Desktop PC start veel te lang op

Snowi

29-05-2014 16:18

Scandatum: 29-5-2014
Scantijd: 14:56:01
Logbestand: Mbam log 29-05-2014.txt
Beheerder: Ja
Versie: 2.00.2.1012
Malwaredatabase: v2014.05.29.06
Rootkitdatabase: v2014.05.21.01
Licentie: Proef
Malwarebescherming: Ingeschakeld
Kwaadaardige Website Bescherming: Ingeschakeld
Self-protection: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: GRAS
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 250751
Verstreken Tijd: 10 m, 1 s
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristics: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registersleutels: 0
(No malicious items detected)
Registerwaardes: 0
(No malicious items detected)
Registerdata: 0
(No malicious items detected)
Mappen: 0
(No malicious items detected)
Bestanden: 1
PUP.Optional.SuperCool, C:\Users\GRAS\Downloads\AudacitySetup.exe, In Quarantaine, ,
Fysieke Sectoren: 0
(No malicious items detected)
(end)
info.txt logfile of random's system information tool 1.10 2014-05-29 16:06:29
======MBR======
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9AD73E778F00000020210007DF130C000800000020030080DF140C07FEFFFF0028030000D8DE0400FEFFFF07FEFFFF0000E2040088BF0D0000000000000000000000000000000055AA
======Uninstall list======
Adobe Flash Player 13 ActiveX–>C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -maintain activex
Adobe Reader XI (11.0.07) - Nederlands–>MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AB0000000001}
Alps Pointing-device for VAIO–>%ProgramFiles%\Apoint\Uninstap.exe ADDREMOVE
AMD Accelerated Video Transcoding–>MsiExec.exe /X{1F85668C-CEB7-7A2E-356C-C42F950A982C}
AMD APP SDK Runtime–>MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Drag and Drop Transcoding–>MsiExec.exe /X{7FD0FD0D-AC40-A3BF-F2D4-54EFEDB0008F}
AMD Media Foundation Decoders–>MsiExec.exe /X{4161341F-AE84-E404-4291-4E0322CCE809}
Audacity 2.0.5–>“C:\Program Files (x86)\Audacity\unins000.exe”
Bing Bar–>MsiExec.exe /X{449CE12D-E2C7-4B97-B19E-55D163EA9435}
Canon MG5200 series MP Drivers–>“C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series\DelDrv64.exe” /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series /L0x0013
Catalyst Control Center - Branding–>MsiExec.exe /I{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}
CCleaner–>“C:\Program Files\CCleaner\uninst.exe”
CrossLoop 2.82–>“C:\Users\GRAS\AppData\Local\CrossLoop\unins000.exe”
D3DX10–>MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
GemistDownloader–>C:\Program Files (x86)\GemistDownloader\uninst.exe
GET Youtube Downloader Ultimate 7.9.9.0–>“C:\Program Files (x86)\GET Youtube Downloader Ultimate\unins000.exe”
Groovedown–>C:\Users\GRAS\AppData\Roaming\Groovedown_Uninstall\Groovedown_Uninstall.exe
ImgBurn–>“C:\Program Files (x86)\ImgBurn\uninstall.exe”
Java 7 Update 45–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217045FF}
Junk Mail filter update–>MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Malwarebytes Anti-Malware versie 2.0.2.1012–>“C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe”
Maxthon Cloud Browser–>C:\Program Files (x86)\Maxthon\Bin\Mx3Uninstall.exe
Mesh Runtime–>MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion–>MsiExec.exe /I{8142D25E-028A-4563-86ED-5755783C8029}
Microsoft .NET Framework 4.5.1 (NLD)–>MsiExec.exe /X{9EBB0AF2-4AD2-3ABA-95EF-977EBEA1CB09}
Microsoft .NET Framework 4.5.1–>MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}
Microsoft Office 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {26257879-B20D-4D30-A429-B387A4890929}
Microsoft Office 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {26257879-B20D-4D30-A429-B387A4890929}
Microsoft Office 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {26257879-B20D-4D30-A429-B387A4890929}
Microsoft Office 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {26257879-B20D-4D30-A429-B387A4890929}
Microsoft Office 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {26257879-B20D-4D30-A429-B387A4890929}
Microsoft Office 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {26257879-B20D-4D30-A429-B387A4890929}
Microsoft Office 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}
Microsoft Office 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-002A-0413-1000-0000000FF1CE} /uninstall {1D12BC91-360E-424C-97C4-813651313660}
Microsoft Office 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-0044-0413-0000-0000000FF1CE} /uninstall {26257879-B20D-4D30-A429-B387A4890929}
Microsoft Office 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1D12BC91-360E-424C-97C4-813651313660}
Microsoft Office Access MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office File Validation Add-In–>MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007–>MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2007–>MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007–>MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007–>MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}
Microsoft Office Publisher MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Dutch) 2007–>MsiExec.exe /X{90120000-002A-0413-1000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007–>MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2007–>MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft Security Client–>MsiExec.exe /X{BFAE8D5B-F918-486F-B74E-90762DF11C5C}
Microsoft Security Essentials–>“C:\Program Files\Microsoft Security Client\Setup.exe” /x
Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition –>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219–>MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219–>MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
MKV Converter Studio V2.4.8–>“C:\Program Files (x86)\Apowersoft\MKV Converter Studio\unins000.exe”
Mp3Doctor PRO–>“C:\Program Files (x86)\Mp3DoctorPRO\unins000.exe”
MSVCRT_amd64–>MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT–>MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP3 Parser (KB2758694)–>MsiExec.exe /I{1D95BA90-F4F8-47EC-A882-441C99D30C1E}
MSXML 4.0 SP3 Parser–>MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
Nero 8 Lite–>“C:\Program Files (x86)\Nero\unins000.exe”
NVIDIA Drivers–>C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager–>“C:\Program Files (x86)\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe” -runfromtemp -l0x0013 -removeonly
