C:\Windows\System32\hkcmd.exe”
“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe” -s
“C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe”
“C:\Program Files (x86)\ASUS\Splendid\ACMON.exe”
“C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe”
“C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe”
“C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe”
“C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe”
“C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui
“C:\Windows\SysWOW64\ACEngSvr.exe” -Embedding
“C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe”
“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
“C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe”
“C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe”
“C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe”
“C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe”
“C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe”
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe”
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe”
“C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe”
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe”
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
/S
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”
“C:\Windows\system32\SearchFilterHost.exe” 0 584 588 596 65536 592
taskhost.exe $(Arg0)
“C:\Users\renateadelerhof\Desktop\RSITx64.exe”
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
=========Mozilla firefox=========
ProfilePath - C:\Users\renateadelerhof\AppData\Roaming\Mozilla\Firefox\Profiles\tmvakgli.default
prefs.js - “keyword.URL” - “”
“Description”=Adobe® Flash® Player 11.9.900.152 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
“Description”=Intel IPT WebApi plugin
“Path”=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
“Description”=This plugin updates Intel WebAPI component
“Path”=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
“Description”=McAfee Mss Plugin
“Path”=C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
“Description”=Adobe® Flash® Player 11.9.900.152 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll
C:\Users\renateadelerhof\AppData\Roaming\Mozilla\Firefox\Profiles\tmvakgli.default\extensions\
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
======Registry dump======
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
“AuditSHD”=C:\windows\system32\oobe\auditshd.exe
“IgfxTray”=C:\Windows\system32\igfxtray.exe
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe
“RTHDVCPL”=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
“ACMON”=C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
“Adobe Reader Speed Launcher”=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“ASUSPRP”=C:\Program Files (x86)\ASUS\APRP\APRP.EXE
“RemoteControl10”=C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
“avast”=C:\Program Files\AVAST Software\Avast\avastUI.exe
“WebStorage”=C:\Program Files (x86)\ASUS\WebStorage\2.0.4.229\ASUSWSLoader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
“AppInit_DLLs”=“C:\Windows\system32\nvinitx.dll”
C:\Windows\system32\igfxdev.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“EnableUIADesktopToggle”=0
“EnableCursorSuppression”=1
“ConsentPromptBehaviorUser”=3
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“ForceActiveDesktopOn”=0
“NoActiveDesktopChanges”=1
“NoActiveDesktop”=1
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“VIDC.YUY2”=msyuv.dll
“vidc.i420”=iyuv_32.dll
“msacm.msgsm610”=msgsm32.acm
“msacm.msg711”=msg711.acm
“VIDC.YVYU”=msyuv.dll
“VIDC.YVU9”=tsbyuv.dll
“wavemapper”=msacm32.drv
“midimapper”=midimap.dll
“VIDC.UYVY”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.mrle”=msrle32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msadpcm”=msadp32.acm
“vidc.msvc”=msvidc32.dll
“MSVideo8”=VfWWDM32.dll
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
rudi

