Interpol Politie virus

Dizciple

14-03-2014 17:56

Die ellende dus..
Overal word geadviseerd om tijdens opstarten op F8 te klikken, en vervolgens op te starten in veilige modus, of met opdrachtprompt ding, maar dan nog start de computer gewoon op met de virus. Voorlopig is de pc dus onbruikbaar…
Iemand?
rudi

14-03-2014 18:18

He ouwe reus
http://antivirus.startpagina.nl/prikbord/4625317/voer-dit-eerst-uit-voordat-je-de-logjes-plaatst-(aangepaste-versie-dd-08-01-2014)#msg-4625317
Dizciple

14-03-2014 18:27

Gaat ff lekker naar het voetbal prikbord jij
Maar nee, ik kan dus nx scannen ofzo, aangezien ik de computer niet opkom, zodra het bureaublad in beeld komt, poem, verschijnt het interpol scherm en kan je nx neer doen, cntrl alt delete lukt wel, maar als ik dan op taakbeheer klik, verschijnt deze maar tiende van een seconde en komt het interpol scherm er weer dominant overheen..
rudi

14-03-2014 18:32

Okay….lummel
Ga ff volgen wat de expert hier op weten !
Ben

14-03-2014 18:52

Hallo,
Download "HitmanPro" via de onderstaande link bijvoorbeeld naar het bureaublad op een niet geïnfecteerde computer
Klik hier om de uitgebreide handleiding te raadplegen
HitmanPro downloaden.(Kies hier de 32 of 64 bit versie).
HitmanPro (32bit)
HitmanPro (64bit)
Dubbelklik op HitmanPro36.exe of HitmanPro36_64.exe om het programma op te starten.
Klik in het beginscherm op de "Kickstartknop" zoals u kunt zien in het onderstaande rode kader.
Indien er reeds een USB-stick is aangesloten zal HitmanPro Kickstart deze automatisch herkennen en weergeven.
Klik deze USB-stick éénmaal aan waarna u de keuze krijgt om Kickstart te installeren op de USB-stick.
Voordat HitmanPro.Kickstart wordt geïnstalleerd wordt de USB-stick opnieuw geformatteerd.
Waarschuwing! Bij het opnieuw formatteren gaan alle gegevens verloren die op de USB-stick zijn opgeslagen.
Nadat de HitmanPro Kickstart USB-stick is aangemaakt zal deze automatisch “veilig verwijderd” worden van het betreffende systeem waarop deze is aangemaakt.
Start de geïnfecteerde computer op van de HitmanPro.Kickstart USB-stick. (Hoe u de computer van een USB-stick kunt opstarten lees u hier)
Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan“ en klik op ”Volgende"
Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
Als de scan klaar is klik je op “volgende”
Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
Als het verwijderen gereed is klik je onderin het scherm op "Save log“ of ”Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
Post dit logje.
Klik nu op de knop "Herstarten".
Kijk of je hierna onze handleiding kan doen: http://antivirus.startpagina.nl/prikbord/4625317/voer-dit-eerst-uit-voordat-je-de-logjes-plaatst-(aangepaste-versie-dd-08-01-2014)#msg-4625317
Dizciple

