Ga naar inhoud

politievirus

Wimmerd
 Delen

Aanbevolen berichten

Wimmerd Verkenner

Wimmerd

Geplaatst:
Geplaatst:

Hallo,

Zelf heb ik geen last meer gehad van het politievirus, maar een vriend van mij wel. Bij deze heb ik tweemaal een logje van hitmanpro en ook al een hijackthislogje.

Alvast heel blij dat deze service bestaat!!!

HitmanPro 3.7.2.190
[url="http://www.hitmanpro.com"]www.hitmanpro.com[/url]
  Computer name . . . . : DIRKMADDELEIN
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : DirkMaddelein\Dirk Maddelein
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free
  Scan date . . . . . . : 2013-07-17 18:08:34
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 2m 1s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No
  Threats . . . . . . . : 0
  Traces  . . . . . . . : 69
  Objects scanned . . . : 1.440.468
  Files scanned . . . . : 37.257
  Remnants scanned  . . : 319.349 files / 1.083.862 keys
Suspicious files ____________________________________________________________
  C:\Users\Dirk Maddelein\AppData\Roaming\cache.dat
     Size . . . . . . . : 99.328 bytes
     Age  . . . . . . . : 0.2 days (2013-07-17 14:03:17)
     Entropy  . . . . . : 7.1
     SHA-256  . . . . . : 2ED34FE1A4E63CC4994658EFD668FF74A8A4126078D31FF34DCAB37321EA58F4
     Fuzzy  . . . . . . : 58.0
        Substitutes Explorer.exe as the default shell. Malware tends to start this way.
        This file was most recently added as automatic startup.
        The file name extension of this program is not common.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program starts automatically without user intervention.
        Time indicates that the file appeared recently on this computer.
     Startup
        HKU\S-1-5-21-811456756-103072874-835193467-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

Cookies _____________________________________________________________________
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\0KXFYJEM.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\0VEEV83G.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\155I1FG2.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\1E4TGLGJ.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\2CMIJ2IR.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\2OAD43NK.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\2YLVVO3M.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\3DDQYRWF.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\3MB8XKM0.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\3QMYY37J.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\3Y05L3O5.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\4VVTN7TZ.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\5EUW11MP.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\7A6PNZ6S.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\7IWV4ACM.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\90N31D6K.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\91X0TIP8.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\96PHOVVP.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\C0E299IJ.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\CDANQF1E.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\DJSMI2XC.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\DTQKG8UC.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\EMCIED0P.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\EMMSTXPC.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\EMN0RRSH.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\EOPAIQY0.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\EPRRGCAI.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\ETKDXL45.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\G3PNCD44.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\G5WS2LJ4.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\GELXHTR3.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\HDI11ILG.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\HM8SJMJW.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\HQHCDNBL.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\HVJSU0YL.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\I0GAOFCG.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\IBWKVI12.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\IEIL2D2P.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\IVBYFZV3.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\JFANTY9I.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\K1ZUJE4I.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\K3Y70O32.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\KFP6ZSR7.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\KVWG0US0.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\M269JN86.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\MTME2MKF.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\NVEXLR3F.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\O123A3TI.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\O7KLGY89.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\OA00QN6O.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\OT0GMBU5.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\OWEHNJP6.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\P0DBSM0W.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\P8178DB0.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\QB1VKOPM.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\RCJYD2OH.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\RN67FJF6.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\RSZ1JBR6.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\TC237O0V.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\UM9GRNS0.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\W5U8VQ6I.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\WM4YYOZ6.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\WTZE177Q.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\WZ7G71X5.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\X2O2TTBM.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\XL7A1GDZ.txt
  C:\Users\Dirk Maddelein\AppData\Roaming\Microsoft\Windows\Cookies\Y915IRBD.txt

Hier het tweede: 