16-11-2013 16:51

======List of files/folders created in the last 1 month======
2013-11-16 16:49:03 —-D—- C:\rsit
2013-11-16 16:49:03 —-D—- C:\Program Files\trend micro
2013-11-16 16:31:52 —-A—- C:\Windows\system32\FNTCACHE.DAT
2013-11-16 16:13:51 —-D—- C:\Program Files (x86)\Mozilla Firefox
2013-11-16 15:19:48 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-11-16 15:04:25 —-D—- C:\Users\renateadelerhof\AppData\Roaming\0V1L2Z2Z1T1I1L1T
2013-11-14 15:17:51 —-A—- C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:17:49 —-A—- C:\Windows\system32\drivers\wfplwfs.sys
2013-11-14 15:17:49 —-A—- C:\Windows\system32\BFE.DLL
2013-11-14 15:17:47 —-A—- C:\Windows\SYSWOW64\gdi32.dll
2013-11-14 15:17:47 —-A—- C:\Windows\system32\gdi32.dll
2013-11-14 15:17:42 —-A—- C:\Windows\SYSWOW64\crypt32.dll
2013-11-14 15:17:42 —-A—- C:\Windows\system32\crypt32.dll
2013-11-14 15:17:09 —-A—- C:\Windows\system32\drivers\afd.sys
2013-11-14 15:16:47 —-A—- C:\Windows\system32\mshtml.dll
2013-11-14 15:16:42 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2013-11-14 15:16:38 —-A—- C:\Windows\system32\ieframe.dll
2013-11-14 15:16:37 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2013-11-14 15:16:37 —-A—- C:\Windows\system32\jscript9.dll
2013-11-14 15:16:35 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2013-11-14 15:16:34 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2013-11-14 15:16:34 —-A—- C:\Windows\system32\wininet.dll
2013-11-14 15:16:34 —-A—- C:\Windows\system32\urlmon.dll
2013-11-14 15:16:33 —-A—- C:\Windows\SYSWOW64\wininet.dll
2013-11-14 15:16:33 —-A—- C:\Windows\system32\iertutil.dll
2013-11-14 15:16:32 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2013-11-14 15:16:32 —-A—- C:\Windows\system32\msfeeds.dll
2013-11-14 15:16:31 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2013-11-14 15:16:30 —-A—- C:\Windows\SYSWOW64\jscript.dll
2013-11-14 15:16:30 —-A—- C:\Windows\system32\jscript.dll
2013-11-14 15:16:29 —-A—- C:\Windows\system32\ie4uinit.exe
2013-11-14 15:16:25 —-A—- C:\Windows\SYSWOW64\d3d11.dll
2013-11-14 15:16:25 —-A—- C:\Windows\system32\d3d11.dll
2013-11-14 15:16:13 —-A—- C:\Windows\SYSWOW64\authui.dll
2013-11-14 15:16:13 —-A—- C:\Windows\system32\authui.dll
2013-11-14 15:16:07 —-A—- C:\Windows\SYSWOW64\schannel.dll
2013-11-14 15:16:07 —-A—- C:\Windows\system32\schannel.dll
2013-11-14 15:15:56 —-A—- C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-14 15:15:54 —-A—- C:\Windows\SYSWOW64\Windows.UI.Xaml.dll
2013-11-14 15:15:53 —-A—- C:\Windows\SYSWOW64\UIAutomationCore.dll
2013-11-14 15:15:53 —-A—- C:\Windows\system32\wuaueng.dll
2013-11-14 15:15:53 —-A—- C:\Windows\system32\UIAutomationCore.dll
2013-11-14 15:15:52 —-A—- C:\Windows\system32\wuapi.dll
2013-11-14 15:15:51 —-A—- C:\Windows\system32\ubpm.dll
2013-11-14 15:15:51 —-A—- C:\Windows\system32\drivers\tpm.sys
2013-11-14 15:15:50 —-A—- C:\Windows\SYSWOW64\wuapi.dll
2013-11-14 15:15:50 —-A—- C:\Windows\system32\drivers\fvevol.sys
2013-11-14 15:15:49 —-A—- C:\Windows\SYSWOW64\ubpm.dll
2013-11-14 15:15:49 —-A—- C:\Windows\system32\wucltux.dll
2013-11-14 15:15:49 —-A—- C:\Windows\system32\kerberos.dll
2013-11-14 15:15:48 —-A—- C:\Windows\system32\WUSettingsProvider.dll
2013-11-14 15:15:48 —-A—- C:\Windows\system32\WSDApi.dll
2013-11-14 15:15:48 —-A—- C:\Windows\system32\drivers\crashdmp.sys
2013-11-14 15:15:47 —-A—- C:\Windows\SYSWOW64\WSDApi.dll
2013-11-14 15:15:47 —-A—- C:\Windows\system32\wuauclt.exe
2013-11-14 15:15:45 —-A—- C:\Windows\SYSWOW64\kerberos.dll
2013-11-14 15:15:44 —-A—- C:\Windows\SYSWOW64\wudriver.dll
2013-11-14 15:15:44 —-A—- C:\Windows\system32\wuwebv.dll
2013-11-14 15:15:43 —-A—- C:\Windows\system32\wudriver.dll
2013-11-14 15:15:43 —-A—- C:\Windows\system32\storewuauth.dll
2013-11-14 15:15:40 —-A—- C:\Windows\SYSWOW64\wuwebv.dll
2013-11-14 15:15:40 —-A—- C:\Windows\SYSWOW64\wuapp.exe
2013-11-14 15:15:39 —-A—- C:\Windows\system32\wuapp.exe
2013-10-27 18:20:16 —-D—- C:\Users\renateadelerhof\AppData\Roaming\Garmin
2013-10-20 11:36:07 —-D—- C:\Users\renateadelerhof\AppData\Roaming\WebStorage
2013-10-20 11:35:57 —-D—- C:\ProgramData\WebStorage
2013-10-17 16:52:26 —-D—- C:\Program Files (x86)\Canon
2013-10-17 16:52:20 —-D—- C:\Program Files\Canon
======List of files/folders modified in the last 1 month======
2013-11-16 16:49:11 —-D—- C:\Windows\Prefetch
2013-11-16 16:49:03 —-RD—- C:\Program Files
2013-11-16 16:38:34 —-D—- C:\Windows\system32\sru
2013-11-16 16:37:03 —-RD—- C:\Windows\System32
2013-11-16 16:37:03 —-D—- C:\Windows\Inf
2013-11-16 16:37:03 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-11-16 16:34:49 —-A—- C:\Windows\SYSWOW64\log.txt
2013-11-16 16:33:54 —-D—- C:\Windows\Temp
2013-11-16 16:33:54 —-D—- C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 16:33:50 —-RD—- C:\Program Files (x86)
2013-11-16 16:31:33 —-D—- C:\Windows
2013-11-16 15:22:55 —-D—- C:\Windows\system32\config
2013-11-16 15:19:51 —-D—- C:\Windows\WinSxS
2013-11-16 15:19:48 —-D—- C:\Windows\SysWOW64
2013-11-16 15:16:14 —-D—- C:\Windows\system32\Drivers
2013-11-16 15:16:07 —-D—- C:\Windows\WinStore
2013-11-16 15:16:01 —-RSD—- C:\Windows\Fonts
2013-11-16 15:15:57 —-D—- C:\Windows\SYSWOW64\nl-NL
2013-11-16 15:15:57 —-D—- C:\Windows\system32\nl-NL
2013-11-16 15:15:48 —-D—- C:\Program Files\Internet Explorer
2013-11-16 15:15:48 —-D—- C:\Program Files (x86)\Internet Explorer
2013-11-16 15:15:40 —-RD—- C:\Windows\ToastData
2013-11-16 15:15:34 —-D—- C:\Windows\system32\DriverStore
2013-11-16 15:15:25 —-D—- C:\Windows\SoftwareDistribution
2013-11-16 15:15:14 —-D—- C:\AdwCleaner
2013-11-16 15:15:11 —-D—- C:\Windows\Tasks
2013-11-16 15:15:11 —-D—- C:\Windows\system32\Tasks
2013-11-16 14:59:25 —-D—- C:\Windows\debug
2013-11-16 14:54:31 —-AD—- C:\ProgramData\Temp
2013-11-16 14:54:24 —-D—- C:\Program Files (x86)\SpywareBlaster
2013-11-16 03:01:19 —-D—- C:\Windows\CbsTemp
2013-11-16 03:00:19 —-D—- C:\Windows\Microsoft.NET
2013-11-14 17:20:21 —-D—- C:\Windows\system32\MRT
2013-11-14 17:19:01 —-A—- C:\Windows\system32\MRT.exe
2013-11-14 17:17:26 —-SHD—- C:\System Volume Information
2013-11-14 15:15:20 —-D—- C:\Windows\system32\catroot2
2013-11-12 11:57:16 —-D—- C:\Windows\AUInstallAgent
2013-11-12 11:56:14 —-HD—- C:\Program Files\WindowsApps
2013-11-09 15:28:44 —-D—- C:\Program Files\CCleaner
2013-11-05 13:05:25 —-HD—- C:\ProgramData
2013-10-26 17:37:07 —-D—- C:\Windows\system32\drivers\UMDF
2013-10-24 15:34:55 —-D—- C:\Windows\system32\FxsTmp
2013-10-20 11:35:54 —-D—- C:\Program Files (x86)\Common Files
2013-10-20 11:35:45 —-D—- C:\Program Files (x86)\ASUS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ACPI;@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver; C:\Windows\System32\drivers\ACPI.sys
R0 acpiex;Microsoft ACPIEx Driver; C:\Windows\System32\Drivers\acpiex.sys
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys
R0 CLFS;@%SystemRoot%\system32\drivers\clfs.sys,-100; C:\Windows\System32\drivers\CLFS.sys
R0 CNG;CNG; C:\Windows\System32\Drivers\cng.sys
R0 disk;@disk.inf,%disk_ServiceDesc%;Disk Driver; C:\Windows\System32\drivers\disk.sys
R0 EhStorClass;@%SystemRoot%\system32\drivers\EhStorClass.sys,-100; C:\Windows\System32\drivers\EhStorClass.sys
R0 FileInfo;@%SystemRoot%\system32\drivers\fileinfo.sys,-100; C:\Windows\System32\drivers\fileinfo.sys
R0 FltMgr;@%SystemRoot%\system32\drivers\fltmgr.sys,-10001; C:\Windows\system32\drivers\fltmgr.sys
R0 fvevol;@%SystemRoot%\system32\drivers\fvevol.sys,-100; C:\Windows\System32\DRIVERS\fvevol.sys
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys
R0 KSecDD;KSecDD; C:\Windows\System32\Drivers\ksecdd.sys
R0 KSecPkg;KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys
R0 mountmgr;@%SystemRoot%\system32\drivers\mountmgr.sys,-100; C:\Windows\System32\drivers\mountmgr.sys
R0 msisadrv;msisadrv; C:\Windows\System32\drivers\msisadrv.sys
R0 Mup;@%systemroot%\system32\drivers\mup.sys,-101; C:\Windows\System32\Drivers\mup.sys
R0 NDIS;@%SystemRoot%\system32\drivers\ndis.sys,-200; C:\Windows\system32\drivers\ndis.sys
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys
R0 partmgr;@%SystemRoot%\system32\drivers\partmgr.sys,-100; C:\Windows\System32\drivers\partmgr.sys
R0 pci;@machine.inf,%pci_svcdesc%;PCI Bus Driver; C:\Windows\System32\drivers\pci.sys
R0 pcw;Performance Counters for Windows Driver; C:\Windows\System32\drivers\pcw.sys
R0 pdc;@%SystemRoot%\system32\drivers\pdc.sys,-100; C:\Windows\system32\drivers\pdc.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R0 spaceport;@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver; C:\Windows\System32\drivers\spaceport.sys
R0 Tcpip;@%SystemRoot%\system32\tcpipcfg.dll,-50003; C:\Windows\System32\drivers\tcpip.sys
R0 vdrvroot;@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator; C:\Windows\System32\drivers\vdrvroot.sys
R0 volmgr;@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver; C:\Windows\System32\drivers\volmgr.sys
R0 volmgrx;@%SystemRoot%\system32\drivers\volmgrx.sys,-100; C:\Windows\System32\drivers\volmgrx.sys
R0 volsnap;@volume.inf,%VolumeClassName%;Storage volumes; C:\Windows\System32\drivers\volsnap.sys
R0 Wdf01000;@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000; C:\Windows\system32\drivers\Wdf01000.sys
R0 WFPLWFS;@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000; C:\Windows\system32\DRIVERS\wfplwfs.sys
R1 AFD;@%systemroot%\system32\drivers\afd.sys,-1000; C:\Windows\system32\drivers\afd.sys
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
R1 BasicDisplay;BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys
R1 BasicRender;BasicRender; C:\Windows\System32\drivers\BasicRender.sys
R1 Beep;Beep; C:\Windows\system32\drivers\Beep.sys
R1 cdrom;@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver; C:\Windows\System32\drivers\cdrom.sys
R1 Dfsc;@%systemroot%\system32\wkssvc.dll,-1008; C:\Windows\System32\Drivers\dfsc.sys
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys
R1 Msfs;Msfs; C:\Windows\system32\drivers\Msfs.sys
R1 mssmbios;@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver; C:\Windows\System32\drivers\mssmbios.sys
R1 NetBIOS;@netnb.inf,%NetBIOS_Desc%;NetBIOS Interface; C:\Windows\system32\DRIVERS\netbios.sys
R1 NetBT;@%SystemRoot%\system32\drivers\netbt.sys,-2; C:\Windows\System32\DRIVERS\netbt.sys
R1 Npfs;Npfs; C:\Windows\system32\drivers\Npfs.sys
R1 npsvctrig;@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider; C:\Windows\System32\drivers\npsvctrig.sys
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys
R1 Null;Null; C:\Windows\system32\drivers\Null.sys
R1 Psched;@%SystemRoot%\System32\drivers\pacer.sys,-101; C:\Windows\system32\DRIVERS\pacer.sys
R1 rdbss;@%systemroot%\system32\wkssvc.dll,-1000; C:\Windows\system32\DRIVERS\rdbss.sys
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys
R2 lltdio;@%SystemRoot%\system32\lltdres.dll,-6; C:\Windows\system32\DRIVERS\lltdio.sys
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys
R2 NativeWifiP;@%SystemRoot%\System32\drivers\nwifi.sys,-101; C:\Windows\system32\DRIVERS\nwifi.sys
R2 Ndu;@%SystemRoot%\system32\drivers\Ndu.sys,-10001; C:\Windows\system32\drivers\Ndu.sys
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys
R2 rspndr;@%SystemRoot%\system32\lltdres.dll,-5; C:\Windows\system32\DRIVERS\rspndr.sys
R2 secdrv;Security Driver; C:\Windows\system32\drivers\secdrv.sys
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys
R3 AiCharger;ASUS Charger Driver; C:\Windows\system32\DRIVERS\AiCharger.sys
R3 athr;@oem18.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athw8x.sys
R3 ATP;@oem9.inf,%PS2.DeviceDesc%;ASUS PS/2 Port Input Device; C:\Windows\System32\drivers\AsusTP.sys
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys
R3 CmBatt;@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver; C:\Windows\System32\drivers\CmBatt.sys
R3 CompositeBus;@CompositeBus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver; C:\Windows\System32\drivers\CompositeBus.sys
R3 condrv;Console Driver; C:\Windows\System32\drivers\condrv.sys
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys
R3 fastfat;FAT12/16/32 File System Driver; C:\Windows\system32\drivers\fastfat.sys
R3 HDAudBus;@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\System32\drivers\HDAudBus.sys
R3 HIDSwitch;@oem17.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\Windows\System32\drivers\AsHIDSwitch64.sys
R3 HidUsb;@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver; C:\Windows\System32\drivers\hidusb.sys
R3 HTTP;@%SystemRoot%\system32\drivers\http.sys,-1; C:\Windows\system32\drivers\HTTP.sys
R3 i8042prt;@msmouse.inf,%i8042prt.SvcDesc%;Stuurprogramma voor PS/2-toetsenbord en -muispoort; C:\Windows\System32\drivers\i8042prt.sys
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 IntcDAud;@oem6.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys
R3 intelppm;@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver; C:\Windows\System32\drivers\intelppm.sys
R3 kbdclass;@keyboard.inf,%kbdclass.SvcDesc%;Stuurprogramma voor verschillende toetsenbordtypen; C:\Windows\System32\drivers\kbdclass.sys
R3 kbfiltr;@oem14.inf,%kbfiltr.SvcDesc%;Keyboard Filter; C:\Windows\System32\drivers\kbfiltr.sys
R3 kdnic;@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20); C:\Windows\system32\DRIVERS\kdnic.sys
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys
R3 MEIx64;@oem4.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys
R3 monitor;@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service; C:\Windows\System32\drivers\monitor.sys
R3 mouclass;@msmouse.inf,%mouclass.SvcDesc%;Stuurprogramma voor muistypen; C:\Windows\System32\drivers\mouclass.sys
R3 mouhid;@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver; C:\Windows\System32\drivers\mouhid.sys
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys
R3 mrxsmb;@%systemroot%\system32\wkssvc.dll,-1002; C:\Windows\system32\DRIVERS\mrxsmb.sys
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys
R3 NdisTapi;@%systemroot%\system32\rascfg.dll,-32001; C:\Windows\system32\DRIVERS\ndistapi.sys
R3 Ndisuio;@ndisuio.inf,%NDISUIO_Desc%;NDIS Usermode I/O Protocol; C:\Windows\system32\DRIVERS\ndisuio.sys
R3 NdisWan;@%systemroot%\system32\rascfg.dll,-32002; C:\Windows\system32\DRIVERS\ndiswan.sys
R3 NDProxy;NDIS Proxy; C:\Windows\system32\drivers\NDProxy.sys
R3 Ntfs;Ntfs; C:\Windows\system32\drivers\Ntfs.sys
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 PptpMiniport;@%systemroot%\system32\rascfg.dll,-32006; C:\Windows\system32\DRIVERS\raspptp.sys
R3 RasAgileVpn;@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys
R3 Rasl2tp;@%systemroot%\system32\rascfg.dll,-32005; C:\Windows\system32\DRIVERS\rasl2tp.sys
R3 RasPppoe;@%systemroot%\system32\rascfg.dll,-32007; C:\Windows\system32\DRIVERS\raspppoe.sys
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys
R3 rdpbus;@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver; C:\Windows\System32\drivers\rdpbus.sys
R3 RSBASTOR;@oem11.inf,%Rts5208%;Realtek PCIE CardReader Driver - BA; C:\Windows\system32\DRIVERS\RtsBaStor.sys
R3 RTL8168;@oem12.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys
R3 srv;@%systemroot%\system32\srvsvc.dll,-102; C:\Windows\System32\DRIVERS\srv.sys
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys
R3 swenum;@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver; C:\Windows\System32\drivers\swenum.sys