14-03-2014 19:43

Voorlopig is dat scherm van interpol even weg nu de usb stick erin zit met dat hitman gedoe, maar na opstarten van de computer, verschijnt nu ineens wel meteen het volgende venster met melding:
Gebruikersaccountbeheer
Wilt u het volgende programma toestaan wijzigingen aan deze computer aan te brengen:
Register-editor
c\windows\regedit.exe -s
c\users\silver\AppData\local\temp\lbngvja.reg
Ik kan JA of NEE kiezen, bij NEE, verschijnt hij gewoon weer, tot 10 keer toe NEE klikken en dan pas blijft hij weg, tot ik opnieuw computer opstart en dan is hij er weer.
Ik kom ook na cntrol-alt-del nog steeds niet in Taakbeheer, die verschijnt maar een tiende van een seconde in beeld en verdwijnt dan weer..
Hierbij de 2 logjes:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2014.03.14.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16844
Silver :: SILVER-PC
14-3-2014 19:26:54
mbam-log-2014-03-14 (19-26-54).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 239791
Verstreken tijd: 1 minuut/minuten, 58 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 1
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 1
C:\Users\Silver\AppData\Local\Temp\ICReinstall_CR_Downloader_voor_kickle-cubicle.exe (PUP.Optional.InstallCore) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
***************************************************************************************************************************************
info.txt logfile of random's system information tool 1.09 2014-03-14 19:32:59
======Uninstall list======
Adobe Flash Player 11 Plugin 64-bit–>C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe -maintain plugin
Adobe Flash Player 12 ActiveX–>C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe -maintain activex
Adobe Reader X (10.1.9)–>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
CCleaner–>“C:\Program Files\CCleaner\uninst.exe”
Complément Messenger–>MsiExec.exe /I{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}
D3DX10–>MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Galerie de photos Windows Live–>MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710}
Google Earth Plug-in–>MsiExec.exe /X{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}
Google Update Helper–>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP Deskjet 3520 series Basissoftware van het apparaat–>MsiExec.exe /I{3F9FEDF6-90EF-441E-8E49-1C0E33E28CA2}
HP Deskjet 3520 series Help–>MsiExec.exe /I{8916BFB2-3728-478C-A8CD-03EAC4B9813C}
HP Deskjet 3520 series Setup Guide–>MsiExec.exe /I{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}
HP Photo Creations–>C:\Program Files (x86)\HP Photo Creations\uninst.exe
Intel(R) Control Center–>C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Management Engine Components–>C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics–>C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology–>C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Intel(R) SDK for OpenCL - CPU Only Runtime Package–>C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall
Intel(R) USB 3.0 eXtensible Host Controller Driver–>C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall
Intel® Trusted Connect Service Client–>MsiExec.exe /I{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}
Java 7 Update 21 (64-bit)–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86417021FF}
Java 7 Update 51–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF}
Junk Mail filter update–>MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Malwarebytes Anti-Malware versie 1.75.0.1300–>“C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe”
Mesh Runtime–>MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion–>MsiExec.exe /I{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}
Messenger Companion–>MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}
Messenger Companion–>MsiExec.exe /I{8142D25E-028A-4563-86ED-5755783C8029}
Microsoft .NET Framework 4.5.1 (Nederlands)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\NLD\\Setup.exe /repair /x86 /x64 /lcid 1043
Microsoft .NET Framework 4.5.1 (NLD)–>MsiExec.exe /X{9EBB0AF2-4AD2-3ABA-95EF-977EBEA1CB09}
Microsoft .NET Framework 4.5.1–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.1–>MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}
Microsoft Office Professional Editie 2003–>MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition –>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219–>MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219–>MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
MSVCRT_amd64–>MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT–>MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
Realtek Ethernet Controller Driver–>C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe -runfromtemp -removeonly
Realtek High Definition Audio Driver–>RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\LSetup.Exe” -removeonly
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {BD0F9F7E-62B2-3971-9E2E-B87B832CE89D}
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {513BC47F-0560-33C2-A029-C5387642233A}
Skype™ 6.14–>MsiExec.exe /X{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
VLC media player 2.0.6–>C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Vuze–>C:\Program Files\Vuze\uninstall.exe
Windows Live Communications Platform–>MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials–>C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials–>MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073}
Windows Live Essentials–>MsiExec.exe /I{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}
Windows Live Essentials–>MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Family Safety–>MsiExec.exe /I{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}
Windows Live Family Safety–>MsiExec.exe /I{2128559D-BBCD-4744-87F0-7C0CD5CFB464}
Windows Live Family Safety–>MsiExec.exe /I{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}
Windows Live Family Safety–>MsiExec.exe /I{BFBE6E95-5724-47EC-85A0-74D436AD938F}
Windows Live Family Safety–>MsiExec.exe /X{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}
Windows Live Fotogalerie–>MsiExec.exe /X{B113D18C-67B0-4FB7-B329-E89B66194AE6}
Windows Live ID Sign-in Assistant–>MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer–>MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector–>MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}
Windows Live Mail–>MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail–>MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
Windows Live Mail–>MsiExec.exe /I{B1239994-A850-44E2-BED8-E70A21124E16}
Windows Live Mail–>MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mail–>MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C}
Windows Live Mesh–>MsiExec.exe /I{3F4143A1-9C21-4011-8679-3BC1014C6886}
Windows Live Mesh–>MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
Windows Live Mesh–>MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh–>MsiExec.exe /I{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}
Windows Live Mesh–>MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core–>MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger–>MsiExec.exe /X{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}