NVIDIA ForceWare Network Access Manager–>“C:\Program Files (x86)\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe” -runfromtemp -l0x0413 -removeonly
NVIDIA ForceWare Network Access Manager–>MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
NVIDIA MediaShield–>“C:\Program Files (x86)\InstallShield Installation Information\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}\setup.exe” -runfromtemp -l0x0013 -removeonly
Photodex Presenter–>C:\Program Files (x86)\Photodex Presenter\remove.exe
ProShow Producer–>C:\Program Files (x86)\Photodex\ProShow Producer\remove.exe
Realtek Card Reader–>“C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe” -runfromtemp -removeonly
Realtek HDMI Audio Driver for ATI–>C:\Program Files\Realtek\Audio\HDA\RtkUpd64.exe -k -m -nrg2709
Realtek High Definition Audio Driver–>C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Remove Empty Directories version 2.2–>“C:\Program Files (x86)\Remove Empty Directories\unins000.exe”
Revo Uninstaller Pro 3.0.5–>“C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe”
Samsung Kies–>“C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe” -runfromtemp -l0x0409 -removeonly
Samsung Kies–>MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A}
SAMSUNG USB Driver for Mobile Phones–>C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B7727B4D-5EA3-4C11-9D30-15E47616DCAF}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EA575F57-C5D1-4B5A-B9F9-F16EEBC6B58C}
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3579CE34-B225-4B19-A3AF-DE5F562A212F}
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {79850906-6D2B-4061-8EAF-EAC84173DEC5}
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition –>msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {02AF2AA9-6FFA-47D7-BDBB-42B3A8AD8616}
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8907F32C-DF89-4C2F-AEDE-0DB4B65451C0}
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {319FC809-3841-4739-A25F-FDBADF073697}
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {32DA925D-8B7D-4298-B893-6291D28CE809}
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B7112510-2575-4BA4-A576-78BF8A6307BC}
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4CCE0378-386F-4DC2-9CC1-A3710C77057D}
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6B4A3804-666A-4DD8-84A7-B97701416784}
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BF5CD3E0-D52B-4561-A4B6-AF8296E0EEA5}
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {36842896-D83B-4C92-8261-6312B7DEB562}
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4C1BE82B-9AC0-4AB9-B76D-5467131955E1}
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {686630EC-8033-4031-85C5-D8E5CD62A958}
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F88656FB-92A1-484E-911E-D259B15CF420}
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition –>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A4EE5251-03F4-47DE-B5BC-713D708902A8}
Skype Web Plugin–>MsiExec.exe /X{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}
Update for 2007 Microsoft Office System (KB967642)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3}
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CB68A5B0-3508-4193-AEB9-AF636DAECE0F}
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition–>msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {CB68A5B0-3508-4193-AEB9-AF636DAECE0F}
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition–>msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {F8564AF8-30AE-4427-ACF3-69714E1BB656}
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {53DEC068-4690-4F6B-9946-7D21EF02236B}
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {2720451F-5D04-43EC-AB1F-26D948FD971B}
Update voor Microsoft Office Excel 2007 Help (KB963678)–>msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {5CF7002F-6F49-4482-9564-5614FBE560FA}
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)–>msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}
Update voor Microsoft Office Word 2007 Help (KB963665)–>msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {A66AE6A1-8D8C-4102-BC18-38CBDE40F809}
VLC media player 2.1.4–>C:\Program Files\VideoLAN\VLC\uninstall.exe
VSO ConvertXToDVD–>“C:\Program Files (x86)\VSO\ConvertX\5\unins000.exe”
Winamp–>“C:\Program Files (x86)\Winamp\UninstWA.exe”
Windows Live Communications Platform–>MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials–>C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials–>MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073}
Windows Live Family Safety–>MsiExec.exe /I{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}
Windows Live Family Safety–>MsiExec.exe /X{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}
Windows Live ID Sign-in Assistant–>MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer–>MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector–>MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}
Windows Live Mail–>MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail–>MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C}
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen–>MsiExec.exe /I{C32CE55C-12BA-4951-8797-0967FDEF556F}
Windows Live Mesh–>MsiExec.exe /I{3F4143A1-9C21-4011-8679-3BC1014C6886}
Windows Live Mesh–>MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core–>MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live MIME IFilter–>MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker–>MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker–>MsiExec.exe /X{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}
Windows Live Photo Common–>MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B}
Windows Live Photo Common–>MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery–>MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery–>MsiExec.exe /X{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}
Windows Live PIMT Platform–>MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources–>MsiExec.exe /I{C9F05151-95A9-4B9B-B534-1760E2D014A5}
Windows Live Remote Client–>MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources–>MsiExec.exe /I{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}
Windows Live Remote Service–>MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions–>MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE–>MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}
