kobus1234

Ja HKCU:Run Google Update Google Inc. "C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" /c Ja HKCU:Run IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} Nero AG "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 Ja HKCU:Run OfficeSyncProcess Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" Ja HKCU:Run SkyDrive Microsoft Corporation "C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background Nee HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun Ja HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Ja HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" Ja HKLM:Run avgnt Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min Ja HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices Nee HKLM:Run EgisTecPMMUpdate Egis Technology Inc. "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" Nee HKLM:Run EgisUpdate Egis Technology Inc. "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d Ja HKLM:Run Logitech Download Assistant Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch Ja HKLM:Run NBKeyScan Nero AG "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" Nee HKLM:Run Norton Online Backup Symantec Corporation C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe Nee HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s Ja HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" Ja HKLM:Run Zune Launcher Microsoft Corporation "C:\Program Files\Zune\ZuneLauncher.exe" Nee Startup User Cheetah Sync.lnk C:\Users\Gebruiker\AppData\Roaming\Microsoft\Installer\{0600EEDA-11EA-4588-81F3-8F1D89FC83DE}\_57396F6D95A618E977BED0.exe Ja Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe Ja Startup User EvernoteClipper.lnk Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041 C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe Nee Startup User PdaNet Desktop.lnk June Fabrics Technology Inc. C:\PROGRA~2\PDANET~1\PdaNetPC.exe

http://speccy.piriform.com/results/Gb2FEI6zvzRIYm65zyqHRGI

Hallo het programma wat je opgeeft wil niet installeren geeft steeds een fout code

opstarten duurt 105 sec. afsluiten duurt 55 sec

Hallo, hij is beter geworden. Zal nog wel overbodige bestanden moeten verwijderen. Bedankt voor de snelle hulp:-)

Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Databaseversie: v2014.01.21.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Gebruiker :: LAPTOP [administrator] Bescherming: Ingeschakeld 21.jan.2014 19:43:16 mbam-log-2014-01-21 (19-43-16).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 300153 Verstreken tijd: 11 minuut/minuten, 43 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)

# AdwCleaner v3.017 - Report created 21/01/2014 at 19:22:16 # Updated 12/01/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Gebruiker - LAPTOP # Running from : C:\Users\Gebruiker\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\NCH Software Folder Deleted : C:\Program Files (x86)\NCH Software Folder Deleted : C:\Users\Gebruiker\AppData\Roaming\NCH Software File Deleted : C:\Windows\System32\Tasks\NCH Software ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2481029 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mwsnap_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mwsnap_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_calibre_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_calibre_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_duplicate-photo-finder_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_duplicate-photo-finder_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_nitro-pdf-reader_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_nitro-pdf-reader_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7854F00C-DC77-477E-A10E-603F48442D3B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\NCH Software Key Deleted : HKCU\Software\Orbit Key Deleted : HKCU\Software\ParetoLogic Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\SpeedyPC Software Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\YourFileDownloader Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2 Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\iLividSRTB Key Deleted : HKLM\Software\NCH Software Key Deleted : HKLM\Software\Orbit Key Deleted : HKLM\Software\ParetoLogic Key Deleted : HKLM\Software\SpeedyPC Software Key Deleted : HKLM\Software\Uniblue Key Deleted : HKLM\Software\YourFileDownloader Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar Key Deleted : [x64] HKLM\SOFTWARE\ParetoLogic ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v [ File : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [8118 octets] - [21/01/2014 19:18:42] AdwCleaner[s0].txt - [7632 octets] - [21/01/2014 19:22:16] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7692 octets] ##########

sorry voor het late bericht, was met vakantie, Zoek.exe v5.0.0.0 Updated 20-Januari-2014 Tool run by Gebruiker on 20.jan.2014 at 23:37:54,54. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 20.jan.2014 23:40:01 Zoek.exe System Restore Point Created Succesfully. ==== Creating Sample__0002.zip ====================== Process iexplore.exe killed Copied file C:\Users\Gebruiker\ace_upgrade.exe to sample\ace_upgrade.exe Copied file C:\Users\Gebruiker\devcon.exe to sample\devcon.exe Copied file C:\Users\Gebruiker\drvInst64.exe to sample\drvInst64.exe Copied file C:\Users\Gebruiker\farexec-service.exe to sample\farexec-service.exe Copied file C:\Users\Gebruiker\hqtray.exe to sample\hqtray.exe Copied file C:\Users\Gebruiker\vixDiskMountServer.exe to sample\vixDiskMountServer.exe Copied file C:\Users\Gebruiker\vmnat.exe to sample\vmnat.exe Copied file C:\Users\Gebruiker\vmnetcfg.exe to sample\vmnetcfg.exe Copied file C:\Users\Gebruiker\VMnetDHCP.exe to sample\VMnetDHCP.exe Copied file C:\Users\Gebruiker\vmplayer-service.exe to sample\vmplayer-service.exe Copied file C:\Users\Gebruiker\vmplayer.exe to sample\vmplayer.exe Copied file C:\Users\Gebruiker\vmrun.exe to sample\vmrun.exe Copied file C:\Users\Gebruiker\vmss2core.exe to sample\vmss2core.exe Copied file C:\Users\Gebruiker\vmUpdateLauncher.exe to sample\vmUpdateLauncher.exe Copied file C:\Users\Gebruiker\vmware-fullscreen.exe to sample\vmware-fullscreen.exe Copied file C:\Users\Gebruiker\vmware-remotemks.exe to sample\vmware-remotemks.exe Copied file C:\Users\Gebruiker\vmware-tray.exe to sample\vmware-tray.exe Copied file C:\Users\Gebruiker\vmware-unity-helper.exe to sample\vmware-unity-helper.exe Copied file C:\Users\Gebruiker\vmware-usbarbitrator.exe to sample\vmware-usbarbitrator.exe Copied file C:\Users\Gebruiker\vmware-vdiskmanager.exe to sample\vmware-vdiskmanager.exe Copied file C:\Users\Gebruiker\vmware-vmx-debug.exe to sample\vmware-vmx-debug.exe Copied file C:\Users\Gebruiker\vmware-vmx-stats.exe to sample\vmware-vmx-stats.exe Copied file C:\Users\Gebruiker\vmware-vmx.exe to sample\vmware-vmx.exe Copied file C:\Users\Gebruiker\vmware.exe to sample\vmware.exe Copied file C:\Users\Gebruiker\vnetlib.exe to sample\vnetlib.exe Copied file C:\Users\Gebruiker\vnetsniffer.exe to sample\vnetsniffer.exe Copied file C:\Users\Gebruiker\vnetstats.exe to sample\vnetstats.exe Copied file C:\Users\Gebruiker\vprintproxy.exe to sample\vprintproxy.exe Copied file C:\Users\Gebruiker\vssSnapVista64.exe to sample\vssSnapVista64.exe Copied file C:\Users\Gebruiker\WiFiManager_v57_Trial.exe to sample\WiFiManager_v57_Trial.exe sample\ace_upgrade.exe renamed to 4B3236757B6575389FC878437097FE92 sample\devcon.exe renamed to C4B470269324517EE838789C7CF5E606 sample\drvInst64.exe renamed to D0294F6379C9DC389B0B4C6489120186 sample\farexec-service.exe renamed to A29F11EB292D64BA177DB04E79780A15 sample\hqtray.exe renamed to 724F35F60C3892075B6EDB25035BB69E sample\vixDiskMountServer.exe renamed to 2722CF6ADC27F27098AC093E1F107D60 sample\vmnat.exe renamed to 94108996405446AE95F56606FD702A43 sample\vmnetcfg.exe renamed to DE780DEF07AB6883C6594E8D0FFCB73D sample\VMnetDHCP.exe renamed to 8BB18290BAA79BFB99475223E0585CA5 sample\vmplayer-service.exe renamed to 23D721B762B33C7AA1903D2777822D75 sample\vmplayer.exe renamed to 0CF91CB088F5DEBC3FEC2AF695B346D5 sample\vmrun.exe renamed to 1FDB50DDD6FC97629B62A9B2D078819A sample\vmss2core.exe renamed to D30D9AB44DBB1CE15410CD6EDF795FCE sample\vmUpdateLauncher.exe renamed to FA4BB04A80D1511FF745EA73D2FB0E43 sample\vmware-fullscreen.exe renamed to 67F742FB140D175B36FE5CA9C8AEAA2C sample\vmware-remotemks.exe renamed to EC6A9AE095B54422C5373172800F3BB6 sample\vmware-tray.exe renamed to DC9A2FAC79856FDB980FC28EB4D7C196 sample\vmware-unity-helper.exe renamed to F16C849AE1D6B51F96CFD81BB4ED03D2 sample\vmware-usbarbitrator.exe renamed to 26BD025B6D74D1C345D13FF9C509E893 sample\vmware-vdiskmanager.exe renamed to 1FD5F772C734EE104293EDD3D5593571 sample\vmware-vmx-debug.exe renamed to 045D66BD13D817BE16A01DC12D7F7911 sample\vmware-vmx-stats.exe renamed to FF12EB363FC6CFB265EBA328E4064568 sample\vmware-vmx.exe renamed to C5F6EAA7B28FD1C2458281FE62B05DD9 sample\vmware.exe renamed to C0DBA32D028ECF9946522E97E7F5AF8F sample\vnetlib.exe renamed to 1A2B40BC2F2C9F4784C69380E89E649F sample\vnetsniffer.exe renamed to 8B71A19A7DFFAA83444D39BBFE025731 sample\vnetstats.exe renamed to BED228A9773117E2EAEECBDA8510E6BA sample\vprintproxy.exe renamed to 660D83773A992812B2988102C8911E30 sample\vssSnapVista64.exe renamed to 53EDAD6E3E5CDC0D859C92846E79CEFA sample\WiFiManager_v57_Trial.exe renamed to CAFC0298A8D6F36AA8739B5611DCDCF4 C:\Users\Public\Desktop\sample__0002.