Windows Live Messenger–>MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger–>MsiExec.exe /X{48294D95-EE9A-4377-8213-44FC4265FB27}
Windows Live Messenger–>MsiExec.exe /X{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}
Windows Live Messenger–>MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live MIME IFilter–>MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker–>MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker–>MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
Windows Live Movie Maker–>MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker–>MsiExec.exe /X{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}
Windows Live Movie Maker–>MsiExec.exe /X{E4E88B54-4777-4659-967A-2EED1E6AFD83}
Windows Live Photo Common–>MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B}
Windows Live Photo Common–>MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common–>MsiExec.exe /X{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}
Windows Live Photo Common–>MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70}
Windows Live Photo Common–>MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery–>MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery–>MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live Photo Gallery–>MsiExec.exe /X{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}
Windows Live PIMT Platform–>MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources–>MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}
Windows Live Remote Client Resources–>MsiExec.exe /I{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
Windows Live Remote Client Resources–>MsiExec.exe /I{C9F05151-95A9-4B9B-B534-1760E2D014A5}
Windows Live Remote Client Resources–>MsiExec.exe /I{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}
Windows Live Remote Client–>MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources–>MsiExec.exe /I{5E2CD4FB-4538-4831-8176-05D653C3E6D4}
Windows Live Remote Service Resources–>MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}
Windows Live Remote Service Resources–>MsiExec.exe /I{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}
Windows Live Remote Service Resources–>MsiExec.exe /I{D930AF5C-5193-4616-887D-B974CEFC4970}
Windows Live Remote Service–>MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions–>MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE–>MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{37B33B16-2535-49E7-8990-32668708A0A3}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}
Windows Live UX Platform–>MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources–>MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218}
Windows Live Writer Resources–>MsiExec.exe /X{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}
Windows Live Writer Resources–>MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194}
Windows Live Writer Resources–>MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer–>MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F}
Windows Live Writer–>MsiExec.exe /X{7E017923-16F8-4E32-94EF-0A150BD196FE}
Windows Live Writer–>MsiExec.exe /X{859D4022-B76D-40DE-96EF-C90CDA263F44}
Windows Live Writer–>MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer–>MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer–>MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Live–>MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
WinRAR 4.20 (64-bit)–>C:\Program Files\WinRAR\uninstall.exe
======System event log======
Computer Name: Silver-PC
Event Code: 7036
Message: De Windows Live ID Sign-in Assistant-service heeft nu de status wordt uitgevoerd.
Record Number: 111389
Source Name: Service Control Manager
Time Written: 20131104164408.434020-000
Event Type: Informatie
User:
Computer Name: Silver-PC
Event Code: 7036
Message: De Distributed Link Tracking Client-service heeft nu de status wordt uitgevoerd.
Record Number: 111388
Source Name: Service Control Manager
Time Written: 20131104164408.106420-000
Event Type: Informatie
User:
Computer Name: Silver-PC
Event Code: 7036
Message: De Superfetch-service heeft nu de status wordt uitgevoerd.
Record Number: 111387
Source Name: Service Control Manager
Time Written: 20131104164408.106420-000
Event Type: Informatie
User:
Computer Name: Silver-PC
Event Code: 7036
Message: De Windows Management Instrumentation-service heeft nu de status wordt uitgevoerd.
Record Number: 111386
Source Name: Service Control Manager
Time Written: 20131104164408.090820-000
Event Type: Informatie
User:
Computer Name: Silver-PC
Event Code: 7036
Message: De Windows Image Acquisition (WIA)-service heeft nu de status wordt uitgevoerd.
Record Number: 111385
Source Name: Service Control Manager
Time Written: 20131104164408.075220-000
Event Type: Informatie
User:
=====Application event log=====
Computer Name: Silver-PC
Event Code: 1003
Message: De Windows Search-service is gestart.
Record Number: 5741
Source Name: Microsoft-Windows-Search
Time Written: 20130409152046.000000-000
Event Type: Informatie
User:
Computer Name: Silver-PC
Event Code: 302
Message: Windows (2660) Windows: De database-engine heeft de herstelstappen uitgevoerd.
Record Number: 5740
Source Name: ESENT
Time Written: 20130409152046.000000-000
Event Type: Informatie
User:
Computer Name: Silver-PC
Event Code: 301
Message: Windows (2660) Windows: De database-engine is begonnen met het opnieuw afspelen van logboekbestand C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Record Number: 5739
Source Name: ESENT
Time Written: 20130409152046.000000-000
Event Type: Informatie
User:
Computer Name: Silver-PC
Event Code: 301
Message: Windows (2660) Windows: De database-engine is begonnen met het opnieuw afspelen van logboekbestand C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000CA.log.
Record Number: 5738
Source Name: ESENT
Time Written: 20130409152046.000000-000
Event Type: Informatie
User:
Computer Name: Silver-PC
Event Code: 300
Message: Windows (2660) Windows: De database-engine voert herstelstappen uit.
Record Number: 5737
Source Name: ESENT
Time Written: 20130409152046.000000-000
Event Type: Informatie
User:
=====Security event log=====
Computer Name: Silver-PC
Event Code: 1100
Message: De logboekregistratieservice is afgesloten.
Record Number: 8791
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130520142646.787244-000
Event Type: Controle geslaagd
User:
Computer Name: Silver-PC
Event Code: 4672
Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Bevoegdheden: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 8790
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130520140937.418975-000
Event Type: Controle geslaagd
User:
Computer Name: Silver-PC
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: SILVER-PC$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x328
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 8789
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130520140937.418975-000
Event Type: Controle geslaagd
User:
Computer Name: Silver-PC
Event Code: 4672
Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Bevoegdheden: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 8788