Windows Live UX Platform–>MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources–>MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218}
Windows Live Writer–>MsiExec.exe /X{7E017923-16F8-4E32-94EF-0A150BD196FE}
Windows Live Writer–>MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer–>MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
WinRAR 4.20 (64-bit)–>C:\Program Files\WinRAR\uninstall.exe
WinZip 15.0–>MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}
XnView 2.22–>“C:\Program Files (x86)\XnView\unins000.exe”
======Hosts File======
127.0.0.1 support.apowersoft.com
127.0.0.1 www.apowersoft.com
127.0.0.1 apowersoft.com
======System event log======
Computer Name: GRAS-PC
Event Code: 1074
Message: Het proces C:\Windows\system32\msconfig.exe (GRAS-PC) heeft het opnieuw opstarten van computer GRAS-PC namens GRAS-PC\GRAS geïnitialiseerd. Reden: Er is geen titel voor deze reden gevonden
Code: 0x40000
Type afsluiting: opnieuw opstarten
Opmerking:
Record Number: 91413
Source Name: USER32
Time Written: 20140529112948.000000-000
Event Type: Informatie
User: GRAS-PC\GRAS
Computer Name: GRAS-PC
Event Code: 7036
Message: De Software Protection-service heeft nu de status gestopt.
Record Number: 91412
Source Name: Service Control Manager
Time Written: 20140529112840.090800-000
Event Type: Informatie
User:
Computer Name: GRAS-PC
Event Code: 104
Message: Logboekbestand Windows PowerShell is gewist.
Record Number: 91411
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140529112823.367600-000
Event Type: Informatie
User: GRAS-PC\GRAS
Computer Name: GRAS-PC
Event Code: 104
Message: Logboekbestand TuneUp is gewist.
Record Number: 91410
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140529112823.274000-000
Event Type: Informatie
User: GRAS-PC\GRAS
Computer Name: GRAS-PC
Event Code: 104
Message: Logboekbestand System is gewist.
Record Number: 91409
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140529112823.133600-000
Event Type: Informatie
User: GRAS-PC\GRAS
=====Application event log=====
Computer Name: GRAS-PC
Event Code: 1532
Message: De User Profile-service is gestopt.
Record Number: 18074
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20140529112951.886800-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEM
Computer Name: GRAS-PC
Event Code: 6000
Message: De kennisgevingssubscriber van winlogon was niet beschikbaar om een kennisgevingsgebeurtenis te verwerken.
Record Number: 18073
Source Name: Microsoft-Windows-Winlogon
Time Written: 20140529112951.000000-000
Event Type: Informatie
User:
Computer Name: GRAS-PC
Event Code: 6000
Message: De kennisgevingssubscriber van winlogon was niet beschikbaar om een kennisgevingsgebeurtenis te verwerken.
Record Number: 18072
Source Name: Microsoft-Windows-Winlogon
Time Written: 20140529112951.000000-000
Event Type: Informatie
User:
Computer Name: GRAS-PC
Event Code: 9009
Message: Beheer van bureaubladvensters is afgesloten met code 0x40010004
Record Number: 18071
Source Name: Desktop Window Manager
Time Written: 20140529112951.000000-000
Event Type: Informatie
User:
Computer Name: GRAS-PC
Event Code: 903
Message: De Software Protection-service is gestopt.
Record Number: 18070
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20140529112840.000000-000
Event Type: Informatie
User:
=====Security event log=====
Computer Name: GRAS-PC
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-0-0
Accountnaam: -
Accountdomein: -
Aanmeldings-id: 0x0
Aanmeldingstype: 0
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x4
Naam proces:
Netwerkgegevens:
Naam van werkstation: -
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: -
Verificatiepakket: -
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 27611
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140529113045.519600-000
Event Type: Controle geslaagd
User:
Computer Name: GRAS-PC
Event Code: 4608
Message: Windows wordt opgestart.
Deze gebeurtenis wordt in het logboek geregistreerd wanneer LSASS.EXE wordt gestart en het subsysteem voor controle wordt geïnitialiseerd.
Record Number: 27610
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140529113045.519600-000
Event Type: Controle geslaagd
User:
Computer Name: GRAS-PC
Event Code: 4647
Message: De gebruiker heeft een afmelding gestart:
Onderwerp:
Beveiligings-id: S-1-5-21-3963119953-2814531941-214144397-1000
Accountnaam: GRAS
Accountdomein: GRAS-PC
Aanmeldings-id: 0x259de
Deze gebeurtenis wordt gegenereerd wanneer een afmelding wordt gestart. De gebruiker kan verder geen activiteiten starten. Deze gebeurtenis kan worden geïnterpreteerd als een afmeldingsgebeurtenis.
Record Number: 27609
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140529112951.106800-000
Event Type: Controle geslaagd
User:
Computer Name: GRAS-PC
Event Code: 1100
Message: De logboekregistratieservice is afgesloten.
Record Number: 27608
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140529112951.886800-000
Event Type: Controle geslaagd
User:
Computer Name: GRAS-PC
Event Code: 1102
Message: Het controlelogboek is gewist.
Onderwerp:
Beveiligings-id: S-1-5-21-3963119953-2814531941-214144397-1000
Accountnaam: GRAS
Domeinnaam: GRAS-PC
Aanmeldings-id: 0x25971
Record Number: 27607
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140529112822.993200-000
Event Type: Controle geslaagd
User:
======Environment variables======
“ComSpec”=%SystemRoot%\system32\cmd.exe
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“Path”=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\AMD APP\bin\x86_64;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
“PROCESSOR_ARCHITECTURE”=AMD64
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“USERNAME”=SYSTEM
“windir”=%SystemRoot%
“PSModulePath”=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
“NUMBER_OF_PROCESSORS”=4
“PROCESSOR_LEVEL”=6
“PROCESSOR_IDENTIFIER”=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
“PROCESSOR_REVISION”=170a
“AMDAPPSDKROOT”=C:\Program Files (x86)\AMD APP\
—————–EOF—————–
Logfile of random's system information tool 1.10 (written by random/random)
Run by GRAS at 2014-05-29 16:06:24
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 1 GB (3%) free of 40 GB
Total RAM: 4095 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:06:27, on 29-5-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\GRAS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/?ocid=U221DHP&pc=U221