R3 tunnel;@nettun.inf,%TUNNEL.Service.DisplayName%;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys
R3 UCX01000;USB Controller Extension; C:\Windows\System32\drivers\ucx01000.sys
R3 umbus;@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver; C:\Windows\System32\drivers\umbus.sys
R3 usbccgp;@usb.inf,%GenericParent.SvcDesc%;Microsoft USB Generic Parent Driver; C:\Windows\System32\drivers\usbccgp.sys
R3 usbehci;@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\System32\drivers\usbehci.sys
R3 usbhub;@usbport.inf,%ROOTHUB.SvcDesc%;Stuurprogramma voor Microsoft USB Standaard-hub; C:\Windows\System32\drivers\usbhub.sys
R3 USBHUB3;@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub; C:\Windows\System32\drivers\UsbHub3.sys
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys
R3 USBXHCI;@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller; C:\Windows\System32\drivers\USBXHCI.SYS
R3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys
R3 WmiAcpi;@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI; C:\Windows\System32\drivers\wmiacpi.sys
S0 3ware;3ware; C:\Windows\System32\drivers\3ware.sys
S0 adp94xx;adp94xx; C:\Windows\System32\drivers\adp94xx.sys
S0 adpahci;adpahci; C:\Windows\System32\drivers\adpahci.sys
S0 adpu320;adpu320; C:\Windows\System32\drivers\adpu320.sys
S0 agp440;@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter; C:\Windows\System32\drivers\agp440.sys
S0 amdsata;amdsata; C:\Windows\System32\drivers\amdsata.sys
S0 amdsbs;amdsbs; C:\Windows\System32\drivers\amdsbs.sys
S0 amdxata;amdxata; C:\Windows\System32\drivers\amdxata.sys
S0 arc;arc; C:\Windows\System32\drivers\arc.sys
S0 arcsas;@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Windows Inbox Miniport Driver; C:\Windows\System32\drivers\arcsas.sys
S0 atapi;@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel; C:\Windows\System32\drivers\atapi.sys
S0 b06bdrv;@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD; C:\Windows\System32\drivers\bxvbda.sys
S0 ebdrv;@netevbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\System32\drivers\evbda.sys
S0 EhStorTcgDrv;@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols; C:\Windows\System32\drivers\EhStorTcgDrv.sys
S0 gagp30kx;@agp.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\System32\drivers\gagp30kx.sys
S0 HpSAMD;HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys
S0 hwpolicy;@%systemroot%\system32\drivers\hwpolicy.sys,-101; C:\Windows\System32\drivers\hwpolicy.sys
S0 iaStorV;@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7; C:\Windows\System32\drivers\iaStorV.sys
S0 iirsp;iirsp; C:\Windows\System32\drivers\iirsp.sys
S0 intelide;intelide; C:\Windows\System32\drivers\intelide.sys
S0 isapnp;isapnp; C:\Windows\System32\drivers\isapnp.sys
S0 LSI_SAS;LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys
S0 LSI_SAS2;LSI_SAS2; C:\Windows\System32\drivers\lsi_sas2.sys
S0 LSI_SCSI;LSI_SCSI; C:\Windows\System32\drivers\lsi_scsi.sys
S0 LSI_SSS;LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys
S0 megasas;megasas; C:\Windows\System32\drivers\megasas.sys
S0 MegaSR;MegaSR; C:\Windows\System32\drivers\MegaSR.sys
S0 mvumis;mvumis; C:\Windows\System32\drivers\mvumis.sys
S0 nfrd960;nfrd960; C:\Windows\System32\drivers\nfrd960.sys
S0 nv_agp;@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter; C:\Windows\System32\drivers\nv_agp.sys
S0 nvraid;nvraid; C:\Windows\System32\drivers\nvraid.sys
S0 nvstor;nvstor; C:\Windows\System32\drivers\nvstor.sys
S0 pciide;pciide; C:\Windows\System32\drivers\pciide.sys
S0 pcmcia;pcmcia; C:\Windows\System32\drivers\pcmcia.sys
S0 sbp2port;@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver; C:\Windows\System32\drivers\sbp2port.sys
S0 SiSRaid2;SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys
S0 SiSRaid4;SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys
S0 stexstor;stexstor; C:\Windows\System32\drivers\stexstor.sys
S0 storahci;@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver; C:\Windows\System32\drivers\storahci.sys
S0 storflt;@%SystemRoot%\system32\vmstorfltres.dll,-1000; C:\Windows\system32\DRIVERS\vmstorfl.sys
S0 storvsc;storvsc; C:\Windows\System32\drivers\storvsc.sys
S0 uagp35;@agp.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter; C:\Windows\System32\drivers\uagp35.sys
S0 uliagpkx;@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter; C:\Windows\System32\drivers\uliagpkx.sys
S0 viaide;viaide; C:\Windows\System32\drivers\viaide.sys
S0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\System32\drivers\vmbus.sys
S0 vsmraid;vsmraid; C:\Windows\System32\drivers\vsmraid.sys
S0 VSTXRAID;@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage Controller Windows Driver; C:\Windows\System32\drivers\vstxraid.sys
S0 Wd;@wd.inf,%WdServiceDisplayName%;Microsoft Watchdog Timer Driver; C:\Windows\System32\drivers\wd.sys
S1 dam;@%SystemRoot%\system32\drivers\dam.sys,-100; C:\Windows\system32\drivers\dam.sys
S3 1394ohci;@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller; C:\Windows\System32\drivers\1394ohci.sys
S3 acpipagr;@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver; C:\Windows\System32\drivers\acpipagr.sys
S3 AcpiPmi;@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver; C:\Windows\System32\drivers\acpipmi.sys
S3 acpitime;@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver; C:\Windows\System32\drivers\acpitime.sys
S3 AgereSoftModem;@mdmags64.inf,%FullProductName%;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys
S3 AmdK8;@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver; C:\Windows\System32\drivers\amdk8.sys
S3 AmdPPM;@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver; C:\Windows\System32\drivers\amdppm.sys
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys
S3 AsyncMac;@%systemroot%\system32\rascfg.dll,-32000; C:\Windows\system32\DRIVERS\asyncmac.sys
S3 BthAvrcpTg;@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID; C:\Windows\System32\drivers\BthAvrcpTg.sys
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys
S3 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\Windows\System32\drivers\bthhfenum.sys
S3 bthhfhid;@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID; C:\Windows\System32\drivers\BthHFHid.sys
S3 BTHMODEM;@bthspp.inf,%BthSerial.DisplayName%;Bluetooth Serial Communications Driver; C:\Windows\System32\drivers\bthmodem.sys
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys
S3 circlass;@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices; C:\Windows\System32\drivers\circlass.sys
S3 dmvsc;dmvsc; C:\Windows\System32\drivers\dmvsc.sys
S3 drmkaud;@wdmaudio.inf,%drmkaud.SvcDesc%;Microsoft Trusted Audio Drivers; C:\Windows\system32\drivers\drmkaud.sys
S3 e1iexpress;@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\system32\DRIVERS\e1i63x64.sys
S3 ErrDev;@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver; C:\Windows\System32\drivers\errdev.sys
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys
S3 fdc;@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver; C:\Windows\System32\drivers\fdc.sys
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys
S3 flpydisk;@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver; C:\Windows\System32\drivers\flpydisk.sys
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys
S3 FxPPM;@cpu.inf,%FxPPM.SvcDesc%;Power Framework Processor Driver; C:\Windows\System32\drivers\fxppm.sys
S3 gencounter;@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter; C:\Windows\System32\drivers\vmgencounter.sys
S3 GPIOClx0101;Microsoft GPIO Class Extension Driver; C:\Windows\System32\Drivers\msgpioclx.sys
S3 HdAudAddService;@hdaudio.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys
S3 HidBatt;@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver; C:\Windows\System32\drivers\HidBatt.sys
S3 HidBth;@hidbth.inf,%HIDBTH.SvcDesc%;Microsoft Bluetooth HID Miniport; C:\Windows\System32\drivers\hidbth.sys
S3 hidi2c;@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver; C:\Windows\System32\drivers\hidi2c.sys
S3 HidIr;@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver; C:\Windows\System32\drivers\hidir.sys
S3 hyperkbd;hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys
S3 HyperVideo;HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys
S3 IpFilterDriver;@%systemroot%\system32\rascfg.dll,-32013; C:\Windows\system32\DRIVERS\ipfltdrv.sys
S3 IPMIDRV;IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys
S3 IPNAT;IP Network Address Translator; C:\Windows\System32\drivers\ipnat.sys
S3 IRENUM;@%SystemRoot%\system32\drivers\irenum.sys,-100; C:\Windows\system32\drivers\irenum.sys
S3 iScsiPrt;@iscsi.inf,%iScsiPortName%;iScsiPort Driver; C:\Windows\System32\drivers\msiscsi.sys
S3 kbdhid;@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver; C:\Windows\System32\drivers\kbdhid.sys
S3 Modem;Modem; C:\Windows\system32\drivers\modem.sys
S3 MRxDAV;@%systemroot%\system32\webclnt.dll,-104; C:\Windows\system32\drivers\mrxdav.sys
S3 MsBridge;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys
S3 msgpiowin32;@msgpiowin32.inf,%GPIO.SvcDesc%;GPIO Buttons Driver; C:\Windows\System32\drivers\msgpiowin32.sys
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys
S3 mshidumdf;@%SystemRoot%\system32\drivers\mshidumdf.sys,-100; C:\Windows\System32\drivers\mshidumdf.sys
S3 MSKSSRV;@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys
S3 MsLldp;@C:\Windows\system32\DRIVERS\mslldp.sys,-200; C:\Windows\system32\DRIVERS\mslldp.sys
S3 MSPCLOCK;@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys
S3 MSPQM;@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys
S3 MSTEE;@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys
S3 MTConfig;@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver; C:\Windows\System32\drivers\MTConfig.sys
S3 NdisCap;@%SystemRoot%\System32\drivers\ndiscap.sys,-5000; C:\Windows\system32\DRIVERS\ndiscap.sys
S3 NdisImPlatform;@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501; C:\Windows\system32\DRIVERS\NdisImPlatform.sys
S3 NDISWANLEGACY;@%systemroot%\system32\rascfg.dll,-32014; C:\Windows\system32\DRIVERS\ndiswan.sys
S3 NETwNs64;@netwns64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys
S3 Parport;@msports.inf,%Parport.SVCDESC%;Parallel port driver; C:\Windows\System32\drivers\parport.sys
S3 Processor;@cpu.inf,%Processor.SvcDesc%;Processor Driver; C:\Windows\System32\drivers\processr.sys
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys
S3 RasAcd;Remote Access Auto Connection Driver; C:\Windows\System32\DRIVERS\rasacd.sys
S3 RDPDR;@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100; C:\Windows\System32\drivers\rdpdr.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 RDPWD;RDP Winstation Driver; C:\Windows\system32\drivers\RDPWD.sys
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys
S3 s3cap;s3cap; C:\Windows\System32\drivers\vms3cap.sys
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys
S3 sdbus;sdbus; C:\Windows\System32\drivers\sdbus.sys
S3 sdstor;@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver; C:\Windows\System32\drivers\sdstor.sys
S3 SerCx;Serial UART Support Library; C:\Windows\system32\drivers\SerCx.sys
S3 Serenum;@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver; C:\Windows\System32\drivers\serenum.sys
S3 Serial;@msports.inf,%Serial.SVCDESC%;Serial port driver; C:\Windows\System32\drivers\serial.sys
S3 sermouse;@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver; C:\Windows\System32\drivers\sermouse.sys
S3 sfloppy;@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive; C:\Windows\System32\drivers\sfloppy.sys
S3 SpbCx;Simple Peripheral Bus Support Library; C:\Windows\system32\drivers\SpbCx.sys
S3 TCPIP6;@netip6.inf,%MS_TCPIP6.TCPIP6.ServiceDescription%;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys
S3 terminpt;@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver; C:\Windows\System32\drivers\terminpt.sys
S3 TPM;@tpm.inf,%TPM%;TPM; C:\Windows\system32\drivers\tpm.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 TsUsbGD;@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device; C:\Windows\System32\drivers\TsUsbGD.sys
S3 UASPStor;@uaspstor.inf,%UASPortName%;USB Attached SCSI (UAS) Driver; C:\Windows\System32\drivers\uaspstor.sys
S3 UmPass;@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver; C:\Windows\System32\drivers\umpass.sys
S3 usbcir;@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR); C:\Windows\System32\drivers\usbcir.sys
S3 usbohci;@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\System32\drivers\usbohci.sys
S3 usbprint;@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class; C:\Windows\System32\drivers\usbprint.sys
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S3 USBSTOR;@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver; C:\Windows\System32\drivers\USBSTOR.SYS
S3 usbuhci;@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\System32\drivers\usbuhci.sys
S3 VerifierExt;@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000; C:\Windows\system32\drivers\VerifierExt.sys
S3 vhdmp;vhdmp; C:\Windows\System32\drivers\vhdmp.sys
S3 VMBusHID;VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys
S3 vpci;@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus; C:\Windows\System32\drivers\vpci.sys
S3 WacomPen;@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver; C:\Windows\System32\drivers\wacompen.sys
S3 Wanarp;@%systemroot%\system32\rascfg.dll,-32011; C:\Windows\system32\DRIVERS\wanarp.sys
S3 WdBoot;@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390; C:\Windows\system32\drivers\WdBoot.sys
S3 WdFilter;@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330; C:\Windows\system32\drivers\WdFilter.sys
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys
S3 WinUsb;@WUDFUsbccidDriver.inf,%WinUsb_Service_DisplayName%;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys
S4 cdfs;CD/DVD File System Reader; C:\Windows\system32\DRIVERS\cdfs.sys
S4 udfs;udfs; C:\Windows\system32\DRIVERS\udfs.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
R2 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.4.229\AsusWSWinService.exe
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
R2 AudioEndpointBuilder;@%SystemRoot%\system32\AudioEndpointBuilder.dll,-204; C:\Windows\System32\svchost.exe
R2 Audiosrv;@%SystemRoot%\system32\audiosrv.dll,-200; C:\Windows\System32\svchost.exe
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe
R2 BITS;@%SystemRoot%\system32\qmgr.dll,-1000; C:\Windows\System32\svchost.exe
R2 BrokerInfrastructure;@%windir%\system32\bisrv.dll,-100; C:\Windows\system32\svchost.exe
R2 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe
R2 CryptSvc;@%SystemRoot%\system32\cryptsvc.dll,-1001; C:\Windows\system32\svchost.exe
R2 DcomLaunch;@combase.dll,-5012; C:\Windows\system32\svchost.exe
R2 DeviceAssociationService;@%SystemRoot%\system32\das.dll,-100; C:\Windows\system32\svchost.exe
R2 Dhcp;@%SystemRoot%\system32\dhcpcore.dll,-100; C:\Windows\system32\svchost.exe
R2 Dnscache;@%SystemRoot%\System32\dnsapi.dll,-101; C:\Windows\system32\svchost.exe
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe
R2 EventLog;@%SystemRoot%\system32\wevtsvc.dll,-200; C:\Windows\System32\svchost.exe
R2 EventSystem;@comres.dll,-2450; C:\Windows\system32\svchost.exe
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