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130520140742.505245-000
Event Type: Controle geslaagd
User:
Computer Name: Silver-PC
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: SILVER-PC$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x328
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 8787
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130520140742.505245-000
Event Type: Controle geslaagd
User:
======Environment variables======
“ComSpec”=%SystemRoot%\system32\cmd.exe
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“Path”=C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
“PROCESSOR_ARCHITECTURE”=AMD64
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“USERNAME”=SYSTEM
“windir”=%SystemRoot%
“PSModulePath”=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
“NUMBER_OF_PROCESSORS”=4
“PROCESSOR_LEVEL”=6
“PROCESSOR_IDENTIFIER”=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
“PROCESSOR_REVISION”=3a09
“windows_tracing_logfile”=C:\BVTBin\Tests\installpackage\csilogfile.log
“windows_tracing_flags”=3
—————–EOF—————–
***********************************************************************************************************************************
Logfile of random's system information tool 1.09 (written by random/random)
Run by Silver at 2014-03-14 19:32:52
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 120 GB (78%) free of 154 GB
Total RAM: 8068 MB (86% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:32:58, on 14-3-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16843)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Silver.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: lbngvja.lnk = C:\Windows\System32\rundll32.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 8917 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
taskeng.exe {D8E49417-86D0-47D6-A62F-7D6C48CE6189}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“C:\Program Files\Intel\iCLS Client\HeciServer.exe”
“C:\Windows\system32\Dwm.exe”
“taskhost.exe”
C:\Windows\Explorer.EXE
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
WLIDSvcM.exe 1124
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-deb4281c-cdf5-414f-b86f-9e255e3c1782 -SystemEventPortName:HostProcess-86283a71-1c51-4ba1-831c-705ced06d48b -IoCancelEventPortName:HostProcess-277ff45f-cbde-45f2-81a2-1805b8bd36ac -NonStateChangingEventPortName:HostProcess-12a0207c-f2d8-4bfd-a073-78ab5044a62f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3b4ce713-d065-43cf-98bd-60256d7f543f -DeviceGroupId:WpdFsGroup
C:\Windows\servicing\TrustedInstaller.exe
“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe” -s
“C:\Windows\System32\rundll32.exe” C:\PROGRA~3\ajvgnbl.cpp,XXS1
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe”
“C:\Windows\System32\rundll32.exe” C:\PROGRA~3\ajvgnbl.cpp,XXS1
“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\system32\rundll32.exe C:\PROGRA~3\ajvgnbl.cpp,XXS2
C:\Windows\system32\SearchIndexer.exe /Embedding
“C:\Program Files\Internet Explorer\iexplore.exe”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:2768 CREDAT:267521 /prefetch:2
C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe -Embedding
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3511177411-2812235252-1749893902-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3511177411-2812235252-1749893902-10001 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon” “1”
“C:\Windows\system32\SearchFilterHost.exe” 0 520 524 532 65536 528
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:2768 CREDAT:2102573 /prefetch:2
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
“C:\Users\Silver\Desktop\RSITx64.exe”
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe”
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe”
C:\Windows\system32\sppsvc.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
“RtHDVCpl”=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\hkcmd.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
C:\Windows\system32\igfxtray.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
“IMSS”=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“SunJavaUpdateSched”=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
SA.DAT
SCHEDLGU.TXT
C:\Users\Silver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
lbngvja.lnk - C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxdev.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 3 months======
2014-03-14 19:32:53 —-D—- C:\Program Files\trend micro
2014-03-14 19:32:52 —-D—- C:\rsit
2014-03-14 19:26:11 —-D—- C:\Users\Silver\AppData\Roaming\Malwarebytes
2014-03-14 19:25:51 —-D—- C:\ProgramData\Malwarebytes
2014-03-14 19:25:50 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 19:25:50 —-A—- C:\Windows\system32\drivers\mbam.sys
2014-03-14 19:06:14 —-A—- C:\Windows\SYSWOW64\vbscript.dll
2014-03-14 19:06:14 —-A—- C:\Windows\system32\vbscript.dll
2014-03-14 19:04:18 —-A—- C:\Windows\SYSWOW64\msrating.dll
2014-03-14 19:04:18 —-A—- C:\Windows\SYSWOW64\ieui.dll
2014-03-14 19:04:18 —-A—- C:\Windows\system32\msrating.dll
2014-03-14 19:04:18 —-A—- C:\Windows\system32\ieui.dll
2014-03-14 19:04:17 —-A—- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2014-03-14 19:04:17 —-A—- C:\Windows\SYSWOW64\iesysprep.dll
2014-03-14 19:04:17 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2014-03-14 19:04:17 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2014-03-14 19:04:17 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2014-03-14 19:04:17 —-A—- C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-14 19:04:17 —-A—- C:\Windows\system32\iesysprep.dll
2014-03-14 19:04:17 —-A—- C:\Windows\system32\iesetup.dll
2014-03-14 19:04:17 —-A—- C:\Windows\system32\iertutil.dll
2014-03-14 19:04:17 —-A—- C:\Windows\system32\iernonce.dll
2014-03-14 19:04:17 —-A—- C:\Windows\system32\ie4uinit.exe
2014-03-14 19:04:16 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2014-03-14 19:04:16 —-A—- C:\Windows\SYSWOW64\jscript.dll
2014-03-14 19:04:16 —-A—- C:\Windows\system32\msfeeds.dll
2014-03-14 19:04:16 —-A—- C:\Windows\system32\jscript9.dll
2014-03-14 19:04:16 —-A—- C:\Windows\system32\jscript.dll
2014-03-14 19:04:15 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2014-03-14 19:04:15 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2014-03-14 19:04:15 —-A—- C:\Windows\system32\urlmon.dll
2014-03-14 19:04:14 —-A—- C:\Windows\SYSWOW64\wininet.dll
2014-03-14 19:04:14 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2014-03-14 19:04:14 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2014-03-14 19:04:14 —-A—- C:\Windows\system32\wininet.dll
2014-03-14 19:04:14 —-A—- C:\Windows\system32\jsproxy.dll
2014-03-14 19:04:12 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2014-03-14 19:04:12 —-A—- C:\Windows\system32\ieframe.dll
2014-03-14 19:04:11 —-A—- C:\Windows\system32\mshtml.dll
2014-03-14 19:03:28 —-A—- C:\Windows\system32\win32k.sys
2014-03-14 19:03:27 —-A—- C:\Windows\SYSWOW64\wer.dll
2014-03-14 19:03:27 —-A—- C:\Windows\SYSWOW64\msxml3r.dll
2014-03-14 19:03:27 —-A—- C:\Windows\SYSWOW64\msxml3.dll
2014-03-14 19:03:27 —-A—- C:\Windows\system32\wer.dll
2014-03-14 19:03:27 —-A—- C:\Windows\system32\msxml3r.dll