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 6906 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
“C:\Program Files\Microsoft Security Client\MsMpEng.exe”
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“taskhost.exe”
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
“C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe”
“C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe”
“C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
“C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe” /starttray
WLIDSvcM.exe 1936
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Windows\System32\nvraidservice.exe”
“C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe” -s
“C:\Program Files (x86)\Samsung\Kies\Kies.exe” /preload
“C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe”
“C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe”
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM” PriorityLow
“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe” 0
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
“C:\Program Files\Internet Explorer\iexplore.exe”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:2572 CREDAT:267521 /prefetch:2
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe -Embedding
C:\Windows\system32\svchost.exe -k SDRSVC
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:2572 CREDAT:2495755 /prefetch:2
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:2572 CREDAT:1053971 /prefetch:2
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:2572 CREDAT:3478842 /prefetch:2
taskeng.exe {3EF74720-A3BA-4F60-A420-64DFEB31F0BB}
“C:\Users\GRAS\Desktop\RSITx64.exe”
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job - C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe -StartupTask
C:\Windows\tasks\RMSchedule.job - C:\Program Files (x86)\Registry Mechanic\RegMech.exe /F
======Registry dump======
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
“NVRaidService”=C:\Windows\system32\nvraidservice.exe
“MSC”=C:\Program Files\Microsoft Security Client\msseces.exe
“RTHDVCPL”=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
“KiesPreload”=C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe /run:C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe
C:\Users\GRAS\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Winamp\winampa.exe
“KiesTrayAgent”=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“StartCCC”=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
“SSDMonitor”=C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
“SecurityProviders”=credssp.dll
“DisableTaskMgr”=0
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“SoftwareSASGeneration”=3
“NoDrives”=0
“NoDrives”=0
“NoDriveTypeAutoRun”=255
“NoDriveAutoRun”=67108863
“HonorAutorunSetting”=1
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“aux1”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-05-29 16:06:25 —-D—- C:\Program Files\trend micro
2014-05-29 16:06:24 —-D—- C:\rsit
2014-05-29 14:55:15 —-D—- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-29 14:55:15 —-A—- C:\Windows\system32\drivers\mwac.sys
2014-05-29 14:55:15 —-A—- C:\Windows\system32\drivers\mbamchameleon.sys
2014-05-29 14:55:15 —-A—- C:\Windows\system32\drivers\mbam.sys
2014-05-29 13:31:55 —-D—- C:\Users\GRAS\AppData\Roaming\ATI
2014-05-29 13:30:39 —-A—- C:\Windows\system32\FNTCACHE.DAT
2014-05-29 13:30:34 —-A—- C:\Windows\ntbtlog.txt
2014-05-29 11:36:30 —-ASH—- C:\pagefile.sys
2014-05-28 22:43:29 —-D—- C:\Program Files (x86)\Microsoft Security Client
2014-05-28 22:43:22 —-D—- C:\Program Files\Microsoft Security Client
2014-05-23 14:52:45 —-A—- C:\Windows\SYSWOW64\sh4native.exe
2014-05-23 12:47:58 —-D—- C:\Program Files (x86)\Enigma Software Group
2014-05-23 12:43:43 —-D—- C:\ProgramData\WinZip
2014-05-23 12:43:40 —-D—- C:\Program Files (x86)\WinZip
2014-05-23 12:35:14 —-D—- C:\Program Files (x86)\Winamp Detect
2014-05-23 12:23:02 —-D—- C:\Users\GRAS\AppData\Roaming\GlarySoft
2014-05-23 12:23:01 —-D—- C:\Users\GRAS\AppData\Roaming\DiskDefrag
2014-05-19 20:52:25 —-A—- C:\Windows\SYSWOW64\msxml.dll
2014-05-19 20:52:25 —-A—- C:\Windows\system32\CleanMFT64.exe
2014-05-19 20:52:16 —-AD—- C:\ProgramData\TEMP
2014-05-17 19:35:36 —-A—- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-05-17 19:34:37 —-D—- C:\ProgramData\Malwarebytes
2014-05-17 19:34:37 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-17 08:56:22 —-D—- C:\Users\GRAS\AppData\Roaming\Audacity
2014-05-17 08:56:00 —-D—- C:\Program Files (x86)\Audacity
2014-05-14 07:11:32 —-A—- C:\Windows\SYSWOW64\mshtmled.dll
2014-05-14 07:11:32 —-A—- C:\Windows\system32\mshtmled.dll
2014-05-14 07:11:32 —-A—- C:\Windows\system32\mshtml.dll
2014-05-14 07:11:31 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2014-05-14 07:05:57 —-A—- C:\Windows\system32\aepdu.dll
2014-05-14 07:05:57 —-A—- C:\Windows\system32\aeinv.dll
2014-05-14 07:05:42 —-A—- C:\Windows\system32\shell32.dll
2014-05-14 07:05:41 —-A—- C:\Windows\SYSWOW64\shell32.dll
2014-05-14 07:04:28 —-A—- C:\Windows\system32\lsasrv.dll
2014-05-14 07:04:27 —-A—- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-05-14 07:04:27 —-A—- C:\Windows\system32\kerberos.dll
2014-05-14 07:04:26 —-A—- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-05-14 07:04:26 —-A—- C:\Windows\SYSWOW64\kerberos.dll
2014-05-14 07:04:26 —-A—- C:\Windows\system32\winlogon.exe
2014-05-14 07:04:26 —-A—- C:\Windows\system32\msv1_0.dll
2014-05-14 07:04:25 —-A—- C:\Windows\SYSWOW64\msv1_0.dll
2014-05-14 07:04:25 —-A—- C:\Windows\system32\objsel.dll
2014-05-14 07:04:25 —-A—- C:\Windows\system32\ntoskrnl.exe
2014-05-14 07:04:24 —-A—- C:\Windows\SYSWOW64\wdigest.dll
2014-05-14 07:04:24 —-A—- C:\Windows\SYSWOW64\TSpkg.dll
2014-05-14 07:04:24 —-A—- C:\Windows\SYSWOW64\schannel.dll
2014-05-14 07:04:24 —-A—- C:\Windows\SYSWOW64\objsel.dll
2014-05-14 07:04:24 —-A—- C:\Windows\SYSWOW64\KernelBase.dll
2014-05-14 07:04:24 —-A—- C:\Windows\SYSWOW64\dpapiprovider.dll
2014-05-14 07:04:24 —-A—- C:\Windows\SYSWOW64\dimsroam.dll
2014-05-14 07:04:24 —-A—- C:\Windows\SYSWOW64\cngprovider.dll
2014-05-14 07:04:24 —-A—- C:\Windows\SYSWOW64\capiprovider.dll
2014-05-14 07:04:24 —-A—- C:\Windows\SYSWOW64\adprovider.dll
2014-05-14 07:04:24 —-A—- C:\Windows\system32\wdigest.dll
2014-05-14 07:04:24 —-A—- C:\Windows\system32\TSpkg.dll