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A2D5EBA-F86D-4BD3-A177-019765996711} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A2D5EBA-F86D-4BD3-A177-019765996711} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3D8F9775-0397-41A7-873A-D4E7DF977B61} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{783B5826-A51A-49A4-A2CA-7FBDF981C402} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EA1BE7FA-498E-4E43-93C1-D48A9804EA3A} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38542454-DFB6-44F5-B052-D4E071A3D073} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{38542454-DFB6-44F5-B052-D4E071A3D073} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46735DEE-F862-49D1-876D-6382794DC625} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46735DEE-F862-49D1-876D-6382794DC625} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3A2D5EBA-F86D-4BD3-A177-019765996711} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{38542454-DFB6-44F5-B052-D4E071A3D073} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46735DEE-F862-49D1-876D-6382794DC625} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9427041A-A8DC-4D06-9A68-93873486E957} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0734D757-FEA6-4637-A7E4-2BD40A7FD8DA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{25A3A431-30BB-47C8-AD6A-E1063801134F} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ROC_JAN2013_TB"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\AVG Secure Search not found C:\PROGRA~2\GUTBD56.tmp deleted C:\PROGRA~2\GUTCC.tmp deleted C:\PROGRA~2\GUMBB.tmp deleted C:\PROGRA~2\GUMBD55.tmp deleted C:\PROGRA~2\Shareaza deleted C:\PROGRA~2\ParetoLogic deleted C:\PROGRA~2\SopCast deleted C:\PROGRA~2\Vuze deleted C:\PROGRA~2\Conduit deleted C:\Users\Gebruiker\AppData\Roaming\Uniblue deleted C:\Users\Gebruiker\AppData\Roaming\PCCUStubInstaller deleted C:\Users\Gebruiker\AppData\Roaming\SpeedyPC Software deleted C:\Users\Gebruiker\AppData\Roaming\ParetoLogic deleted C:\Users\Gebruiker\AppData\Roaming\DriverCure deleted C:\Users\Gebruiker\AppData\Roaming\pdfforge deleted C:\Users\Gebruiker\AppData\Roaming\YourFileDownloader deleted C:\Users\Gebruiker\acronis_api_vs.dll deleted C:\Users\Gebruiker\dbghelp.dll deleted C:\Users\Gebruiker\deployPkg.dll deleted C:\Users\Gebruiker\elevated.dll deleted C:\Users\Gebruiker\gdiplus.dll deleted C:\Users\Gebruiker\glib-2.0.dll deleted C:\Users\Gebruiker\gmodule-2.0.dll deleted C:\Users\Gebruiker\gobject-2.0.dll deleted C:\Users\Gebruiker\gthread-2.0.dll deleted C:\Users\Gebruiker\gvmomi.dll deleted C:\Users\Gebruiker\iconv.dll deleted C:\Users\Gebruiker\intl.dll deleted C:\Users\Gebruiker\libeay32.dll deleted C:\Users\Gebruiker\libeaynf32.dll deleted C:\Users\Gebruiker\msvcp71.dll deleted C:\Users\Gebruiker\msvcr71.dll deleted C:\Users\Gebruiker\p2vJobManager.dll deleted C:\Users\Gebruiker\p2vSupport.dll deleted C:\Users\Gebruiker\p2vXML.dll deleted C:\Users\Gebruiker\pixops.dll deleted C:\Users\Gebruiker\pkgGen.dll deleted C:\Users\Gebruiker\sbimageapi.dll deleted C:\Users\Gebruiker\ssleay32.dll deleted C:\Users\Gebruiker\ssleaynf32.dll deleted C:\Users\Gebruiker\sysimgbase.dll deleted C:\Users\Gebruiker\tibdll.dll deleted C:\Users\Gebruiker\TPClnRDP.dll deleted C:\Users\Gebruiker\TPClnt.dll deleted C:\Users\Gebruiker\TPClntloc.dll deleted C:\Users\Gebruiker\TPClnVM.dll deleted C:\Users\Gebruiker\TPView.dll deleted C:\Users\Gebruiker\types.dll deleted C:\Users\Gebruiker\ufa-agent.dll deleted C:\Users\Gebruiker\ufa-client.dll deleted C:\Users\Gebruiker\ufa-common.dll deleted C:\Users\Gebruiker\ufa-slave.dll deleted C:\Users\Gebruiker\ufa-sysMigration.dll deleted C:\Users\Gebruiker\ufa-sysReconfig.dll deleted C:\Users\Gebruiker\ufa-types.dll deleted C:\Users\Gebruiker\ufa-vmImporter.dll deleted C:\Users\Gebruiker\ufa-vmsvc.dll deleted C:\Users\Gebruiker\V2iDiskLib.dll deleted C:\Users\Gebruiker\vixDiskMountApi.dll deleted C:\Users\Gebruiker\vmacore.dll deleted C:\Users\Gebruiker\vmauthd.dll deleted C:\Users\Gebruiker\vmcryptolib.dll deleted C:\Users\Gebruiker\vmdbCOM.dll deleted C:\Users\Gebruiker\vmeventmsg.dll deleted C:\Users\Gebruiker\vmnc.dll deleted C:\Users\Gebruiker\vmnetmgr.dll deleted C:\Users\Gebruiker\vmomi.dll deleted C:\Users\Gebruiker\vmPerfmon.dll deleted C:\Users\Gebruiker\vmwarestring.dll deleted C:\Users\Gebruiker\vnetinst.dll deleted C:\Users\Gebruiker\vnetlib.dll deleted C:\Users\Gebruiker\vsocklib.dll deleted C:\Users\Gebruiker\vssSnap2003.dll deleted C:\Users\Gebruiker\vssSnapVista64.dll deleted C:\Users\Gebruiker\vssSnapXP.dll deleted C:\Users\Gebruiker\zlib1.dll deleted C:\Users\Gebruiker\vm-support.vbs deleted C:\Users\Gebruiker\Uninstall.bat deleted C:\Users\Gebruiker\????.bat deleted C:\ProgramData\Ask deleted C:\ProgramData\SpeedyPC Software deleted C:\ProgramData\Partner deleted C:\ProgramData\boost_interprocess deleted C:\ProgramData\OberonGameConsole deleted C:\ProgramData\ParetoLogic deleted C:\ProgramData\Babylon deleted C:\Users\Gebruiker\AppData\Local\Ilivid Player deleted C:\Users\Gebruiker\AppData\Local\OpenCandy deleted C:\Users\Gebruiker\AppData\Local\Vuze_Remote deleted C:\Users\Gebruiker\AppData\Local\PackageAware deleted C:\Users\Gebruiker\AppData\Local\Conduit deleted C:\Users\Gebruiker\AppData\Local\ConduitEngine deleted C:\Windows\SysNative\roboot64.exe deleted C:\windows\SysNative\Tasks\Your File Updater deleted C:\Users\Gebruiker\AppData\LocalLow\ShoppingReport2 deleted C:\Users\Gebruiker\AppData\LocalLow\Search.com