2014-03-14 19:03:27 —-A—- C:\Windows\system32\msxml3.dll
2014-03-14 19:03:25 —-A—- C:\Windows\system32\wwansvc.dll
2014-03-14 19:03:24 —-A—- C:\Windows\SYSWOW64\mstscax.dll
2014-03-14 19:03:24 —-A—- C:\Windows\system32\mstscax.dll
2014-03-14 19:03:23 —-A—- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-03-14 19:03:23 —-A—- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-03-14 19:03:23 —-A—- C:\Windows\SYSWOW64\secproc_isv.dll
2014-03-14 19:03:23 —-A—- C:\Windows\SYSWOW64\secproc.dll
2014-03-14 19:03:23 —-A—- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-03-14 19:03:23 —-A—- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-03-14 19:03:23 —-A—- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-03-14 19:03:23 —-A—- C:\Windows\SYSWOW64\RMActivate.exe
2014-03-14 19:03:23 —-A—- C:\Windows\SYSWOW64\msdrm.dll
2014-03-14 19:03:23 —-A—- C:\Windows\system32\secproc_ssp_isv.dll
2014-03-14 19:03:23 —-A—- C:\Windows\system32\secproc_ssp.dll
2014-03-14 19:03:23 —-A—- C:\Windows\system32\secproc_isv.dll
2014-03-14 19:03:23 —-A—- C:\Windows\system32\secproc.dll
2014-03-14 19:03:23 —-A—- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-14 19:03:23 —-A—- C:\Windows\system32\RMActivate_ssp.exe
2014-03-14 19:03:23 —-A—- C:\Windows\system32\RMActivate_isv.exe
2014-03-14 19:03:23 —-A—- C:\Windows\system32\RMActivate.exe
2014-03-14 19:03:23 —-A—- C:\Windows\system32\msdrm.dll
2014-03-14 19:03:19 —-A—- C:\Windows\SYSWOW64\d3d10warp.dll
2014-03-14 19:03:19 —-A—- C:\Windows\system32\d3d10warp.dll
2014-03-14 19:03:18 —-A—- C:\Windows\SYSWOW64\d2d1.dll
2014-03-14 19:03:18 —-A—- C:\Windows\system32\d2d1.dll
2014-03-14 19:03:15 —-A—- C:\Windows\system32\drivers\usbuhci.sys
2014-03-14 19:03:15 —-A—- C:\Windows\system32\drivers\usbport.sys
2014-03-14 19:03:15 —-A—- C:\Windows\system32\drivers\usbohci.sys
2014-03-14 19:03:15 —-A—- C:\Windows\system32\drivers\usbhub.sys
2014-03-14 19:03:15 —-A—- C:\Windows\system32\drivers\usbehci.sys
2014-03-14 19:03:15 —-A—- C:\Windows\system32\drivers\usbd.sys
2014-03-14 19:03:15 —-A—- C:\Windows\system32\drivers\usbccgp.sys
2014-03-14 19:03:14 —-A—- C:\Windows\SYSWOW64\qedit.dll
2014-03-14 19:03:14 —-A—- C:\Windows\system32\qedit.dll
2014-03-14 19:03:14 —-A—- C:\Windows\system32\drivers\netio.sys
2014-03-14 19:02:36 —-A—- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-03-14 19:02:36 —-A—- C:\Windows\system32\WindowsCodecs.dll
2014-03-14 18:45:40 —-D—- C:\ProgramData\HitmanPro
2014-03-14 17:19:03 —-A—- C:\Windows\ntbtlog.txt
2014-03-14 17:13:11 —-RD—- C:\Program Files (x86)\Skype
2014-02-19 17:26:50 —-D—- C:\Users\Silver\AppData\Roaming\Stella
2014-01-24 14:07:13 —-D—- C:\Windows\SYSWOW64\20-20 Technologies
2014-01-08 17:28:51 —-A—- C:\Windows\SYSWOW64\wmploc.DLL
2014-01-08 17:28:51 —-A—- C:\Windows\SYSWOW64\wmp.dll
2014-01-08 17:28:51 —-A—- C:\Windows\system32\wmploc.DLL
2014-01-08 17:28:50 —-A—- C:\Windows\system32\wmp.dll
2014-01-08 17:26:12 —-D—- C:\Windows\Migration
2014-01-08 17:22:50 —-A—- C:\Windows\SYSWOW64\wscript.exe
2014-01-08 17:22:50 —-A—- C:\Windows\SYSWOW64\scrrun.dll
2014-01-08 17:22:50 —-A—- C:\Windows\SYSWOW64\imagehlp.dll
2014-01-08 17:22:50 —-A—- C:\Windows\SYSWOW64\cscript.exe
2014-01-08 17:22:50 —-A—- C:\Windows\system32\wscript.exe
2014-01-08 17:22:50 —-A—- C:\Windows\system32\scrrun.dll
2014-01-08 17:22:50 —-A—- C:\Windows\system32\imagehlp.dll
2014-01-08 17:22:50 —-A—- C:\Windows\system32\cscript.exe
2014-01-08 17:22:49 —-A—- C:\Windows\SYSWOW64\tzres.dll
2014-01-08 17:22:49 —-A—- C:\Windows\system32\tzres.dll
2014-01-08 17:22:48 —-A—- C:\Windows\SYSWOW64\WMPhoto.dll
2014-01-08 17:22:48 —-A—- C:\Windows\SYSWOW64\msieftp.dll
2014-01-08 17:22:48 —-A—- C:\Windows\system32\WMPhoto.dll
2014-01-08 17:22:48 —-A—- C:\Windows\system32\msieftp.dll
2014-01-08 17:22:48 —-A—- C:\Windows\system32\drivers\portcls.sys
2014-01-08 17:22:48 —-A—- C:\Windows\system32\drivers\drmk.sys
======List of files/folders modified in the last 3 months======
2014-03-14 19:32:57 —-D—- C:\Windows\Temp
2014-03-14 19:32:56 —-A—- C:\Windows\SYSWOW64\log.txt
2014-03-14 19:32:53 —-RD—- C:\Program Files
2014-03-14 19:30:53 —-D—- C:\Windows\system32\config
2014-03-14 19:25:51 —-HD—- C:\ProgramData
2014-03-14 19:25:50 —-RD—- C:\Program Files (x86)
2014-03-14 19:25:50 —-D—- C:\Windows\system32\drivers
2014-03-14 19:18:19 —-D—- C:\Windows\System32
2014-03-14 19:18:19 —-D—- C:\Windows\inf
2014-03-14 19:18:19 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-03-14 19:17:21 —-RSD—- C:\Windows\assembly
2014-03-14 19:17:21 —-D—- C:\Windows\Microsoft.NET
2014-03-14 19:13:52 —-D—- C:\Windows\winsxs
2014-03-14 19:12:38 —-D—- C:\Windows\SYSWOW64\nl-NL
2014-03-14 19:12:38 —-D—- C:\Windows\SysWOW64
2014-03-14 19:12:38 —-D—- C:\Windows\system32\nl-NL
2014-03-14 19:12:38 —-D—- C:\Program Files\Internet Explorer
2014-03-14 19:12:38 —-D—- C:\Program Files (x86)\Internet Explorer
2014-03-14 19:12:37 —-D—- C:\Windows\system32\DriverStore
2014-03-14 19:09:42 —-SHD—- C:\Windows\Installer
2014-03-14 19:07:21 —-A—- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-03-14 19:06:33 —-D—- C:\Windows\system32\catroot
2014-03-14 19:06:20 —-D—- C:\Windows\system32\catroot2
2014-03-14 19:04:43 —-D—- C:\Windows\system32\MRT
2014-03-14 19:03:42 —-SHD—- C:\System Volume Information
2014-03-14 17:19:03 —-D—- C:\Windows
2014-03-14 17:13:43 —-D—- C:\Users\Silver\AppData\Roaming\Skype
2014-03-14 17:13:12 —-D—- C:\ProgramData\Skype
2014-03-14 17:13:11 —-D—- C:\Program Files (x86)\Common Files
2014-03-02 14:05:02 —-A—- C:\Windows\system32\MRT.exe
2014-02-19 17:00:32 —-D—- C:\Users\Silver\AppData\Roaming\vlc
2014-02-19 16:27:45 —-D—- C:\Windows\Tasks
2014-02-19 16:27:45 —-D—- C:\Windows\system32\Tasks
2014-02-19 16:27:39 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-02-03 18:20:26 —-D—- C:\ProgramData\Oracle
2014-02-03 18:20:13 —-D—- C:\Program Files (x86)\Java
2014-02-03 13:20:54 —-N—- C:\Windows\system32\MpSigStub.exe
2014-01-24 14:07:13 —-D—- C:\Windows\Downloaded Program Files
2014-01-23 19:48:24 —-D—- C:\Windows\Prefetch
2014-01-10 17:05:22 —-SD—- C:\Users\Silver\AppData\Roaming\Microsoft
2014-01-08 21:01:46 —-D—- C:\Windows\rescache
2014-01-08 17:29:32 —-D—- C:\Program Files\Windows Media Player
2014-01-08 17:29:32 —-D—- C:\Program Files (x86)\Windows Media Player
2014-01-08 17:26:16 —-D—- C:\Windows\SYSWOW64\en-US
2014-01-08 17:26:16 —-D—- C:\Windows\system32\en-US
2014-01-08 17:26:12 —-SD—- C:\ProgramData\Microsoft
2013-12-18 21:09:39 —-A—- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-12-18 21:04:13 —-A—- C:\Windows\SYSWOW64\javaws.exe
2013-12-18 21:04:09 —-A—- C:\Windows\SYSWOW64\javaw.exe
2013-12-18 21:03:46 —-A—- C:\Windows\SYSWOW64\java.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iaStor.sys
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\drivers\iusb3hcs.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma; C:\Windows\system32\DRIVERS\iusb3hub.sys
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\drivers\iusb3xhc.sys
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\drivers\HECIx64.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y60x64.sys
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
—————–EOF—————–
Ben