2014-05-14 07:04:24 —-A—- C:\Windows\system32\schannel.dll
2014-05-14 07:04:24 —-A—- C:\Windows\system32\KernelBase.dll
2014-05-14 07:04:24 —-A—- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-14 07:04:24 —-A—- C:\Windows\system32\dpapiprovider.dll
2014-05-14 07:04:24 —-A—- C:\Windows\system32\dimsroam.dll
2014-05-14 07:04:24 —-A—- C:\Windows\system32\cngprovider.dll
2014-05-14 07:04:24 —-A—- C:\Windows\system32\capiprovider.dll
2014-05-14 07:04:24 —-A—- C:\Windows\system32\adprovider.dll
2014-05-14 07:04:23 —-A—- C:\Windows\SYSWOW64\wincredprovider.dll
2014-05-14 07:04:23 —-A—- C:\Windows\SYSWOW64\sspicli.dll
2014-05-14 07:04:23 —-A—- C:\Windows\SYSWOW64\secur32.dll
2014-05-14 07:04:23 —-A—- C:\Windows\SYSWOW64\credssp.dll
2014-05-14 07:04:23 —-A—- C:\Windows\system32\wincredprovider.dll
2014-05-14 07:04:23 —-A—- C:\Windows\system32\sspisrv.dll
2014-05-14 07:04:23 —-A—- C:\Windows\system32\sspicli.dll
2014-05-14 07:04:23 —-A—- C:\Windows\system32\secur32.dll
2014-05-14 07:04:23 —-A—- C:\Windows\system32\lsass.exe
2014-05-14 07:04:23 —-A—- C:\Windows\system32\drivers\ksecdd.sys
2014-05-14 07:04:23 —-A—- C:\Windows\system32\credssp.dll
2014-05-12 18:09:25 —-A—- C:\Windows\system32\WdfCoInstaller01009.dll
2014-05-12 18:09:21 —-D—- C:\ProgramData\BDLogging
2014-05-12 18:09:15 —-A—- C:\Windows\SYSWOW64\bdsandboxuiskin32.dll
2014-05-12 18:09:15 —-A—- C:\Windows\capicom.dll
2014-05-12 18:06:01 —-A—- C:\Windows\system32\bdsandboxuiskin32.dll
2014-05-12 18:06:01 —-A—- C:\Windows\system32\BDSandBoxUISkin.dll
2014-05-12 18:06:01 —-A—- C:\Windows\system32\BDSandBoxUH.dll
2014-05-12 18:05:57 —-D—- C:\Program Files\Bitdefender
2014-05-12 18:05:36 —-D—- C:\Program Files\Common Files\Bitdefender
2014-05-11 17:08:47 —-D—- C:\Program Files (x86)\SkypeWebPlugin
2014-05-11 10:41:12 —-D—- C:\Users\GRAS\AppData\Roaming\mozilla
2014-05-10 11:20:15 —-A—- C:\Windows\system32\drivers\wStLibG64.sys
2014-05-10 10:50:06 —-A—- C:\prefs.js
2014-05-10 01:19:07 —-D—- C:\Users\GRAS\AppData\Roaming\driver
2014-05-09 11:32:05 —-D—- C:\Windows\Minidump
2014-05-06 00:31:24 —-A—- C:\AVScanner.ini
2014-05-01 13:07:34 —-D—- C:\Users\GRAS\AppData\Roaming\GemistDownloader
2014-05-01 13:07:33 —-D—- C:\Program Files (x86)\GemistDownloader
2014-05-01 10:54:23 —-A—- C:\Windows\SYSWOW64\sqlite3.dll
======List of files/folders modified in the last 1 month======
2014-05-29 16:06:27 —-D—- C:\Windows\Prefetch
2014-05-29 16:06:25 —-D—- C:\Program Files
2014-05-29 16:03:52 —-D—- C:\Windows\temp
2014-05-29 15:23:58 —-D—- C:\Windows\system32\config
2014-05-29 15:08:55 —-D—- C:\Windows
2014-05-29 15:08:53 —-D—- C:\Windows\system32\drivers
2014-05-29 15:08:53 —-D—- C:\Windows\Cursors
2014-05-29 14:55:15 —-RD—- C:\Program Files (x86)
2014-05-29 13:34:01 —-D—- C:\AdwCleaner
2014-05-29 13:30:39 —-D—- C:\Windows\System32
2014-05-29 13:09:28 —-SHD—- C:\System Volume Information
2014-05-29 13:09:22 —-SHD—- C:\Windows\Installer
2014-05-29 13:09:22 —-SD—- C:\Users\GRAS\AppData\Roaming\Microsoft
2014-05-29 13:09:22 —-D—- C:\Windows\system32\Tasks
2014-05-29 13:09:21 —-D—- C:\sh4ldr
2014-05-29 13:07:30 —-D—- C:\Windows\Tasks
2014-05-29 12:38:27 —-D—- C:\Windows\SoftwareDistribution
2014-05-28 23:59:39 —-D—- C:\Windows\system32\LogFiles
2014-05-28 23:59:24 —-D—- C:\Windows\inf
2014-05-28 23:54:39 —-D—- C:\Users\GRAS\AppData\Roaming\vlc
2014-05-28 23:54:39 —-D—- C:\Users\GRAS\AppData\Roaming\uTorrent
2014-05-28 23:54:36 —-D—- C:\Users\GRAS\AppData\Roaming\ImgBurn
2014-05-28 23:54:35 —-D—- C:\Users\GRAS\AppData\Roaming\dvdcss
2014-05-28 23:54:35 —-D—- C:\Users\GRAS\AppData\Roaming\AVG
2014-05-28 23:54:34 —-D—- C:\Users\GRAS\AppData\Roaming\Adobe
2014-05-28 23:48:14 —-D—- C:\ProgramData
2014-05-28 23:30:58 —-D—- C:\Windows\system32\catroot
2014-05-28 23:30:21 —-D—- C:\Program Files\Internet Explorer
2014-05-28 22:25:10 —-D—- C:\Windows\system32\drivers\etc
2014-05-26 13:24:17 —-D—- C:\ProgramData\VSO
2014-05-26 10:01:04 —-D—- C:\Windows\SysWOW64
2014-05-24 22:39:51 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-05-23 16:19:48 —-D—- C:\Windows\system32\catroot2
2014-05-23 13:32:27 —-D—- C:\Users\GRAS\AppData\Roaming\Winamp
2014-05-23 13:30:42 —-D—- C:\Program Files (x86)\Common Files
2014-05-23 12:38:04 —-D—- C:\Program Files (x86)\XnView
2014-05-23 12:35:20 —-D—- C:\Program Files (x86)\Winamp
2014-05-23 12:31:27 —-D—- C:\Program Files\CCleaner
2014-05-23 11:18:26 —-D—- C:\Users\GRAS\AppData\Roaming\XnView
2014-05-23 11:18:26 —-D—- C:\Program Files (x86)\HiJackThis
2014-05-23 00:21:51 —-D—- C:\Users\GRAS\AppData\Roaming\Macromedia
2014-05-19 20:59:09 —-D—- C:\Windows\Downloaded Program Files
2014-05-19 11:17:56 —-D—- C:\Program Files (x86)\NeoSmart Technologies
2014-05-18 16:26:43 —-D—- C:\Program Files (x86)\Mp3DoctorPRO
2014-05-18 10:12:49 —-D—- C:\Program Files (x86)\Google
2014-05-18 09:08:16 —-D—- C:\Windows\Vss
2014-05-15 13:21:22 —-D—- C:\Windows\Microsoft.NET
2014-05-15 08:59:03 —-RSD—- C:\Windows\assembly
2014-05-15 07:30:11 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-05-14 07:21:24 —-D—- C:\Windows\winsxs
2014-05-14 07:16:59 —-SD—- C:\Windows\system32\CompatTel
2014-05-14 07:16:58 —-D—- C:\Windows\system32\nl-NL
2014-05-14 07:16:58 —-D—- C:\Windows\PolicyDefinitions
2014-05-14 07:10:43 —-D—- C:\Windows\system32\MRT
2014-05-14 07:08:41 —-A—- C:\Windows\system32\MRT.exe
2014-05-14 07:08:15 —-D—- C:\ProgramData\Microsoft Help
2014-05-12 18:09:40 —-D—- C:\Windows\system32\DriverStore
2014-05-12 18:08:56 —-D—- C:\Program Files\Common Files\Microsoft Shared
2014-05-12 18:05:36 —-D—- C:\Program Files\Common Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 nvrd64;NVIDIA nForce RAID Driver; C:\Windows\system32\DRIVERS\nvrd64.sys
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys
R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6264.sys
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys
S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
S3 NVENETFD;NVIDIA nForce-netwerkcontroller; C:\Windows\system32\DRIVERS\nvm62x64.sys
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe
S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 CrossLoopService;CrossLoop Service; C:\Users\GRAS\AppData\Local\CrossLoop\CrossLoopService.exe
S4 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
S4 ScsiAccess;ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
—————–EOF—————–
Groetjes
Ben