deleted C:\Users\Gebruiker\AppData\LocalLow\PriceGong deleted C:\Users\Gebruiker\AppData\LocalLow\Conduit deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\Windows\wininit.ini deleted C:\windows\SysNative\tasks\RunAsStdUser Task deleted C:\windows\SysNative\tasks\YourFile Update deleted C:\user.js deleted C:\Windows\Syswow64\ConduitEngine.tmp deleted C:\Users\Gebruiker\ace_upgrade.exe deleted C:\Users\Gebruiker\devcon.exe deleted C:\Users\Gebruiker\drvInst64.exe deleted C:\Users\Gebruiker\farexec-service.exe deleted C:\Users\Gebruiker\hqtray.exe deleted C:\Users\Gebruiker\vixDiskMountServer.exe deleted C:\Users\Gebruiker\vmnat.exe deleted C:\Users\Gebruiker\vmnetcfg.exe deleted C:\Users\Gebruiker\VMnetDHCP.exe deleted C:\Users\Gebruiker\vmplayer-service.exe deleted C:\Users\Gebruiker\vmplayer.exe deleted C:\Users\Gebruiker\vmrun.exe deleted C:\Users\Gebruiker\vmss2core.exe deleted C:\Users\Gebruiker\vmUpdateLauncher.exe deleted C:\Users\Gebruiker\vmware-fullscreen.exe deleted C:\Users\Gebruiker\vmware-remotemks.exe deleted C:\Users\Gebruiker\vmware-tray.exe deleted C:\Users\Gebruiker\vmware-unity-helper.exe deleted C:\Users\Gebruiker\vmware-usbarbitrator.exe deleted C:\Users\Gebruiker\vmware-vdiskmanager.exe deleted C:\Users\Gebruiker\vmware-vmx-debug.exe deleted C:\Users\Gebruiker\vmware-vmx-stats.exe deleted C:\Users\Gebruiker\vmware-vmx.exe deleted C:\Users\Gebruiker\vmware.exe deleted C:\Users\Gebruiker\vnetlib.exe deleted C:\Users\Gebruiker\vnetsniffer.exe deleted C:\Users\Gebruiker\vnetstats.exe deleted C:\Users\Gebruiker\vprintproxy.exe deleted C:\Users\Gebruiker\vssSnapVista64.exe deleted C:\Users\Gebruiker\WiFiManager_v57_Trial.exe deleted "C:\Users\Gebruiker\AppData\Roaming\Ikahom\urli.aba" deleted "C:\Users\Gebruiker\AppData\Roaming\Ikahom\urli.tmp" deleted "C:\Program Files (x86)\PDF Architect\ConversionService.exe" deleted "C:\Program Files (x86)\PDF Architect\HelperService.exe" deleted "C:\Program Files (x86)\PDF Architect\libcurl.dll" deleted "C:\Program Files (x86)\PDF Architect\libeay32.dll" deleted "C:\Program Files (x86)\PDF Architect\ssleay32.dll" deleted "C:\Program Files (x86)\PDF Architect\addin\OutlookPlugIn.dll" deleted "C:\Users\Gebruiker\AppData\Roaming\Ehhao" deleted "C:\Users\Gebruiker\AppData\Roaming\eSobi" deleted "C:\Users\Gebruiker\AppData\Roaming\Ikahom" deleted "C:\Users\Gebruiker\AppData\Roaming\GrabPro" deleted "C:\Users\Gebruiker\AppData\Roaming\Samsung" deleted "C:\Program Files (x86)\PDF Architect" not deleted "C:\Program Files (x86)\PDF Architect\addin" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-01-06 19:39:17 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Gebruiker\AppData\Roaming ====== 2014-01-09 21:10:01 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup ====== C:\Users\Gebruiker ====== ====== C: exe-files == 2014-01-20 22:18:20 1D0A1FF655C6CF2EA2DE4FB6AA8246AD 9046696 ----a-w- C:\Users\Gebruiker\AppData\Local\Google\Update\Install\{91FB59CE-2E8C-41E6-AAC1-42FAFF3DC080}\32.0.1700.76_31.0.1650.63_chrome_updater.exe 2014-01-20 22:18:19 1D0A1FF655C6CF2EA2DE4FB6AA8246AD 9046696 ----a-w- C:\Users\Gebruiker\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.76\32.0.1700.76_31.0.1650.63_chrome_updater.exe === C: other files == 2014-01-20 23:03:49 B43541A28B404524A90C7469D3F1F2A4 25604220 ----a-w- C:\Users\Public\Desktop\sample__0002.zip 2014-01-20 22:30:34 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Users\Gebruiker\AppData\Local\temp\scripttest.vbs ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "SkyDrive"="C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" "Google Update"="C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe /c" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google+ Auto Backup"="C:\Users\Gebruiker\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBKeyScan"="C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "SkyDrive"="C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" "Google Update"="C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe /c" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google+ Auto Backup"="C:\Users\Gebruiker\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecPMMUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Norton Online Backup" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zune Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Zune Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Cheetah Sync.lnk] "path"="C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Cheetah Sync.lnk" "backup"="C:\\Windows\\pss\\Cheetah Sync.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Installer\\{0600EEDA-11EA-4588-81F3-8F1D89FC83DE}\\_57396F6D95A618E977BED0.exe " "item"="Cheetah Sync" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk] "path"="C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\PdaNet Desktop.lnk" "backup"="C:\\Windows\\pss\\PdaNet Desktop.