14-03-2014 19:50

Hallo,
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
emptyclsid;
torpigcheck;
emptyfolderscheck;delete
C:\Users\Silver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lbngvja.lnk;f
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
Dizciple

14-03-2014 20:10

==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Silver\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\ajvgnbl.cpp deleted
C:\PROGRA~3\lbngvja.zvv deleted
C:\PROGRA~3\lbngvja.fee deleted
C:\Users\Silver\AppData\Local\PutLockerDownloader deleted
C:\END deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
“C:\Users\Silver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lbngvja.lnk” deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8068 MB
CPU Info: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
CPU Speed: 3309,5 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1024 X 768 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GH24NS95
Ports: COM1 LPT1
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 150,0GB | D: 1705,0GB
Hard Disks - Free: C: 118,8GB | D: 1674,0GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 10/23/12 | ALASKA - 1072009
Time Zone: West-Europa (standaardtijd)
Motherboard *: Gigabyte Technology Co., Ltd. B75M-D3V
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 10.0.9200.16844
Adobe Reader version: 10.1.9.22
Sun Java version: 1.7.0_51 (32-bit)
Sun Java version: 1.7.0_21 (64-bit)
Flash Player version: 11.1.102.55
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Silver\AppData\Local\Temp ====
2014-03-14 16:06:13 0CD9C18D97E8E2B1F4B4D76EF1331C04 167433 —-a-w- C:\Users\Silver\AppData\Local\Temp\Low\0990.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-03-14 18:06:14 B8BF98AB4F9408C0C0AC5504E8BF4BBA 523776 —-a-w- C:\Windows\SysWOW64\vbscript.dll
2014-03-14 18:04:18 0F3B6590824D9C61B107A4134BB13A2F 163840 —-a-w- C:\Windows\SysWOW64\msrating.dll
2014-03-14 18:04:18 0CAB066DB859BC54551E94453B963359 391168 —-a-w- C:\Windows\SysWOW64\ieui.dll
2014-03-14 18:04:18 03430E5004CFEBAE4BC8C47A366F869A 2706432 —-a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 18:04:17 BE2E9A1E68FB4EC3603037DEFEE54ACE 109056 —-a-w- C:\Windows\SysWOW64\iesysprep.dll
2014-03-14 18:04:17 ABB14EEA787B326975C53E7ED05B91F6 61440 —-a-w- C:\Windows\SysWOW64\iesetup.dll
2014-03-14 18:04:17 31AA1C6779231BFC6F5D498363DA25F1 71680 —-a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-14 18:04:17 24E07A483C6FA35F91E9D2F84495819E 2049024 —-a-w- C:\Windows\SysWOW64\iertutil.dll
2014-03-14 18:04:17 006345E0F3F4C34CFFDA6CE0DB59E2F6 33280 —-a-w- C:\Windows\SysWOW64\iernonce.dll
2014-03-14 18:04:16 CAF4F8373A49BF979F2F296966E7E2A0 690688 —-a-w- C:\Windows\SysWOW64\jscript.dll
2014-03-14 18:04:16 803063FFA8F118D8F4CB9161F02B7B84 493056 —-a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 18:04:15 D7B1721B587698D495079B28758F13B3 1140736 —-a-w- C:\Windows\SysWOW64\urlmon.dll
2014-03-14 18:04:15 3F2FD720B6C4EF55B25B330808121069 2877952 —-a-w- C:\Windows\SysWOW64\jscript9.dll
2014-03-14 18:04:14 CA0398A7BEB5DB12594EF4ABDB078A5D 39936 —-a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 18:04:14 9284BA6C27D360D71A5C0ECC8456E78E 1767936 —-a-w- C:\Windows\SysWOW64\wininet.dll
2014-03-14 18:04:14 67B5955F5F2F36D58993EB87101B3D2B 13761024 —-a-w- C:\Windows\SysWOW64\ieframe.dll
2014-03-14 18:04:12 9F378D86F983E84A0212678C1D18D7FC 14358016 —-a-w- C:\Windows\SysWOW64\mshtml.dll
2014-03-14 18:03:27 E4561704CBFA193761743E5AF746C669 1237504 —-a-w- C:\Windows\SysWOW64\msxml3.dll
2014-03-14 18:03:27 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 —-a-w- C:\Windows\SysWOW64\wer.dll
2014-03-14 18:03:27 17B06F23237FCD731FA2E10ECD6EDFE1 2048 —-a-w- C:\Windows\SysWOW64\msxml3r.dll
2014-03-14 18:03:24 204882085A7D984D455AA4DE7B7074C6 5694464 —-a-w- C:\Windows\SysWOW64\mstscax.dll
2014-03-14 18:03:23 E01D2AC63453534DB8AD1EA97DEE9C3A 594944 —-a-w- C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-14 18:03:23 BBCE3E9E74C7CEA47FA4115B360AC2C6 423936 —-a-w- C:\Windows\SysWOW64\secproc_isv.dll
2014-03-14 18:03:23 9158DBE2F8483434FC72F320690C9DB8 87040 —-a-w- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-14 18:03:23 7FA485555BF802FE3DB5598004DBDFAC 390144 —-a-w- C:\Windows\SysWOW64\msdrm.dll
2014-03-14 18:03:23 6142C5540C8D2764D59CBC11AF4A5900 572416 —-a-w- C:\Windows\SysWOW64\RMActivate.exe
2014-03-14 18:03:23 58712A48D31B40EBCB35B47205F87771 87040 —-a-w- C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-14 18:03:23 12A9F24DC9F465DA79AC2272D829A81E 428032 —-a-w- C:\Windows\SysWOW64\secproc.dll
2014-03-14 18:03:23 0F5FEF37588AF457E02125674F171A4F 508928 —-a-w- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-14 18:03:23 08D323750350A8A29611D1004C0CF319 510976 —-a-w- C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-14 18:03:19 D96106CF60505734B14F6AE80AAA4B07 1987584 —-a-w- C:\Windows\SysWOW64\d3d10warp.dll
2014-03-14 18:03:18 14800BD31701A5047AC3145BB1E698AE 3419136 —-a-w- C:\Windows\SysWOW64\d2d1.dll
2014-03-14 18:03:15 EA093130471090037BB70A4AF86FAD1B 420008 —-a-w- C:\Windows\SysWOW64\locale.nls
2014-03-14 18:03:14 B0BE998802DEDEE1FD8F5E5F9F207A30 509440 —-a-w- C:\Windows\SysWOW64\qedit.dll
2014-03-14 18:02:36 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 —-a-w- C:\Windows\SysWOW64\WindowsCodecs.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-03-14 18:06:14 3EA9300DB7A2987A755F2EF83598A92D 600064 —-a-w- C:\Windows\Sysnative\vbscript.dll
2014-03-14 18:04:18 E230D5CD7249CF451A9B345A1353C59A 2706432 —-a-w- C:\Windows\Sysnative\mshtml.tlb
2014-03-14 18:04:18 97FE0CAE98FCCAF5BB97681F38A01CEC 197120 —-a-w- C:\Windows\Sysnative\msrating.dll
2014-03-14 18:04:18 2B1CE9F820801E011664FEC664E06983 526336 —-a-w- C:\Windows\Sysnative\ieui.dll