R2 LanmanServer;@%systemroot%\system32\srvsvc.dll,-100; C:\Windows\system32\svchost.exe
R2 LanmanWorkstation;@%systemroot%\system32\wkssvc.dll,-100; C:\Windows\System32\svchost.exe
R2 lmhosts;@%SystemRoot%\system32\lmhsvc.dll,-101; C:\Windows\system32\svchost.exe
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
R2 LSM;@%windir%\system32\lsm.dll,-1001; C:\Windows\system32\svchost.exe
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
R2 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe
R2 RpcSs;@combase.dll,-5010; C:\Windows\system32\svchost.exe
R2 SamSs;@%SystemRoot%\system32\samsrv.dll,-1; C:\Windows\system32\lsass.exe
R2 Schedule;@%SystemRoot%\system32\schedsvc.dll,-100; C:\Windows\system32\svchost.exe
R2 SENS;@%SystemRoot%\system32\Sens.dll,-200; C:\Windows\system32\svchost.exe
R2 ShellHWDetection;@%SystemRoot%\System32\shsvcs.dll,-12288; C:\Windows\System32\svchost.exe
R2 Spooler;@%systemroot%\system32\spoolsv.exe,-1; C:\Windows\System32\spoolsv.exe
R2 stisvc;@%SystemRoot%\system32\wiaservc.dll,-9; C:\Windows\system32\svchost.exe
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe
R2 Themes;@%SystemRoot%\System32\themeservice.dll,-8192; C:\Windows\System32\svchost.exe
R2 TrkWks;@%SystemRoot%\system32\trkwks.dll,-1; C:\Windows\System32\svchost.exe
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
R2 Wcmsvc;@%SystemRoot%\System32\wcmsvc.dll,-4097; C:\Windows\system32\svchost.exe
R2 Winmgmt;@%Systemroot%\system32\wbem\wmisvc.dll,-205; C:\Windows\system32\svchost.exe
R2 WlanSvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe
R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe
R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe
R3 Browser;@%systemroot%\system32\browser.dll,-100; C:\Windows\System32\svchost.exe
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe
R3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe
R3 hidserv;@%SystemRoot%\System32\hidserv.dll,-101; C:\Windows\system32\svchost.exe
R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe
R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe
R3 NcdAutoSetup;@%SystemRoot%\system32\NcdAutoSetup.dll,-100; C:\Windows\System32\svchost.exe
R3 Netman;@%SystemRoot%\system32\netman.dll,-109; C:\Windows\System32\svchost.exe
R3 netprofm;@%SystemRoot%\system32\netprofmsvc.dll,-202; C:\Windows\System32\svchost.exe
R3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe
R3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe
R3 PlugPlay;@%SystemRoot%\system32\umpnpmgr.dll,-200; C:\Windows\system32\svchost.exe
R3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe
R3 SSDPSRV;@%systemroot%\system32\ssdpsrv.dll,-100; C:\Windows\system32\svchost.exe
R3 SystemEventsBroker;@%windir%\system32\SystemEventsBrokerServer.dll,-1001; C:\Windows\system32\svchost.exe
R3 TimeBroker;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\Windows\system32\svchost.exe
R3 upnphost;@%systemroot%\system32\upnphost.dll,-213; C:\Windows\system32\svchost.exe
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe
R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe
R3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe
R3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe
S2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe
S2 SCardSvr;@%SystemRoot%\System32\SCardSvr.dll,-1; C:\Windows\system32\svchost.exe
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 ALG;@%SystemRoot%\system32\Alg.exe,-112; C:\Windows\System32\alg.exe
S3 AllUserInstallAgent;@%SystemRoot%\System32\AUInstallAgent.dll,-101; C:\Windows\System32\svchost.exe
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe
S3 COMSysApp;@comres.dll,-947; C:\Windows\system32\dllhost.exe
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe
S3 DeviceInstall;@%SystemRoot%\system32\umpnpmgr.dll,-100; C:\Windows\system32\svchost.exe
S3 dot3svc;@%systemroot%\system32\dot3svc.dll,-1102; C:\Windows\system32\svchost.exe
S3 DsmSvc;@%SystemRoot%\system32\DeviceSetupManager.dll,-1000; C:\Windows\system32\svchost.exe
S3 Eaphost;@%systemroot%\system32\eapsvc.dll,-1; C:\Windows\System32\svchost.exe
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe
S3 fhsvc;@%systemroot%\system32\fhsvc.dll,-101; C:\Windows\system32\svchost.exe
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 hkmsvc;@%SystemRoot%\system32\kmsvc.dll,-6; C:\Windows\System32\svchost.exe
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 MSDTC;@comres.dll,-2797; C:\Windows\System32\msdtc.exe
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe
S3 msiserver;@%SystemRoot%\system32\msimsg.dll,-27; C:\Windows\system32\msiexec.exe
S3 napagent;@%SystemRoot%\system32\qagentrt.dll,-6; C:\Windows\System32\svchost.exe
S3 NcaSvc;@%SystemRoot%\system32\ncasvc.dll,-3009; C:\Windows\System32\svchost.exe
S3 Netlogon;@%SystemRoot%\System32\netlogon.dll,-102; C:\Windows\system32\lsass.exe
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe
S3 PolicyAgent;@%SystemRoot%\System32\polstore.dll,-5010; C:\Windows\system32\svchost.exe
S3 PrintNotify;@C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll,-1; C:\Windows\system32\svchost.exe
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe
S3 RasAuto;@%Systemroot%\system32\rasauto.dll,-200; C:\Windows\System32\svchost.exe
S3 RasMan;@%Systemroot%\system32\rasmans.dll,-200; C:\Windows\System32\svchost.exe
S3 RpcLocator;@%systemroot%\system32\Locator.exe,-2; C:\Windows\system32\locator.exe
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe
S3 seclogon;@%SystemRoot%\system32\seclogon.dll,-7001; C:\Windows\system32\svchost.exe
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe
S3 svsvc;@%SystemRoot%\system32\svsvc.dll,-101; C:\Windows\system32\svchost.exe
S3 swprv;@%SystemRoot%\System32\swprv.dll,-103; C:\Windows\System32\svchost.exe
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe
S3 TapiSrv;@%SystemRoot%\system32\tapisrv.dll,-10100; C:\Windows\System32\svchost.exe
S3 TermService;@%SystemRoot%\System32\termsrv.dll,-268; C:\Windows\System32\svchost.exe
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe
S3 vmicheartbeat;@%systemroot%\system32\vmicres.dll,-101; C:\Windows\system32\svchost.exe
S3 vmickvpexchange;@%systemroot%\system32\vmicres.dll,-201; C:\Windows\system32\svchost.exe
S3 vmicrdv;@%systemroot%\system32\vmicres.dll,-601; C:\Windows\system32\svchost.exe
S3 vmicshutdown;@%systemroot%\system32\vmicres.dll,-301; C:\Windows\system32\svchost.exe
S3 vmictimesync;@%systemroot%\system32\vmicres.dll,-401; C:\Windows\system32\svchost.exe
S3 vmicvss;@%systemroot%\system32\vmicres.dll,-501; C:\Windows\system32\svchost.exe
S3 VSS;@%systemroot%\system32\vssvc.exe,-102; C:\Windows\system32\vssvc.exe
S3 W32Time;@%SystemRoot%\system32\w32time.dll,-200; C:\Windows\system32\svchost.exe
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe
S3 WebClient;@%systemroot%\system32\webclnt.dll,-100; C:\Windows\system32\svchost.exe
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe
S3 WiaRpc;@%SystemRoot%\system32\wiarpc.dll,-2; C:\Windows\system32\svchost.exe
S3 WinDefend;@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310; C:\Program Files\Windows Defender\MsMpEng.exe
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe
S3 wlidsvc;@%SystemRoot%\system32\wlidsvc.dll,-100; C:\Windows\system32\svchost.exe
S3 wmiApSrv;@%Systemroot%\system32\wbem\wmiapsrv.exe,-110; C:\Windows\system32\wbem\WmiApSrv.exe
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 RemoteAccess;@%Systemroot%\system32\mprdim.dll,-200; C:\Windows\System32\svchost.exe
S4 RemoteRegistry;@regsvc.dll,-1; C:\Windows\system32\svchost.exe
S4 SharedAccess;@%SystemRoot%\system32\ipnathlp.dll,-106; C:\Windows\System32\svchost.exe
—————–EOF—————–
fazantje