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\PDANET~1\\PdaNetPC.exe " "item"="PdaNet Desktop" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McAfee SiteAdvisor Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McComponentHostService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McMPFSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\mcmscsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McNaiAnn] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McNASvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McODS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McProxy] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\mfefire] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MSK80Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] ==== Startup Folders ====================== 2012-05-07 21:36:36 1055 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2012-08-09 18:34:49 1172 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk 2012-07-15 20:00:42 1158 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10.dec.2013 23:38] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05.feb.2011 22:52] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3528590432-565519147-809439562-1000Core.job --a------ C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [01.jul.2012 19:18] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3528590432-565519147-809439562-1000UA.job --a------ C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [01.jul.2012 19:18] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3528590432-565519147-809439562-1000Core" [C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3528590432-565519147-809439562-1000UA" [C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\KMS Activation for Office" [C:\Windows\KMSAct.exe] "C:\Windows\SysNative\tasks\Start Registry Reviver" [C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe] "C:\Windows\SysNative\tasks\{4660C249-A739-4BCF-8F75-38A1FA3990BD}" [C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe] "C:\Windows\SysNative\tasks\{52E5F115-352C-46C7-9C56-97E65F599ED5}" ["c:\program files (x86)\internet explorer\iexplore.exe" Downloading] "C:\Windows\SysNative\tasks\{976BC566-765C-484C-99C1-E06A40919F83}" [C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe] "C:\Windows\SysNative\tasks\{9D6C12D4-8FE2-4075-8700-C10E8EB6BB4C}" [C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe] "C:\Windows\SysNative\tasks\{A29D45E0-6FA8-4736-A42B-4EBEF89AAFF4}" [C:\Program Files (x86)\JRT Studio\Cheetah Sync\CheetahSync.exe] "C:\Windows\SysNative\tasks\{CCB6EA6B-2D5B-40DD-905B-4E3D1125BA4B}" [C:\Program Files (x86)\JRT Studio\Cheetah Sync\CheetahSync.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[] Box - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl Gantter for Google Drive - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo Cloud File Picker - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpeiggegnjmcinljkdmjglpjopdjihff Quick Note - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" "Search Page"="Google" "Search Bar"="Upgrade to Google Chrome" "Default_Search_URL"="Upgrade to Google Chrome" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="Upgrade to Google Chrome" "Default_Search_URL"="Upgrade to Google Chrome" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="Bing" "Search Bar"="Bing" "Default_Search_URL"="Bing" "Start Page"="Google" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="Bing" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{8B26BEAF-B2B9-4043-B54B-5888D50086E1}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {8B26BEAF-B2B9-4043-B54B-5888D50086E1} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADFA_nl" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1044 folders=141 395277558 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfully C:\Users\BB443B11-7D12-450c-9F85-2D32804655F9\AppData\Local\Temp emptied successfully C:\Users\Classic .NET AppPool\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully C:\Users\Public\AppData\Local\Temp emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\PDF Architect" not found ==== EOF on 21.jan.2014 at 0:27:58,79 ======================

Logfile of random's system information tool 1.09 (written by random/random) Run by Administrator at 2014-01-06 20:39:15 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 105 GB (47%) free of 225 GB Total RAM: 1978 MB (38% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:39:27, on 6-1-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\trend micro\Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoek 08:02:50&v=11.0.0.9&sap=hp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101127192654.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup O4 - HKCU\..\Run: [ROC_JAN2013_TB] "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB O4 - HKUS\S-1-5-21-3528590432-565519147-809439562-1000\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" (User 'Gebruiker') O4 - HKUS\S-1-5-21-3528590432-565519147-809439562-1000\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'Gebruiker') O4 - HKUS\S-1-5-21-3528590432-565519147-809439562-1000\..