2014-03-14 18:04:17 EB9402ABE2A48993A829964FA55625CC 51712 —-a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-03-14 18:04:17 D12B64D097BF978D52720593D492674D 67072 —-a-w- C:\Windows\Sysnative\iesetup.dll
2014-03-14 18:04:17 A2D58DB0C1C9C0BBCF10F59855D460BD 39936 —-a-w- C:\Windows\Sysnative\iernonce.dll
2014-03-14 18:04:17 8D06EB11925D312D276C672CF5E8EE9C 2648576 —-a-w- C:\Windows\Sysnative\iertutil.dll
2014-03-14 18:04:17 50D39089BDAE2582B227587DA982DDEF 89600 —-a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe
2014-03-14 18:04:17 10322D8C1BC36CA7EAA5C754A54045F8 136704 —-a-w- C:\Windows\Sysnative\iesysprep.dll
2014-03-14 18:04:16 5EA008B3EEEC19ED0AB6A5345C811499 3960320 —-a-w- C:\Windows\Sysnative\jscript9.dll
2014-03-14 18:04:16 3D08744AD10BF721361214D88462F094 855552 —-a-w- C:\Windows\Sysnative\jscript.dll
2014-03-14 18:04:16 2BFCEB6DC571E3277927D2E7C051C922 603136 —-a-w- C:\Windows\Sysnative\msfeeds.dll
2014-03-14 18:04:15 7D3FD710460FC0155C0F6A877AE46A48 1365504 —-a-w- C:\Windows\Sysnative\urlmon.dll
2014-03-14 18:04:14 C8F4FB5B401942E6E25D3D2360B47C86 53760 —-a-w- C:\Windows\Sysnative\jsproxy.dll
2014-03-14 18:04:14 79EDF01FA13D886F8E1B655D542011FB 2241536 —-a-w- C:\Windows\Sysnative\wininet.dll
2014-03-14 18:04:12 EC8AE061C8F2134B9BD89634C156F425 15404032 —-a-w- C:\Windows\Sysnative\ieframe.dll
2014-03-14 18:04:11 87478BFD51053034E45AAB2740285AF1 19273216 —-a-w- C:\Windows\Sysnative\mshtml.dll
2014-03-14 18:03:28 E918C0DE5CF2AE6BEDBF387C09627D93 3156480 —-a-w- C:\Windows\Sysnative\win32k.sys
2014-03-14 18:03:27 CD2C20CC3B385A32701F78C0ACBBE9F3 2048 —-a-w- C:\Windows\Sysnative\msxml3r.dll
2014-03-14 18:03:27 1075AB2C077B415760C0E948856B5126 484864 —-a-w- C:\Windows\Sysnative\wer.dll
2014-03-14 18:03:27 0D298133C359AB8CB9EB4FA178BF3947 1882112 —-a-w- C:\Windows\Sysnative\msxml3.dll
2014-03-14 18:03:25 04F82965C09CBDF646B487E145060301 228864 —-a-w- C:\Windows\Sysnative\wwansvc.dll
2014-03-14 18:03:24 879A3F94118D686E63041A386FE91EBE 6574592 —-a-w- C:\Windows\Sysnative\mstscax.dll
2014-03-14 18:03:23 DC6DD779F35BB42E2E76FDFEC565C251 123392 —-a-w- C:\Windows\Sysnative\secproc_ssp_isv.dll
2014-03-14 18:03:23 C6AC2C91541D24F9E236A670C0CA793D 528384 —-a-w- C:\Windows\Sysnative\msdrm.dll
2014-03-14 18:03:23 B41B1FEDEBBD955B4E25676B42087885 123392 —-a-w- C:\Windows\Sysnative\secproc_ssp.dll
2014-03-14 18:03:23 5693212AB2EBCACBBE05EC3A642113E2 485888 —-a-w- C:\Windows\Sysnative\secproc_isv.dll
2014-03-14 18:03:23 399FC1B75790EE606A6FD9F2FB4C891C 488448 —-a-w- C:\Windows\Sysnative\secproc.dll
2014-03-14 18:03:23 297926B15AE5390409F1007EB28A8EFB 552960 —-a-w- C:\Windows\Sysnative\RMActivate_ssp_isv.exe
2014-03-14 18:03:23 1B3741488AA7E237961A29D1E7A44C0A 626176 —-a-w- C:\Windows\Sysnative\RMActivate.exe
2014-03-14 18:03:23 17CF3B3F68272BD40C878D4DBAB0EBC9 658432 —-a-w- C:\Windows\Sysnative\RMActivate_isv.exe
2014-03-14 18:03:23 03F8F411F118CFDA508E77C747BB05EA 553984 —-a-w- C:\Windows\Sysnative\RMActivate_ssp.exe
2014-03-14 18:03:19 E8710B5DDA963E6BA198DF5FB209E72A 2565120 —-a-w- C:\Windows\Sysnative\d3d10warp.dll
2014-03-14 18:03:18 C676E5EA388AF7C4C031F56F9B42E362 3928064 —-a-w- C:\Windows\Sysnative\d2d1.dll
2014-03-14 18:03:15 EA093130471090037BB70A4AF86FAD1B 420008 —-a-w- C:\Windows\Sysnative\locale.nls
2014-03-14 18:03:14 2C619F6023E3F7A3ABF3475ED2223359 624128 —-a-w- C:\Windows\Sysnative\qedit.dll
2014-03-14 18:02:36 AFCA5C1ECEAF948FC815178BC077680E 1424384 —-a-w- C:\Windows\Sysnative\WindowsCodecs.dll
2014-03-14 17:52:11 CDFF6B12BDD764AFDB4FCCC16008D6A2 2804 —-a-w- C:\Windows\Sysnative\.crusader
====== C:\Windows\Sysnative\drivers =====
2014-03-14 18:25:50 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-03-14 18:03:15 FFA06EF43987ED0DD42AD59B260C0C78 7808 —-a-w- C:\Windows\Sysnative\drivers\usbd.sys
2014-03-14 18:03:15 DD253AFC3BC6CBA412342DE60C3647F3 30720 —-a-w- C:\Windows\Sysnative\drivers\usbuhci.sys
2014-03-14 18:03:15 DCA68B0943D6FA415F0C56C92158A83A 99840 —-a-w- C:\Windows\Sysnative\drivers\usbccgp.sys
2014-03-14 18:03:15 8D1196CFBB223621F2C67D45710F25BA 343040 —-a-w- C:\Windows\Sysnative\drivers\usbhub.sys
2014-03-14 18:03:15 765A92D428A8DB88B960DA5A8D6089DC 25600 —-a-w- C:\Windows\Sysnative\drivers\usbohci.sys
2014-03-14 18:03:15 18A85013A3E0F7E1755365D287443965 53248 —-a-w- C:\Windows\Sysnative\drivers\usbehci.sys
2014-03-14 18:03:15 12FEB33791920678F8433701C822BCFD 325120 —-a-w- C:\Windows\Sysnative\drivers\usbport.sys
2014-03-14 18:03:14 3555BA97171CD153118F73FDCCC8BFDE 376768 —-a-w- C:\Windows\Sysnative\drivers\netio.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-03-14 18:32:53 ——– d—–w- C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-03-14 16:13:11 ——– d—–w- C:\PROGRA~2\COMMON~1\Skype
2014-03-14 16:13:11 ——– d—–r- C:\PROGRA~2\Skype
======= C: =====
====== C:\Users\Silver\AppData\Roaming ======
2014-03-14 18:25:26 ——– d—–w- C:\Users\Silver\AppData\Local\Programs
2014-03-14 16:13:14 ——– d—–w- C:\Users\Silver\AppData\Local\Skype
2014-02-19 16:26:50 ——– d—–w- C:\Users\Silver\AppData\Roaming\Stella
====== C:\Users\Silver ======
2014-03-14 17:45:40 ——– d—–w- C:\ProgramData\HitmanPro
2014-03-14 16:13:11 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
====== C: exe-files ==
2014-03-14 18:32:53 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Silver.exe
2014-03-14 18:04:17 EB9402ABE2A48993A829964FA55625CC 51712 —-a-w- C:\Windows\System32\ie4uinit.exe