29-05-2014 16:23

Hallo,
Wat heb jij van Bitdefender?
Heb jij je pc kast wel eens stof vrij gemaakt?
Snowi

29-05-2014 17:25

Ik had een virusscanner van Bitdefender maar ik was niet tevreden ermee, dus heb ik het verwijderd en Essentials van Microsoft geinstalleerd.
Er zou dan niets meer van Bitdefender op mijn pc mogen staan. Er was vorige maand een neef van mij op vakantie in Nederland. Deze neef is een uitgezonden computer Programmeur en woont nu in Brazilië, dus weet er alles van. Hij heeft de pc helemaal schoongemaakt en de processor eruit gehaald en opnieuw ingevet. Het heeft zoals je ziet een grote beurt gekregen. Ik heb de kast net voor de zekerheid open gemaakt maar hij is nog helemaal schoon.
Groetejes
Ben

29-05-2014 19:02

Hallo,
>>>de processor eruit gehaald en opnieuw ingevet.<<<
Dan hoop ik dat dat goed is gegaan, want er hoort koelpasta onder.
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
torpigcheck;
emptyfolderscheck;delete
chromelook;
C:\Program Files\Bitdefender ;fs
C:\Program Files\Common Files\Bitdefender;fs
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
Snowi

29-05-2014 22:52

Hij heeft koelpasta er onder gedaan.
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by GRAS on do 29-05-2014 at 22:22:46,74.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\GRAS\Desktop\zoek.exe
==== System Restore Info ======================
29-5-2014 22:24:03 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Empty Folders Check ======================
C:\PROGRA~2\AVG deleted successfully
C:\PROGRA~2\Enigma Software Group deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\NeoSmart Technologies deleted successfully
C:\Program Files\Bitdefender deleted successfully
C:\Program Files\Easeware deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\Users\GRAS\AppData\Roaming\GlarySoft deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3963119953-2814531941-214144397-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C45E578F-4D8B-4112-AA05-143D8947845E} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Users\GRAS\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Program Files\Bitdefender not found
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\Program Files\Common Files\Bitdefender deleted
C:\found.000 deleted
C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job deleted
C:\prefs.js deleted
C:\Windows\Syswow64\RegistryHelperLM.ocx deleted
“C:\Users\GRAS\AppData\Roaming\driver\driver.html” deleted
“C:\Users\GRAS\AppData\Roaming\driver” deleted
==== System Specs ======================
Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4096 MB
CPU Info: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
CPU Speed: 2501,4 MHz
Sound Card: Luidsprekers (Realtek High Defi |
Realtek Digital Output (Realtek |
Display Adapters: ATI Radeon HD 4300/4500 Series | ATI Radeon HD 4300/4500 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: NVIDIA nForce 10/100/1000 Mbps Ethernet
CD / DVD Drives: 1x (F: | ) F: HL-DT-STDVDRAM GH40F
Ports: COM1 LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C: 39,0GB | D: 100,0MB | E: 110,0GB
Hard Disks - Free: C: 4,7GB | D: 80,2MB | E: 16,8GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 09/11/08 | ACRSYS - 20080911
Time Zone: West-Europa (standaardtijd)
Motherboard *: ACER MCP73PV
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Maxthon Cloud Browser 4, 4, 0, 4000
Internet Explorer Version: 11.0.9600.17107
Adobe Reader version: 11.0.07.79
Sun Java version: 1.7.0_45 (32-bit)
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-05-12 16:09:15 9130CCE19B5DB3D2E31F9F789263FC4A 511328 —-a-w- C:\Windows\capicom.dll
====== C:\Users\GRAS\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-05-23 12:52:45 A09B87198FFB8075358AB1466E5C7E29 14232 —-a-w- C:\Windows\SysWOW64\sh4native.exe
2014-05-19 18:52:25 ECC0B4DC8D1B15DA901EBA5F09CA5037 880640 —-a-w- C:\Windows\SysWOW64\UniBox10.ocx
2014-05-19 18:52:25 AD0EAC85ABC25B2E3C81C3AD41C10C42 1101824 —-a-w- C:\Windows\SysWOW64\UniBox210.ocx
2014-05-19 18:52:25 5D2A12A554889B7378977B229B11130E 212992 —-a-w- C:\Windows\SysWOW64\UniBoxVB12.ocx
2014-05-19 18:52:25 41919DDFE4B63E280B9626979660609F 506368 —-a-w- C:\Windows\SysWOW64\msxml.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-05-29 11:30:39 934CC8CFE00978CE938A67A63984C984 415344 —-a-w- C:\Windows\Sysnative\FNTCACHE.DAT
2014-05-21 06:43:31 34136F7DA6D0301C88217774950AFEFB 1652 —-a-w- C:\Windows\Sysnative\ASOROSet.bin
2014-05-19 18:52:25 D760B9C4474EDABDCCD412C370DA0954 40408 —-a-w- C:\Windows\Sysnative\CleanMFT64.exe
====== C:\Windows\Sysnative\drivers =====
2014-05-29 12:55:15 F92B0E478C0FAA6D6661E6E977247E60 25816 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-05-29 12:55:15 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 —-a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-05-29 12:55:15 15E8ABC06843672955CE26A009533BAD 63704 —-a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-05-17 17:35:36 8A50D5304E6AE48664CF5838EC32F647 122584 —-a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-05-14 05:04:24 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 —-a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-05-14 05:04:23 353009DEDF918B2A51414F330CF72DEC 95680 —-a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2014-05-12 16:09:29 D41D8CD98F00B204E9800998ECF8427E 0 —ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_avchv_01009.Wdf
2014-05-10 09:20:15 73AF960847F6F4F8EEB253D9063788EA 61112 —-a-w- C:\Windows\Sysnative\drivers\wStLibG64.sys
====== C:\Windows\Tasks ======
2014-05-19 18:53:43 BD09D0453F7D10BFB546471696A8B628 2838 —-a-w- C:\Windows\Sysnative\Tasks\RMSchedule
2014-05-19 18:53:43 335A36C2E85BB90A20470DCC7B987EAB 264 —-a-w- C:\Windows\Tasks\RMSchedule.job
2014-05-19 18:52:45 1B952859C691D4CA62B1469B2B650547 3566 ——w- C:\Windows\Sysnative\Tasks\RMSmartUpdate
2014-05-01 08:30:04 ——– d—–w- C:\Windows\Sysnative\Tasks\NCH Software
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-05-29 14:06:25 ——– d—–w- C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-05-23 10:43:40 ——– d—–w- C:\PROGRA~2\WinZip
2014-05-23 10:35:14 ——– d—–w- C:\PROGRA~2\Winamp Detect
2014-05-19 18:52:17 ——– d—–w- C:\PROGRA~2\COMMON~1\PC Tools
2014-05-17 06:56:00 ——– d—–w- C:\PROGRA~2\Audacity
2014-05-14 05:07:36 ——– d—–w- C:\PROGRA~2\COMMON~1\DESIGNER
2014-05-12 16:05:35 ——– d—–w- C:\PROGRA~2\COMMON~1\Bitdefender
2014-05-11 15:08:47 ——– d—–w- C:\PROGRA~2\SkypeWebPlugin
2014-05-01 11:07:33 ——– d—–w- C:\PROGRA~2\GemistDownloader
======= C: =====
2014-05-23 12:50:33 B4386AD84933486019C3EECD8F65BE05 183 —-a-w- C:\spyhunter.fix
2014-05-05 22:31:24 D46D074B8BF3F42AB0820C49AD760823 426 —-a-w- C:\AVScanner.ini
====== C:\Users\GRAS\AppData\Roaming ======
2014-05-29 13:07:47 0A5C0CE2246ECFCF1DC018D691FAC6FE 228904 —-a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2014-05-29 12:54:58 ——– d—–w- C:\Users\GRAS\AppData\Local\Programs
2014-05-29 11:31:55 ——– d—–w- C:\Users\GRAS\AppData\Roaming\ATI
2014-05-29 11:31:11 4AC0818F177197B448BD15AF70016FA4 109296 —-a-w- C:\Users\GRAS\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-23 10:44:06 ——– d—–w- C:\Users\GRAS\AppData\Local\WinZip
2014-05-23 10:35:14 ——– d—–w- C:\Users\GRAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
2014-05-23 10:23:01 ——– d—–w- C:\Users\GRAS\AppData\Roaming\DiskDefrag
