Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Fran‡ois on zo 28/08/2016 at 13:20:05,03. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\FRANOI~1\Downloads\zoek.exe [Scan all users] [Deep Scan] ==== Older Logs ====================== C:\zoek-results2016-08-25-141025.log 13131 bytes ==== Running Processes ====================== C:\Program Files (x86)\Avira\Antivirus\sched.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Avira\Antivirus\avguard.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Avira\Antivirus\avgnt.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Users\François\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 1791 MB CPU Info: AMD Athlon(tm) II P320 Dual-Core Processor CPU Speed: 2106.1 MHz Sound Card: Luidsprekers (High Definition A | Display Adapters: ATI Mobility Radeon HD 4250 | ATI Mobility Radeon HD 4250 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Broadcom 802.11n Network Adapter | Broadcom NetLink (TM) Gigabit Ethernet CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW TS-L633C Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 220.1GB | Q: 0.0MB Hard Disks - Free: C: 158.1GB | Q: 0.0MB Manufacturer *: Phoenix Technologies LTD BIOS Info: AT/AT COMPATIBLE | 05/10/10 | ACRSYS - 6040000 Time Zone: Romance (standaardtijd) Motherboard *: Acer Aspire 7551 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Default Browser: Firefox 48.0.1 Internet Explorer Version: 11.0.9600.18426 Mozilla Firefox version: 43.0.4 (x86 nl) Adobe Reader version: 9.2.0.124 Sun Java version: 1.6.0_26 (32-bit) Flash Player version: 22.0.0.209 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\FRANOI~1\AppData\Local\Temp ==== 2016-08-14 15:54:58 8AB8D66D15E9BD87812DA8D2952A4947 438272 ----a-w- C:\Users\FRANOI~1\AppData\Local\Temp\{27EFFEE2-5985-43F1-9D24-DE4F19466374}\setup.exe 2016-08-14 15:53:16 BDEB224D5702EA109836E37092B30E2B 295936 ----a-w- C:\Users\FRANOI~1\AppData\Local\Temp\{00B084D3-E04B-494D-A081-64945E772400}\Launcher.exe 2016-08-14 15:53:16 220C5E4BFDD61E3E2BB6C0F63E3A7B9D 37901224 ----a-w- C:\Users\FRANOI~1\AppData\Local\Temp\{00B084D3-E04B-494D-A081-64945E772400}\MyWinLocker.exe 2016-08-14 15:53:09 F31BFAF4E7F073A32DE7F0B7BCE194D3 14117520 ----a-w- C:\Users\FRANOI~1\AppData\Local\Temp\{00B084D3-E04B-494D-A081-64945E772400}\Shredder.exe 2016-08-14 15:53:05 2A276BA2B7782476302C59D0F760F4BC 117560 ----a-w- C:\Users\FRANOI~1\AppData\Local\Temp\{00B084D3-E04B-494D-A081-64945E772400}\ISBEW64.exe 2016-08-14 15:53:04 F1A2EC57F35EF885500E9B35800231F4 341296 ----a-w- C:\Users\FRANOI~1\AppData\Local\Temp\{00B084D3-E04B-494D-A081-64945E772400}\_isres.dll 2016-08-14 15:53:03 7FAC3EAE4E7CD57A54E9A56B49FE742E 438272 ----a-w- C:\Users\FRANOI~1\AppData\Local\Temp\{00B084D3-E04B-494D-A081-64945E772400}\setup.exe 2016-08-14 15:53:03 0F68D760FB480A1B039CA7D6B877D24C 223024 ----a-w- C:\Users\FRANOI~1\AppData\Local\Temp\{00B084D3-E04B-494D-A081-64945E772400}\ISRT.dll 2016-08-14 15:52:50 B9C0502C8B494E8B527145E86B97E59F 4357053 ----a-w- C:\Users\FRANOI~1\AppData\Local\Temp\{13C21CC1-7093-4F2D-A1F1-BF947E07C782}\ISSetup.dll 2016-08-14 15:52:48 7FAC3EAE4E7CD57A54E9A56B49FE742E 438272 ----a-w- C:\Users\FRANOI~1\AppData\Local\Temp\{13C21CC1-7093-4F2D-A1F1-BF947E07C782}\setup.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2016-08-17 13:53:01 9DE2ECE436DCD0A3237565AC1F66B7B3 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2016-08-17 13:53:02 77F7A37A1AF97A0050448F2A40072A4E 2048 ----a-w- C:\Windows\Sysnative\tzres.dll ====== C:\Windows\Sysnative\drivers ===== 2016-08-11 13:47:44 CFBA6BCBBDC7E33813D92FFB3460FA07 95464 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-08-11 13:47:44 CE66825289EE8326CB52C4E9E785ACB0 154856 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-08-11 13:47:43 B7FADA5E1E55BB63F90EB9F8F016113B 159744 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2016-08-11 13:47:43 34AFF1849B3EC042C40C5EEC9D78562A 291328 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-08-11 13:47:43 058CE7A55E140EB0C72FBA6FD2FA72DE 129536 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys ====== C:\Windows\Tasks ====== 2016-08-15 13:06:13 5898F1BF1B8817FE7F7B90F9A1CEE339 3224 ----a-w- C:\Windows\Sysnative\Tasks\{6E8DCF12-DB01-4798-B6E7-E58BE025F888} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\FRANOI~1\AppData ====== 2016-08-26 16:55:00 -------- d-----w- C:\Users\FRANOI~1\AppData\Local\VirtualStore ====== C:\Users\FRANOI~1 ====== 2016-08-24 15:53:06 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\FRANOI~1\Downloads\RSITx64.exe 2016-08-15 13:21:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstaller 2016-08-15 13:19:49 3CC0ACAB725268F793B5B09B256AD705 2331488 ----a-w- C:\Users\FRANOI~1\Downloads\TotalUninstaller_Setup(3).exe 2016-08-15 13:09:12 3CC0ACAB725268F793B5B09B256AD705 2331488 ----a-w- C:\Users\FRANOI~1\Downloads\TotalUninstaller_Setup(2).exe 2016-08-15 13:03:00 3CC0ACAB725268F793B5B09B256AD705 2331488 ----a-w- C:\Users\FRANOI~1\Downloads\TotalUninstaller_Setup(1).exe 2016-08-15 12:52:20 D194916AC8B400B4876B6DE33654363B 2331512 ----a-w- C:\Users\FRANOI~1\Downloads\TotalUninstaller_Setup.exe ====== C: exe-files == 2016-08-24 15:53:06 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\François\Downloads\RSITx64.exe === C: other files == 2016-08-25 14:11:11 FD99E5BCBDFC93DC8862C5239572F95E 4854 ----a-w- C:\Users\François\AppData\Local\Temp\xpi\tmp.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k" "EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ArcSoft MediaImpression Monitor"="C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe" "ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" "avgnt"="C:\Program Files (x86)\Avira\Antivirus\avgnt.exe /min" "Avira SystrayStartTrigger"="C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "mwlDaemon"="C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" "PLFSetI"="C:\Windows\PLFSetI.exe" "Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/07/2016 17:13] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\WSCStub.exe"] "C:\Windows\SysNative\tasks\{60B51C11-06F3-4731-857C-8CA819403433}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\{C877447D-F503-4A41-ACEC-555F1FFADB2A}" [C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe] "C:\Windows\SysNative\tasks\{CCFE973D-70F4-400F-841D-B68E21592209}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\Norton Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Security\Norton Error Processor" [C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\SysNative\tasks\Remediation\AntimalwareMigrationTask" ["C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe"] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\FRANOI~1\AppData\Roaming\Mozilla\Firefox\Profiles\aoc6d3ex.default user_pref("browser.startup.homepage", "http://www.diygokarts.com/engine/car-starter-motor-conversion.html"); user_pref("browser.search.defaulturl", "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="); user_pref("browser.search.selectedEngine", "Google"); user_pref("keyword.URL", "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon" [12/08/2016 08:36] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon" [12/08/2016 08:36] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Undetermined - %AppDir%\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60} - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx[31/05/2016 10:19] flliilndjeohchalpbbcdekjklbdgfkk - No path found[] iikflkcanblccfahdhdonehdalibjnif - No path found[] ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://be.msn.com/default.aspx?lang=nl-be&ocid=OIE9HP" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKLM\Wow6432Node\SearchScopes "DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" HKLM\Wow6432Node\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKCU\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nl___BE414 HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_nl___BE414 ==== HijackThis Entries ====================== O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\NS.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1220 folders=151 60833697 bytes) ==== After Reboot ====================== ==== EOF on zo 28/08/2016 at 18:21:45,83 ======================