2014-03-14 18:04:17 50D39089BDAE2582B227587DA982DDEF 89600 —-a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-03-14 18:04:17 4EC501866D7ED803170F1268A1CAD692 484352 —-a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-03-14 18:04:17 31AA1C6779231BFC6F5D498363DA25F1 71680 —-a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-14 18:04:17 0FF67F61FA609F645E815DB7FC10A255 469504 —-a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-03-14 18:04:16 F71D97B6B631D565AF7C6E0BDF9D49F4 770736 —-a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-03-14 18:04:16 A4916CEE3278F39F606CCA2CAC35CF31 775344 —-a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-03-14 18:03:23 E01D2AC63453534DB8AD1EA97DEE9C3A 594944 —-a-w- C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-14 18:03:23 6142C5540C8D2764D59CBC11AF4A5900 572416 —-a-w- C:\Windows\SysWOW64\RMActivate.exe
2014-03-14 18:03:23 297926B15AE5390409F1007EB28A8EFB 552960 —-a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2014-03-14 18:03:23 1B3741488AA7E237961A29D1E7A44C0A 626176 —-a-w- C:\Windows\System32\RMActivate.exe
2014-03-14 18:03:23 17CF3B3F68272BD40C878D4DBAB0EBC9 658432 —-a-w- C:\Windows\System32\RMActivate_isv.exe
2014-03-14 18:03:23 0F5FEF37588AF457E02125674F171A4F 508928 —-a-w- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-14 18:03:23 08D323750350A8A29611D1004C0CF319 510976 —-a-w- C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-14 18:03:23 03F8F411F118CFDA508E77C747BB05EA 553984 —-a-w- C:\Windows\System32\RMActivate_ssp.exe
=== C: other files ==
2014-03-14 18:25:50 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-14 18:03:28 E918C0DE5CF2AE6BEDBF387C09627D93 3156480 —-a-w- C:\Windows\System32\win32k.sys
2014-03-14 18:03:15 FFA06EF43987ED0DD42AD59B260C0C78 7808 —-a-w- C:\Windows\System32\drivers\usbd.sys
2014-03-14 18:03:15 DD253AFC3BC6CBA412342DE60C3647F3 30720 —-a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-03-14 18:03:15 DCA68B0943D6FA415F0C56C92158A83A 99840 —-a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-03-14 18:03:15 8D1196CFBB223621F2C67D45710F25BA 343040 —-a-w- C:\Windows\System32\drivers\usbhub.sys
2014-03-14 18:03:15 765A92D428A8DB88B960DA5A8D6089DC 25600 —-a-w- C:\Windows\System32\drivers\usbohci.sys
2014-03-14 18:03:15 18A85013A3E0F7E1755365D287443965 53248 —-a-w- C:\Windows\System32\drivers\usbehci.sys
2014-03-14 18:03:15 12FEB33791920678F8433701C822BCFD 325120 —-a-w- C:\Windows\System32\drivers\usbport.sys
2014-03-14 18:03:14 3555BA97171CD153118F73FDCCC8BFDE 376768 —-a-w- C:\Windows\System32\drivers\netio.sys
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“IMSS”=“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
==== Startup Registry Enabled x64 ======================
“RtHDVCpl”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s”
==== Startup Registry Disabled x64 ======================
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Adobe ARM”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“HotKeysCmds”
“hkey”=“HKLM”
“command”=“C:\\Windows\\system32\\hkcmd.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“IAStorIcon”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIconLaunch.exe \”C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe\“ 60”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“IgfxTray”
“hkey”=“HKLM”
“command”=“C:\\Windows\\system32\\igfxtray.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Persistence”
“hkey”=“HKLM”
“command”=“C:\\Windows\\system32\\igfxpers.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“PWRISOVM.EXE”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\PowerISO\\PWRISOVM.EXE -startup”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SunJavaUpdateSched”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\“”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“USB3MON”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Intel\\Intel(R) USB 3.0 eXtensible Host Controller Driver\\Application\\iusb3mon.exe\“”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\CCleanerSkipUAC”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA”
“C:\Windows\SysNative\tasks\{BD6C5BA8-671B-42BF-90BE-2F0350C7DBB1}”
==== Folders in C:\PROGRA~3 0-6 Months Old ======================
2013-09-25 14:34:58 ——– d—–w- C:\PROGRA~3\HP
2013-09-25 14:35:32 ——– d—–w- C:\PROGRA~3\Visan
2013-09-27 12:22:39 ——– d—–w- C:\PROGRA~3\HP Photo Creations
2013-10-17 23:52:16 ——– d—–w- C:\PROGRA~3\Oracle
2014-03-14 17:45:40 ——– d—–w- C:\PROGRA~3\HitmanPro
2014-03-14 18:25:51 ——– d—–w- C:\PROGRA~3\Malwarebytes
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
koalekbhpbggkcfhkkbolikjoaobbppi - C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.startpagina.nl/”
New Values:
“Start Page”=“http://www.startpagina.nl/”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{F251A2A7-87B9-4604-82C5-56DF253B3B47}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
{F251A2A7-87B9-4604-82C5-56DF253B3B47} Google Url=“http://www.google.nl/search?hl=nl&q={searchTerms}”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\koalekbhpbggkcfhkkbolikjoaobbppi deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Silver\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Silver\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=7 folders=5 95530570 bytes)
==== Empty Temp Folders ======================
C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Silver\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Silver\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on vr 14-03-2014 at 20:08:34,89 ======================
Ben

14-03-2014 20:15

Hallo,
Kan je nu weer normaal opstarten?
Dizciple

14-03-2014 20:35

Hey hallo,
Prima tot zover. Lijkt dus opgelost. Taakbeheer kan ook weer normaal opgeroepen worden.
Enige wat ik nu ineens merk, als ik mijn browser afsluit, verschijnt er een aantal seconden een blauw cirkeltje bij mijn cursor, alsof hij iets aan het verwerken is? Zal geen kwaad kunnen? Maar was voorheen nooit, gaat nogal irriteren denk

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Interpol Politie virus

Dizciple

rudi

Dizciple

rudi

Ben

Dizciple

Ben

Dizciple

Ben

Dizciple