16-11-2013 17:08

Hoi Rudi,
Download zoek.zip naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze in conflict komen met zoek.zip
Klik met de rechtermuisknop op Zoek.zip en klik op de optie “Alles uitpakken” of “hier uitpakken”.
Dubbelklik vervolgens op Zoek.exe om de tool te starten.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
firefoxlook;
emptyclsid;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
Klik nu op de knop “Run script”.
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als het nodig is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.
Groetjes Huib;)
rudi

16-11-2013 17:36

Dank alvast Huib
Zoek.exe Version 4.0.0.5 Updated 14-November-2013
Tool run by renateadelerhof on za 16-11-2013 at 17:22:29,31.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\renateadelerhof\Documents\zoek\zoek.exe
==== System Restore Info ======================
16-11-2013 17:23:57 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\Users\renateadelerhof\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Users\renateadelerhof\Documents\zoek\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\renateadelerhof\AppData\Roaming\Mozilla\Firefox\Profiles\tmvakgli.default
user.js not found
—- Lines mysearch removed from prefs.js —-
user_pref(“extensions.irmysearch.aflt”, “irmsd103aw”);
user_pref(“extensions.irmysearch.cd”, "2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyBtDzy0E0EtBtB0C0FzytN0D0Tzu0SyCzzyCtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1
user_pref(“extensions.irmysearch.cr”, “632595525”);
user_pref(“extensions.irmysearch.instlRef”, “”);
—- FireFox user.js and prefs.js backups —-
prefs_16-11-2013_1728_.backup
==== System Specs ======================
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3982 MB
CPU Info: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
CPU Speed: 2496,0 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | NVIDIA GeForce 610M
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Realtek PCIe GBE Family Controller | Qualcomm Atheros AR9485 Wireless Network Adapter
CD / DVD Drives: 1x (E: | ) E: Slimtype DVD A
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 119,2GB | D: 157,5GB
Hard Disks - Free: C: 80,2GB | D: 157,2GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | | _ASUS_ - 1072009
Time Zone: West-Europa (standaardtijd)
Motherboard *: ASUSTeK COMPUTER INC. K55VD
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Firefox 25.0.1
Internet Explorer Version: 10.0.9200.16736
Mozilla Firefox version: 25.0.1 (x86 nl)
Adobe Reader version: 10.1.8.24
Flash Player version: 11.9.900.152
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\RENATE~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-11-16 14:19:48 EDEEF62DC791001AE98E7AC0F2F33A69 694232 —-a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-16 14:19:48 CC432560003B0F89F79A7B946459CDDA 78296 —-a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 14:17:47 23787853DA559818AC593D470E27441E 1022976 —-a-w- C:\Windows\SysWOW64\gdi32.dll
2013-11-14 14:17:42 8EF66E7F4CEE23A30917D27C460CDB8D 1569280 —-a-w- C:\Windows\SysWOW64\crypt32.dll
2013-11-14 14:16:42 02A04841906A8892AD6CC7BDBCB5F61D 14355968 —-a-w- C:\Windows\SysWOW64\mshtml.dll
2013-11-14 14:16:37 1191434BB424F18C2609AB5C955DD14E 13761024 —-a-w- C:\Windows\SysWOW64\ieframe.dll
2013-11-14 14:16:35 D42525513055C0A65FD4BEFAFACEB134 2877952 —-a-w- C:\Windows\SysWOW64\jscript9.dll
2013-11-14 14:16:34 A5897063A4B6796EFB7B34CEC5BC739F 1138176 —-a-w- C:\Windows\SysWOW64\urlmon.dll
2013-11-14 14:16:33 5FD4335DCD343D0FEA9FA6B18ED408D9 1767936 —-a-w- C:\Windows\SysWOW64\wininet.dll
2013-11-14 14:16:32 DA5374911037841F81072A4DCBB02D93 2049024 —-a-w- C:\Windows\SysWOW64\iertutil.dll
2013-11-14 14:16:31 AD6639EF2BD655C7E630B6BCF7203463 493056 —-a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 14:16:30 6AD683FF326836EB6AE63B1F144A4F9D 690688 —-a-w- C:\Windows\SysWOW64\jscript.dll
2013-11-14 14:16:25 5F96687B87B35AB996FE125DC0288544 1711616 —-a-w- C:\Windows\SysWOW64\d3d11.dll
2013-11-14 14:16:13 EDC410DA14DCACF4C42E09F1EB45E125 2035712 —-a-w- C:\Windows\SysWOW64\authui.dll
2013-11-14 14:16:07 2A2AD16DC708EF09B79604CEE9FF4722 323072 —-a-w- C:\Windows\SysWOW64\schannel.dll
2013-11-14 14:15:54 20DEAA3798E24F2568D13E59854B86BA 10799104 —-a-w- C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-14 14:15:53 E5022C5E268209367A186DF3F8705AEA 914432 —-a-w- C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-14 14:15:50 10C3BE99D42B256C73A4982E9680B81C 628736 —-a-w- C:\Windows\SysWOW64\wuapi.dll
2013-11-14 14:15:49 94AE186C279DD59E8D9F4E735CB81525 247296 —-a-w- C:\Windows\SysWOW64\ubpm.dll
2013-11-14 14:15:47 98AC5B3A987A7698B070D39AC88B7ED7 485376 —-a-w- C:\Windows\SysWOW64\WSDApi.dll
2013-11-14 14:15:45 ABB989EF246D554A6D166B9D2C8AB36C 656896 —-a-w- C:\Windows\SysWOW64\kerberos.dll
2013-11-14 14:15:44 4D85933D2F0819320DD1FF0B8CF191AC 84992 —-a-w- C:\Windows\SysWOW64\wudriver.dll
2013-11-14 14:15:40 FE5AD5F1E79B411F0B9E7027F2AD496A 35328 —-a-w- C:\Windows\SysWOW64\wuapp.exe
2013-11-14 14:15:40 17752E897BC17C13E5CAEA71D376C96A 126976 —-a-w- C:\Windows\SysWOW64\wuwebv.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-11-16 15:31:52 A019B6857DB10E5E71967F4724F1DA08 281240 —-a-w- C:\Windows\Sysnative\FNTCACHE.DAT
2013-11-14 14:17:51 E455C83E029121270BED73CDAC381F37 1160192 —-a-w- C:\Windows\Sysnative\IKEEXT.DLL
2013-11-14 14:17:49 53AA55632B94622F2DC3695E86EF9363 723968 —-a-w- C:\Windows\Sysnative\BFE.DLL
2013-11-14 14:17:47 2299D30B0C3F41687127DDAC5B3CAC32 1300992 —-a-w- C:\Windows\Sysnative\gdi32.dll
2013-11-14 14:17:42 61EE56D354A5B425845F6A38CE401F92 1890816 —-a-w- C:\Windows\Sysnative\crypt32.dll
2013-11-14 14:16:47 25C356A79B7002E0A20AAF592ED59DE4 19269632 —-a-w- C:\Windows\Sysnative\mshtml.dll
2013-11-14 14:16:38 9991ABD246ED906CF420B2CA08BF685A 15404544 —-a-w- C:\Windows\Sysnative\ieframe.dll
2013-11-14 14:16:37 90868BDD4047BF951E03620961945149 3959808 —-a-w- C:\Windows\Sysnative\jscript9.dll
2013-11-14 14:16:34 F13305A81317DDAEA3968D2D8EC0C0A4 1364992 —-a-w- C:\Windows\Sysnative\urlmon.dll
2013-11-14 14:16:34 9706C99DAEBE3FEAC811B239617E98C4 2241536 —-a-w- C:\Windows\Sysnative\wininet.dll
2013-11-14 14:16:33 A96B3E9D360DE75B09EE77698A54412B 2648576 —-a-w- C:\Windows\Sysnative\iertutil.dll
2013-11-14 14:16:32 1E47964351EA38C20A8E28B413769C80 603136 —-a-w- C:\Windows\Sysnative\msfeeds.dll
2013-11-14 14:16:30 EFB4937249C7E4D57F69CC4B1986BC4B 855552 —-a-w- C:\Windows\Sysnative\jscript.dll
2013-11-14 14:16:29 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 —-a-w- C:\Windows\Sysnative\ie4uinit.exe
2013-11-14 14:16:25 BEB9FF627ACB97F10D0B65D404D62C7A 2062848 —-a-w- C:\Windows\Sysnative\d3d11.dll
2013-11-14 14:16:13 97F8694D6CDD8A3BBDF0A24D9B321C7B 2304512 —-a-w- C:\Windows\Sysnative\authui.dll
2013-11-14 14:16:07 4F54EB37483A890F8C19478207FC5004 419328 —-a-w- C:\Windows\Sysnative\schannel.dll
2013-11-14 14:15:56 B37AF4CB7C5BBE8ABF0CD7E796AB1EB3 13661696 —-a-w- C:\Windows\Sysnative\Windows.UI.Xaml.dll
2013-11-14 14:15:53 5EE919B9C3056B399E488A9B253E258A 3279360 —-a-w- C:\Windows\Sysnative\wuaueng.dll
2013-11-14 14:15:53 58FE249FBABBA09A98EBAF28B0E0C382 1173504 —-a-w- C:\Windows\Sysnative\UIAutomationCore.dll
2013-11-14 14:15:52 11F1BA1F5D9D63DA9332FB48E316CF20 773120 —-a-w- C:\Windows\Sysnative\wuapi.dll
2013-11-14 14:15:51 16C7029B1FBD1F80B2337933E66BF793 328192 —-a-w- C:\Windows\Sysnative\ubpm.dll
2013-11-14 14:15:49 510A64BC84EA509337AAA67A888F101C 817152 —-a-w- C:\Windows\Sysnative\kerberos.dll
2013-11-14 14:15:49 4AF9E996881DD382EF34C094FFF26670 1622016 —-a-w- C:\Windows\Sysnative\wucltux.dll
2013-11-14 14:15:48 96486A251B78FFBD9C559C78054BAD59 599040 —-a-w- C:\Windows\Sysnative\WSDApi.dll
2013-11-14 14:15:48 05238CE241F616ECFE061C3363FFD8F7 252928 —-a-w- C:\Windows\Sysnative\WUSettingsProvider.dll
2013-11-14 14:15:47 DA041324BA6417672F464BCCD7B4028F 59416 —-a-w- C:\Windows\Sysnative\wuauclt.exe
2013-11-14 14:15:44 7F77886AC6F915075DC0C37264B02713 142848 —-a-w- C:\Windows\Sysnative\wuwebv.dll
2013-11-14 14:15:43 71966AEA65DCCE5A749B27D07DFA524E 99328 —-a-w- C:\Windows\Sysnative\wudriver.dll
2013-11-14 14:15:43 59A3F0EE45069600241CEF1A3A165000 175104 —-a-w- C:\Windows\Sysnative\storewuauth.dll
2013-11-14 14:15:39 C85F997D1BC04C5D0C8193183C70D6E4 40448 —-a-w- C:\Windows\Sysnative\wuapp.exe
====== C:\Windows\Sysnative\drivers =====
2013-11-14 14:17:49 44BB9C31E6242C4BD1CE7C2B440C2533 96600 —-a-w- C:\Windows\Sysnative\drivers\wfplwfs.sys