HitmanPro 3.7.2.190
[url="http://www.hitmanpro.com"]www.hitmanpro.com[/url]
  Computer name . . . . : DIRKMADDELEIN
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : DirkMaddelein\Dirk Maddelein
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free
  Scan date . . . . . . : 2013-07-17 18:15:58
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 1m 51s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No
  Threats . . . . . . . : 0
  Traces  . . . . . . . : 2
  Objects scanned . . . : 1.440.435
  Files scanned . . . . : 37.207
  Remnants scanned  . . : 319.294 files / 1.083.934 keys
Suspicious files ____________________________________________________________
  C:\Users\Dirk Maddelein\AppData\Roaming\cache.dat
     Size . . . . . . . : 99.328 bytes
     Age  . . . . . . . : 0.2 days (2013-07-17 14:03:17)
     Entropy  . . . . . : 7.1
     SHA-256  . . . . . : 2ED34FE1A4E63CC4994658EFD668FF74A8A4126078D31FF34DCAB37321EA58F4
     Fuzzy  . . . . . . : 58.0
        Substitutes Explorer.exe as the default shell. Malware tends to start this way.
        This file was most recently added as automatic startup.
        The file name extension of this program is not common.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program starts automatically without user intervention.
        Time indicates that the file appeared recently on this computer.
     Startup
        HKU\S-1-5-21-811456756-103072874-835193467-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

en als laatste het hijackthislogje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:24:27, on 17/07/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16635)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Users\Dirk Maddelein\Downloads\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Free YouTube Download - C:\Users\Dirk Maddelein\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dirk Maddelein\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10498 bytes

Dank bij voorbaat!

Link naar reactie
Delen op andere sites
juisterr Veteraan

juisterr

Geplaatst:
Geplaatst:

Hallo, netjes al.

Download 51a612a8b27e2-Zoek.pngzoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
    emptyclsid;
firefoxlook; 
Chromelook; 
autoclean; 
iedefaults;


  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Link naar reactie
Delen op andere sites
Wimmerd Verkenner

Wimmerd

Geplaatst:
  • Auteur
Geplaatst:

Hallo,

bij deze je instructies gevolgd en hier is het logje!

Zoek.exe Version 4.0.0.4 Updated 19-July-2013

Tool run by Dirk Maddelein on vr 19/07/2013 at 13:11:42,68.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Dirk Maddelein\Desktop\zoek.exe [script inserted]

==== System Restore Info ======================

19/07/2013 13:12:12 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-811456756-103072874-835193467-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully

HKEY_USERS\S-1-5-21-811456756-103072874-835193467-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4826FBA8-ABA0-4A58-8FC0-66EA1135C1AD} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

"C:\Users\Dirk Maddelein\AppData\Roaming\cache.ini" deleted

"C:\ProgramData\dsgsdgdsgdsgw.pad" deleted

"C:\Windows\syswow64\appdata" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted

"C:\Users\Dirk Maddelein\AppData\Roaming\DVDVideoSoftIEHelpers" deleted

"C:\Users\Dirk Maddelein\AppData\Roaming\OpenCandy" deleted

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{D2FB6696-75DB-4AC9-924F-B9B72A8CBDC3}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{b7fca997-d0fb-4fe0-8afd-255e89cf9671} Yahoo Url="{searchTerms} - Yahoo!-Zoekresultaten"

{D2FB6696-75DB-4AC9-924F-B9B72A8CBDC3} Google Url="{searchTerms} - Google Search?}"

{d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia Url="Zoekresultaten voor "{searchTerms" - Wikipedia}"

{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="{searchTerms | eBay}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Dirk Maddelein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Dirk Maddelein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Dirk Maddelein\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Dirk Maddelein\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\DIRKMA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on vr 19/07/2013 at 13:16:27,93 ======================

Alvast bedankt!

Link naar reactie
Delen op andere sites
juisterr Veteraan

juisterr

Geplaatst:
Geplaatst:

Download 51a5ce45263de-delfix.pngDelfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.