\Run: [skyDrive] "C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background (User 'Gebruiker') O4 - HKUS\S-1-5-21-3528590432-565519147-809439562-1000\..\Run: [Google Update] "C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Gebruiker') O4 - HKUS\S-1-5-21-3528590432-565519147-809439562-1000\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Gebruiker') O4 - HKUS\S-1-5-21-3528590432-565519147-809439562-1000\..\Run: [Google+ Auto Backup] "C:\Users\Gebruiker\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart (User 'Gebruiker') O4 - S-1-5-21-3528590432-565519147-809439562-1000 Startup: Dropbox.lnk = Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Gebruiker') O4 - S-1-5-21-3528590432-565519147-809439562-1000 Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (User 'Gebruiker') O4 - S-1-5-21-3528590432-565519147-809439562-1000 Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (User 'Gebruiker') O4 - S-1-5-21-3528590432-565519147-809439562-1000 User Startup: Dropbox.lnk = Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Gebruiker') O4 - S-1-5-21-3528590432-565519147-809439562-1000 User Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (User 'Gebruiker') O4 - S-1-5-21-3528590432-565519147-809439562-1000 User Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (User 'Gebruiker') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab O16 - DPF: {63428D84-81E6-4C11-B2F1-2F9ED15E3F2F} (Ashampoo Online Virus Scanner) - http://virusscan.ashampoo.com/ashampoo_webscan.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{83E2870F-CA42-4317-8F59-3283DB41DAA1}: NameServer = 192.168.29.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\HelperService.exe O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\ConversionService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 16242 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "c:\Program Files\Microsoft Security Client\MsMpEng.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe 3265200 \??\C:\Windows\system32\conhost.exe "-29785505011808497149493405411610651079-484200455-4506110981687559427-1420361933 C:\Windows\System32\spoolsv.exe taskeng.exe {AE81CF4B-8011-4744-AB65-930D4E4BBF31} "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" C:\Windows\system32\svchost.exe -k apphost "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Program Files\Bonjour\mDNSResponder.exe" "C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe" service "C:\Program Files (x86)\Launch Manager\dsiwmis.exe" "C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe" "C:\Program Files (x86)\Acer\Registration\GREGsvc.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" "c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS "C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe" "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe" "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe" "C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000778 "C:\Program Files (x86)\PDF Architect\HelperService.exe" "C:\Program Files (x86)\PDF Architect\ConversionService.exe" C:\Windows\SysWOW64\IoctlSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files\Acer\Acer Updater\UpdaterService.exe" C:\Windows\system32\svchost.exe -k iissvcs "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 2156 C:\Windows\system32\DllHost.exe /Processid:{48DA6741-1BF0-4A44-8325-293086C79077} "c:\Program Files\Microsoft Security Client\NisSrv.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-246fc112-f57b-4b04-8603-a92074ecb367 -SystemEventPortName:HostProcess-467f88ed-aa3b-4e6e-be13-b5731b60e613 -IoCancelEventPortName:HostProcess-3fbff629-e0b9-4c33-9601-5a0c00891700 -NonStateChangingEventPortName:HostProcess-1ca4eee0-7b09-4257-b6d3-89d8d584b1f5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b8c78fc2-dc84-4d4f-9bad-14bd31f5c6be -DeviceGroupId:WpdFsGroup "taskhost.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Program Files\Zune\ZuneLauncher.exe" "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "C:\Users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" "C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe" "C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" C:\Windows\system32\svchost.exe -k WindowsMobile "C:\Program Files\Windows Media Player\wmpnetwk.exe" "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "taskhost.exe" %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 winlogon.exe "C:\Windows\system32\Dwm.exe" "taskhost.exe" C:\Windows\Explorer.EXE "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "taskhost.exe" "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Program Files\Zune\ZuneLauncher.exe" "C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\sppsvc.exe "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5188 CREDAT:209921 /prefetch:2 "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3528590432-565519147-809439562-50016_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3528590432-565519147-809439562-50016 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1" "C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516 "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5188 CREDAT:603164 /prefetch:2 "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JMSHERY\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3528590432-565519147-809439562-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3528590432-565519147-809439562-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101127192654.dll [2010-10-13 78968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-06 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}] PDF Architect Helper - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2012-11-22 91784] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-03 461216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101127192654.dll [2010-10-13 73288] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-06 194640] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-03 170912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - !{98889811-442D-49dd-99D7-DC866BE87DBC} {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-06 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] !{98889811-442D-49dd-99D7-DC866BE87DBC} {25A3A431-30BB-47C8-AD6A-E1063801134F} - PDF Architect Toolbar - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2012-11-22 731784] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-06 194640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912] "Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 163552] "Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun [] "Registry Cleaner Scheduler"=C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe [2012-05-12 1403640] "ROC_JAN2013_TB"=C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe /PROMPT /CMPID=JAN2013_TB [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-03-11 407920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-03-11 201584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-06 11057768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13 17418928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 163552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Cheetah Sync.lnk] C:\Users\Gebruiker\AppData\Roaming\Microsoft\Installer\{0600EEDA-11EA-4588-81F3-8F1D89FC83DE}\_57396F6D95A618E977BED0.exe [2012-05-06 292326] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk] C:\PROGRA~2\PDANET~1\PdaNetPC.exe [2011-11-25 480880] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720] "avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2014-01-02 684600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-09-02 259584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2013-12-25 243200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 "RestrictRun"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 month====== 2014-01-06 20:39:17 ----D---- C:\Program Files\trend micro 2014-01-06 20:39:15 ----D---- C:\rsit 2014-01-04 23:52:53 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2014-01-04 23:52:52 ----A---- C:\Windows\system32\ieui.dll 2014-01-04 23:52:51 ----A---- C:\Windows\SYSWOW64\ieui.dll 2014-01-04 23:52:51 ----A---- C:\Windows\system32\jsproxy.dll 2014-01-04 23:52:50 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2014-01-04 23:52:50 ----A---- C:\Windows\system32\ieUnatt.exe 2014-01-04 23:52:50 ----A---- C:\Windows\system32\iernonce.dll 2014-01-04 23:52:50 ----A---- C:\Windows\system32\ie4uinit.exe 2014-01-04 23:52:49 ----A---- C:\Windows\system32\iesetup.dll 2014-01-04 23:52:48 ----A---- C:\Windows\system32\ieetwproxystub.dll 2014-01-04 23:52:48 ----A---- C:\Windows\system32\ieetwcollector.exe 2014-01-04 23:52:45 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2014-01-04 23:52:45 ----A---- C:\Windows\system32\mshtml.dll 2014-01-04 23:52:45 ----A---- C:\Windows\system32\jscript9diag.dll 2014-01-04 23:52:45 ----A---- C:\Windows\system32\ieapfltr.dll 2014-01-04 23:52:44 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2014-01-04 23:52:44 ----A---- C:\Windows\system32\iertutil.dll 2014-01-04 23:52:43 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2014-01-04 23:52:42 ----A---- C:\Windows\SYSWOW64\wininet.dll 2014-01-04 23:52:42 ----A---- C:\Windows\system32\wininet.dll 2014-01-04 23:52:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2014-01-04 23:52:41 ----A---- C:\Windows\system32\urlmon.dll 2014-01-04 23:52:38 ----A---- C:\Windows\system32\ieframe.dll 2014-01-04 23:52:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2014-01-04 23:52:31 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2014-01-04 23:52:29 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2014-01-04 23:52:29 ----A---- C:\Windows\system32\jscript9.dll 2013-12-25 10:06:08 ----A---- C:\Windows\system32\IEUDINIT.EXE 