2014-05-22 07:31:04 ——– d—–w- C:\Users\GRAS\AppData\Local\Temp
2014-05-19 19:54:35 407AAB8C27CF7081EECE071C90A65B83 17 —-a-w- C:\Users\GRAS\AppData\Local\resmon.resmoncfg
2014-05-17 06:56:22 ——– d—–w- C:\Users\GRAS\AppData\Roaming\Audacity
2014-05-12 16:10:28 ——– d—–w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Bitdefender
2014-05-12 16:10:00 ——– d—–w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\QuickScan
2014-05-11 15:09:23 ——– d—–w- C:\Users\GRAS\AppData\Local\SkypeWebPlugin
2014-05-11 08:41:12 ——– d—–w- C:\Users\GRAS\AppData\Roaming\mozilla
2014-05-01 11:07:34 ——– d—–w- C:\Users\GRAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GemistDownloader
2014-05-01 11:07:34 ——– d—–w- C:\Users\GRAS\AppData\Roaming\GemistDownloader
====== C:\Users\GRAS ======
2014-05-29 14:03:51 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 —-a-w- C:\Users\GRAS\Desktop\RSITx64.exe
2014-05-29 12:54:46 E90BF9E1562F40140161573B79CD5720 17292760 —-a-w- C:\Users\GRAS\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-28 21:29:49 635C92EC6453843DD5B75F3D7C5DF8F9 61203080 —-a-w- C:\Users\GRAS\Desktop\EIE11_NL-NL_MSE_WIN764.EXE
2014-05-28 20:42:34 31BF4892327DA51363D73953ACF8C0C0 13845688 —-a-w- C:\Users\GRAS\Desktop\mseinstall.exe
2014-05-28 20:30:30 58D1BA11E81997A1B9B33505E967527E 251603 —-a-w- C:\ProgramData\1401308938.bdinstall.bin
2014-05-23 10:43:52 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-23 10:43:43 ——– d—–w- C:\ProgramData\WinZip
2014-05-23 10:33:38 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2014-05-19 18:52:16 ——– d—a-w- C:\ProgramData\TEMP
2014-05-19 09:47:20 5272726DBB7A409A2F4E55356E335128 1328723 —-a-w- C:\Users\GRAS\Desktop\AdwCleaner.exe
2014-05-12 16:24:45 498BB5D224BA6CF4DD549204531C016F 1346216 —-a-w- C:\ProgramData\1399910740.bdinstall.bin
2014-05-01 08:29:31 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Related Programs
2014-04-30 07:41:01 ——– d—–r- C:\Windows\SysNative\config\systemprofile\Searches
====== C: exe-files ==
2014-05-29 14:06:25 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\GRAS.exe
2014-05-29 14:03:51 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 —-a-w- C:\Users\GRAS\Desktop\RSITx64.exe
2014-05-29 12:54:46 E90BF9E1562F40140161573B79CD5720 17292760 —-a-w- C:\Users\GRAS\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-28 21:29:49 635C92EC6453843DD5B75F3D7C5DF8F9 61203080 —-a-w- C:\Users\GRAS\Desktop\EIE11_NL-NL_MSE_WIN764.EXE
2014-05-28 20:42:34 31BF4892327DA51363D73953ACF8C0C0 13845688 —-a-w- C:\Users\GRAS\Desktop\mseinstall.exe
2014-05-23 12:52:45 A09B87198FFB8075358AB1466E5C7E29 14232 —-a-w- C:\Windows\SysWOW64\sh4native.exe
=== C: other files ==
2014-05-29 15:22:11 4BDDFD58B4AFC3CD44C6849CE42B7123 373 —-a-w- C:\Users\GRAS\AppData\Roaming\Maxthon3\Temp\ueip\ueipdata.zip
2014-05-29 12:55:15 F92B0E478C0FAA6D6661E6E977247E60 25816 —-a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-29 12:55:15 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 —-a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-29 12:55:15 15E8ABC06843672955CE26A009533BAD 63704 —-a-w- C:\Windows\System32\drivers\mwac.sys
==== Startup Registry Enabled ======================
“KiesPreload”=“C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload”
“KiesTrayAgent”=“C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“StartCCC”=“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun”
“SSDMonitor”=“C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe”
“KiesPreload”=“C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload”
==== Startup Registry Enabled x64 ======================
“NVRaidService”=“C:\Windows\system32\nvraidservice.exe”
“MSC”=“C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“RTHDVCPL”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s”
==== Startup Registry Disabled ======================
“Adobe ARM”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“SunJavaUpdateSched”=“\”C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\“”
==== Startup Registry Disabled x64 ======================
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Driver Genius”
“hkey”=“HKLM”
“command”=“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“InstallerLauncher”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Common Files\\Bitdefender\\SetupInformation\\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\\setuplauncher.exe\“ /run:\”C:\\Program Files\\Common Files\\Bitdefender\\SetupInformation\\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\\Installer.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“uTorrent”
“hkey”=“HKCU”
“command”=“\”C:\\Users\\GRAS\\AppData\\Roaming\\uTorrent\\uTorrent.exe\“ /MINIMIZED”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“WinampAgent”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Winamp\\winampa.exe\“”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\RMSchedule.job –a—— C:\Program Files (x86)\Registry Mechanic\RegMech.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma”
“C:\Windows\SysNative\tasks\CCleanerSkipUAC”
“C:\Windows\SysNative\tasks\CreateChoiceProcessTask”
“C:\Windows\SysNative\tasks\Java Update Scheduler”
“C:\Windows\SysNative\tasks\Maxthon Update”
“C:\Windows\SysNative\tasks\RMSchedule”
“C:\Windows\SysNative\tasks\RMSmartUpdate”
“C:\Windows\SysNative\tasks\User_Feed_Synchronization-{BF018469-72BB-4507-AB12-272403A0059D}”
==== Folders in C:\PROGRA~3 0-6 Months Old ======================
2013-12-01 11:52:46 ——– d—–w- C:\PROGRA~3\Microsoft Help
2013-12-02 06:18:25 ——– d–h–w- C:\PROGRA~3\CanonBJ
2013-12-10 06:32:35 ——– d—–w- C:\PROGRA~3\VS Revo Group
2013-12-25 10:07:08 ——– d—–w- C:\PROGRA~3\VSO
2013-12-27 11:48:17 ——– d—–w- C:\PROGRA~3\Sun
2014-01-03 08:41:10 ——– d–h–w- C:\PROGRA~3\Common Files
2014-01-03 08:41:38 ——– d—–w- C:\PROGRA~3\AVG
2014-01-20 20:29:17 ——– d—–w- C:\PROGRA~3\Nero
2014-01-25 09:13:10 ——– d—–w- C:\PROGRA~3\vsosdk
2014-02-07 13:44:54 ——– d—–w- C:\PROGRA~3\Samsung
2014-02-12 20:22:09 ——– d—–w- C:\PROGRA~3\Photodex
2014-05-12 16:09:21 ——– d—–w- C:\PROGRA~3\BDLogging
2014-05-17 17:34:37 ——– d—–w- C:\PROGRA~3\Malwarebytes
2014-05-19 18:52:16 ——– d—a-w- C:\PROGRA~3\TEMP
2014-05-23 10:43:43 ——– d—–w- C:\PROGRA~3\WinZip
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://nl.msn.com/?ocid=U221DHP&pc=U221”
New Values:
“Start Page”=“http://nl.msn.com/?ocid=U221DHP&pc=U221”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{33336D7E-3A18-4025-96D5-AA7DE405D0A2}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url=“Not_Found”
{33336D7E-3A18-4025-96D5-AA7DE405D0A2} Bing Url=“http://www.bing.com/search?FORM=U221DF&PC=U221&q={searchTerms}&src=IE-SearchBox”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3963119953-2814531941-214144397-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallerLauncher deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GRAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GRAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\GRAS\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GRAS\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=31 folders=13 5283203 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\GRAS\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\GRAS\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on do 29-05-2014 at 22:45:16,93 ======================
Groetjes
Ben