2013-11-14 14:17:09 7C0E0EDF18D6CC565D7BFBB451709FA5 576512 —-a-w- C:\Windows\Sysnative\drivers\afd.sys
2013-11-14 14:15:51 E94F7A7B48C7638D1F3F8089344C97B7 151896 —-a-w- C:\Windows\Sysnative\drivers\tpm.sys
2013-11-14 14:15:50 C1646A95EAC515F60CDB2A7A8A013C1E 465240 —-a-w- C:\Windows\Sysnative\drivers\fvevol.sys
2013-11-14 14:15:48 07C872F13ACC81A5F10DEC6CF37BF9A8 61784 —-a-w- C:\Windows\Sysnative\drivers\crashdmp.sys
2013-10-26 16:37:09 D41D8CD98F00B204E9800998ECF8427E 0 —ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-11-16 15:49:03 ——– d—–w- C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2013-10-20 10:35:54 ——– d—–w- C:\PROGRA~2\COMMON~1\AWS
======= C: =====
====== C:\Users\renateadelerhof\AppData\Roaming ======
2013-11-16 14:04:25 ——– d—–w- C:\Users\renateadelerhof\AppData\Roaming\0V1L2Z2Z1T1I1L1T
2013-10-27 17:20:16 ——– d—–w- C:\Users\renateadelerhof\AppData\Roaming\Garmin
2013-10-20 10:36:07 ——– d—–w- C:\Users\renateadelerhof\AppData\Roaming\WebStorage
====== C:\Users\renateadelerhof ======
2013-11-16 15:48:39 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\renateadelerhof\Desktop\RSITx64.exe
2013-11-16 15:47:08 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\renateadelerhof\Downloads\RSITx64.exe
2013-11-16 14:13:34 9812917FE2FCDEA2FD800573D7842E5D 1085542 —-a-w- C:\Users\renateadelerhof\Downloads\adwcleaner(4).exe
2013-11-16 14:04:22 C44738F944948C6440CEA5FC65CA2869 143485940 —-a-w- C:\Users\renateadelerhof\Downloads\25829-673220-openoffice.exe
2013-11-09 15:17:05 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 —-a-w- C:\Users\renateadelerhof\Downloads\esetsmartinstaller_enu(2).exe
2013-11-09 15:15:44 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 —-a-w- C:\Users\renateadelerhof\Downloads\esetsmartinstaller_enu(1).exe
2013-11-09 14:27:56 76B1717148C114D3A47147B1A5CCFFEA 4379048 —-a-w- C:\Users\renateadelerhof\Downloads\ccsetup407(2).exe
2013-11-09 14:27:44 76B1717148C114D3A47147B1A5CCFFEA 4379048 —-a-w- C:\Users\renateadelerhof\Downloads\ccsetup407(1).exe
2013-11-09 14:26:38 76B1717148C114D3A47147B1A5CCFFEA 4379048 —-a-w- C:\Users\renateadelerhof\Downloads\ccsetup407.exe
2013-11-09 14:18:37 2FD19CB174B2CCB6A227BF0F321D4846 1073262 —-a-w- C:\Users\renateadelerhof\Downloads\adwcleaner(3).exe
2013-10-20 10:35:57 ——– d—–w- C:\ProgramData\WebStorage
====== C: exe-files ==
2013-11-16 15:49:04 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\renateadelerhof.exe
2013-11-16 15:48:39 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\renateadelerhof\Desktop\RSITx64.exe
2013-11-16 15:47:08 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\renateadelerhof\Downloads\RSITx64.exe
2013-11-16 15:33:54 5E0686615A80A6279B2314E13CD23F6E 119408 —-a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
2013-11-16 14:19:48 EDEEF62DC791001AE98E7AC0F2F33A69 694232 —-a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-16 14:13:34 9812917FE2FCDEA2FD800573D7842E5D 1085542 —-a-w- C:\Users\renateadelerhof\Downloads\adwcleaner(4).exe
2013-11-16 14:04:25 8C7FB9078A63B7E5E899E7A2DBB0DB53 1114624 —-a-w- C:\Users\renateadelerhof\AppData\Roaming\0V1L2Z2Z1T1I1L1T\OpenOffice Packages\uninstaller.exe
2013-11-16 14:04:22 C44738F944948C6440CEA5FC65CA2869 143485940 —-a-w- C:\Users\renateadelerhof\Downloads\25829-673220-openoffice.exe
2013-11-14 14:16:29 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 —-a-w- C:\Windows\System32\ie4uinit.exe
2013-11-14 14:15:47 DA041324BA6417672F464BCCD7B4028F 59416 —-a-w- C:\Windows\System32\wuauclt.exe
2013-11-14 14:15:40 FE5AD5F1E79B411F0B9E7027F2AD496A 35328 —-a-w- C:\Windows\SysWOW64\wuapp.exe
2013-11-14 14:15:39 C85F997D1BC04C5D0C8193183C70D6E4 40448 —-a-w- C:\Windows\System32\wuapp.exe
2013-11-11 18:37:37 0EEFE140A491CE903A6A9C219A7B64BD 356440 —-a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00005534\updatus.17261478_RUNASUSER.exe
=== C: other files ==
2013-11-14 14:17:49 44BB9C31E6242C4BD1CE7C2B440C2533 96600 —-a-w- C:\Windows\System32\Drivers\wfplwfs.sys
2013-11-14 14:17:09 7C0E0EDF18D6CC565D7BFBB451709FA5 576512 —-a-w- C:\Windows\System32\Drivers\afd.sys
2013-11-14 14:15:51 E94F7A7B48C7638D1F3F8089344C97B7 151896 —-a-w- C:\Windows\System32\Drivers\tpm.sys
2013-11-14 14:15:50 C1646A95EAC515F60CDB2A7A8A013C1E 465240 —-a-w- C:\Windows\System32\Drivers\fvevol.sys
2013-11-14 14:15:48 07C872F13ACC81A5F10DEC6CF37BF9A8 61784 —-a-w- C:\Windows\System32\Drivers\crashdmp.sys
==== Startup Registry Enabled ======================
“Adobe Reader Speed Launcher”=“C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“ASUSPRP”=“C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
“RemoteControl10”=“C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe”
“avast”=“C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui”
“WebStorage”=“C:\Program Files (x86)\ASUS\WebStorage\2.0.4.229\ASUSWSLoader.exe”
“AppInit_DLLs”=“C:\\Windows\\SysWOW64\\nvinit.dll”
==== Startup Registry Enabled x64 ======================
“AuditSHD”=“C:\windows\system32\oobe\auditshd.exe”
“IgfxTray”=“C:\Windows\system32\igfxtray.exe”
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”
“RTHDVCPL”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s”
“ACMON”=“C:\Program Files (x86)\ASUS\Splendid\ACMON.exe”
“AppInit_DLLs”=“C:\\Windows\\system32\\nvinitx.dll”
==== Startup Folders ======================
2013-10-10 13:14:17 1933 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a——– C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\ASUS InstantOn Config”
“C:\Windows\SysNative\tasks\ASUS Live Update”
“C:\Windows\SysNative\tasks\ASUS P4G”
“C:\Windows\SysNative\tasks\ASUS Touchpad Launcher (x64)”
“C:\Windows\SysNative\tasks\ASUS USB Charger Plus”
“C:\Windows\SysNative\tasks\CCleanerSkipUAC”
“C:\Windows\SysNative\tasks\CreateChoiceProcessTask”
==== Firefox Extensions Registry ======================
“wrc@avast.com”=“C:\Program Files\AVAST Software\Avast\WebRep\FF”
==== Firefox Extensions ======================
ProfilePath: C:\Users\renateadelerhof\AppData\Roaming\Mozilla\Firefox\Profiles\tmvakgli.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\renateadelerhof\AppData\Roaming\Mozilla\Firefox\Profiles\tmvakgli.default
EE8D96E7899D12FC3AA5DB2034C0853C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll - Shockwave Flash
7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner +
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.com”
“Start Page”=“http://www.google.com”
“Start Page”=“http://www.google.com”
“Tabs”=“http://www.google.com”
“Tabs”=“http://www.google.com”
No DefaultScope Set For HKCU
New Values:
“Start Page”=“http://www.google.com”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Tabs”=“res://ieframe.dll/tabswelcome.htm”
“Tabs”=“res://ieframe.dll/tabswelcome.htm”
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\WebStorage\2.0.4.229\ASUSWSLoader.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O11 - Options group: Accelerated graphics
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.4.229\AsusWSWinService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\renateadelerhof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\renateadelerhof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\renateadelerhof\AppData\Local\Mozilla\Firefox\Profiles\tmvakgli.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\RENATE~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on za 16-11-2013 at 17:34:16,40 ======================
fazantje

16-11-2013 18:35

Hoi Rudi,
Hoe staat het er nu mee?
Waar heb je open office gedownload?
Probeer zoveel mogelijk te downloaden van de officiële websites.
Groetjes Huib;)
rudi

16-11-2013 18:46

Hoi Huib, hij draait weer als een zonnetje. Bedankt !!
Openoffice.fileprogram.net was de boosdoener :X (98% zeker)
Niet proberen meelezers !
rudi

16-11-2013 18:48

En daarna kwamen dus de aanbiedingen om de computer te scannen, de pop-ups ( een ware batterij ) de andere opstart - mysearch.com etc
fazantje

16-11-2013 18:55

Hoi Rudi,
Dat is mooi dan gaan we weer opruimen.
Malwarebytes kan je laten staan, maar dat wist je al;)
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Activate UAC
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings
Klik nu op “Run” en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools overgebleven zijn dan kan je die zelf verwijderen.
Groetjes Huib;)
rudi

16-11-2013 18:59

Dank je Huib !! (tu)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Malware

rudi

rudi

rudi

fazantje

rudi

fazantje

rudi

rudi

fazantje

rudi