30-05-2014 10:20

Hallo,
Voer zoek.exe nogmaals uit met de volgende code;
;r
C:\PROGRA~2\COMMON~1\Bitdefender;fs
C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Bitdefender;fs
Plaats het verkregen logje.
Vertel er ook bij hoe het hierna gaat?
Snowi

30-05-2014 10:33

Goedemorgen
De pc start goed door.
De harde schijf is na helemaal opgestart te zijn, zeker zo'n 11 minuut bezig maar ik kan nu tijdens het bezig zijn van de harde schijf gewoon de programma's opstarten, wat eerst niet lukte.
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by GRAS on vr 30-05-2014 at 10:23:06,21.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\GRAS\Desktop\zoek.exe
==== Older Logs ======================
C:\zoek-results2014-05-29-204516.log 26383 bytes
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
==== Deleting Files \ Folders ======================
C:\PROGRA~2\COMMON~1\Bitdefender deleted
C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Bitdefender deleted
==== C:\zoek_backup content ======================
C:\zoek_backup (files=182 folders=19 10768624 bytes)
==== EOF on vr 30-05-2014 at 10:27:16,73 ======================
Groetjes
Ben

30-05-2014 10:40

Hallo,
Doe het volgende;
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Remove disinfection tools
Purge System Restore
Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.
Download CCleaner naar het bureaublad.
Installeer CCleaner en start CCleaner op.
Klik in de linkse kolom op Cleaner.
Klik achtereenvolgens op Analyseren en Opschonen.
Klik vervolgens in de linkse kolom op Register en klik op Scan naar problemen.
Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK.
Dan krijg je de vraag om een back-up te maken, klik op JA. en kies dan Herstel alle geselecteerde fouten.
Klik in de meest linkse kolom op Gereedschap en vervolgens klik je op Opstarten
Nu klik je rechtsonder in het programmavenster op Opslaan als tekstbestand en selecteer een locatie voor het opslaan van het tekstbestand.
Plaats de inhoud van dit tekstbestand in je volgende bericht.
Sluit hierna CCleaner af.
Snowi

30-05-2014 11:16

Ja HKCU:Run KiesPreload Samsung C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
Nee HKCU:Run uTorrent BitTorrent Inc. “C:\Users\GRAS\AppData\Roaming\uTorrent\uTorrent.exe” /MINIMIZED
Ja HKLM:Run Adobe ARM Adobe Systems Incorporated “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
Nee HKLM:Run Driver Genius
Ja HKLM:Run KiesTrayAgent Samsung Electronics Co., Ltd. C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
Ja HKLM:Run MSC Microsoft Corporation “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
Ja HKLM:Run NVRaidService NVIDIA Corporation C:\Windows\system32\nvraidservice.exe
Ja HKLM:Run RTHDVCPL Realtek Semiconductor “C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe” -s
Ja HKLM:Run SSDMonitor PC Tools C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
Ja HKLM:Run StartCCC Advanced Micro Devices, Inc. “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
Nee HKLM:Run WinampAgent Nullsoft, Inc. “C:\Program Files (x86)\Winamp\winampa.exe”
Groetjes
Ben

30-05-2014 11:30

Hallo,
Zet alles eens uit behalve deze:
Ja HKLM:Run MSC Microsoft Corporation “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
Ja HKLM:Run NVRaidService NVIDIA Corporation C:\Windows\system32\nvraidservice.exe
Ja HKLM:Run RTHDVCPL Realtek Semiconductor “C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe” -s
Vertel hoe het hierna gaat?

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Desktop PC start veel te lang op

Snowi

Ben

Snowi

Ben

Snowi

Ben

Snowi

Ben

Snowi

Ben