2013-12-25 09:59:51 ----A---- C:\Windows\SYSWOW64\elshyph.dll 2013-12-25 09:59:51 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2013-12-25 09:59:35 ----A---- C:\Windows\SYSWOW64\jsIntl.dll 2013-12-25 09:59:35 ----A---- C:\Windows\system32\elshyph.dll 2013-12-25 09:59:34 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-12-25 09:59:34 ----A---- C:\Windows\SYSWOW64\msrating.dll 2013-12-25 09:59:34 ----A---- C:\Windows\SYSWOW64\msls31.dll 2013-12-25 09:59:32 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2013-12-25 09:59:31 ----A---- C:\Windows\SYSWOW64\url.dll 2013-12-25 09:59:31 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat 2013-12-25 09:59:31 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2013-12-25 09:59:31 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2013-12-25 09:59:30 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll 2013-12-25 09:59:29 ----A---- C:\Windows\SYSWOW64\licmgr10.dll 2013-12-25 09:59:29 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-12-25 09:59:29 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-12-25 09:59:29 ----A---- C:\Windows\SYSWOW64\icardie.dll 2013-12-25 09:59:28 ----A---- C:\Windows\SYSWOW64\wextract.exe 2013-12-25 09:59:28 ----A---- C:\Windows\SYSWOW64\webcheck.dll 2013-12-25 09:59:28 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll 2013-12-25 09:59:28 ----A---- C:\Windows\SYSWOW64\inseng.dll 2013-12-25 09:59:28 ----A---- C:\Windows\SYSWOW64\iexpress.exe 2013-12-25 09:59:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2013-12-25 09:59:27 ----A---- C:\Windows\SYSWOW64\pngfilt.dll 2013-12-25 09:59:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2013-12-25 09:59:27 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\occache.dll 2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll 2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\mshta.exe 2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe 2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll 2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\imgutil.dll 2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\iepeers.dll 2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2013-12-25 09:59:25 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe 2013-12-25 09:59:25 ----A---- C:\Windows\SYSWOW64\mshtmler.dll 2013-12-25 09:59:25 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll 2013-12-25 09:59:24 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-12-25 09:59:23 ----A---- C:\Windows\system32\jsIntl.dll 2013-12-25 09:59:22 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-12-25 09:59:22 ----A---- C:\Windows\system32\msrating.dll 2013-12-25 09:59:22 ----A---- C:\Windows\system32\msls31.dll 2013-12-25 09:59:22 ----A---- C:\Windows\system32\msfeedsbs.dll 2013-12-25 09:59:21 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2013-12-25 09:59:21 ----A---- C:\Windows\system32\mshtmler.dll 2013-12-25 09:59:21 ----A---- C:\Windows\system32\msfeedssync.exe 2013-12-25 09:59:21 ----A---- C:\Windows\system32\iesysprep.dll 2013-12-25 09:59:21 ----A---- C:\Windows\system32\IEAdvpack.dll 2013-12-25 09:59:20 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-12-25 09:59:20 ----A---- C:\Windows\system32\dxtrans.dll 2013-12-25 09:59:20 ----A---- C:\Windows\system32\dxtmsft.dll 2013-12-25 09:59:19 ----A---- C:\Windows\system32\webcheck.dll 2013-12-25 09:59:19 ----A---- C:\Windows\system32\url.dll 2013-12-25 09:59:19 ----A---- C:\Windows\system32\mshtmlmedia.dll 2013-12-25 09:59:19 ----A---- C:\Windows\system32\licmgr10.dll 2013-12-25 09:59:19 ----A---- C:\Windows\system32\iedkcs32.dll 2013-12-25 09:59:19 ----A---- C:\Windows\system32\ieapfltr.dat 2013-12-25 09:59:19 ----A---- C:\Windows\system32\icardie.dll 2013-12-25 09:59:18 ----A---- C:\Windows\system32\wextract.exe 2013-12-25 09:59:18 ----A---- C:\Windows\system32\vbscript.dll 2013-12-25 09:59:18 ----A---- C:\Windows\system32\pngfilt.dll 2013-12-25 09:59:18 ----A---- C:\Windows\system32\occache.dll 2013-12-25 09:59:18 ----A---- C:\Windows\system32\mshtmled.dll 2013-12-25 09:59:18 ----A---- C:\Windows\system32\msfeeds.dll 2013-12-25 09:59:18 ----A---- C:\Windows\system32\inseng.dll 2013-12-25 09:59:18 ----A---- C:\Windows\system32\iexpress.exe 2013-12-25 09:59:17 ----A---- C:\Windows\system32\MshtmlDac.dll 2013-12-25 09:59:17 ----A---- C:\Windows\system32\mshta.exe 2013-12-25 09:59:17 ----A---- C:\Windows\system32\jscript.dll 2013-12-25 09:59:17 ----A---- C:\Windows\system32\imgutil.dll 2013-12-25 09:59:17 ----A---- C:\Windows\system32\iepeers.dll 2013-12-23 20:32:50 ----A---- C:\Windows\SYSWOW64\GPhotos.scr 2013-12-12 22:14:56 ----A---- C:\Windows\system32\wmploc.DLL 2013-12-12 22:14:55 ----A---- C:\Windows\SYSWOW64\wmploc.DLL 2013-12-12 22:14:54 ----A---- C:\Windows\SYSWOW64\wmp.dll 2013-12-12 22:14:52 ----A---- C:\Windows\system32\wmp.dll 2013-12-12 22:01:03 ----D---- C:\Program Files (x86)\GUMBD55.tmp 2013-12-12 22:01:03 ----A---- C:\Program Files (x86)\GUTBD56.tmp 2013-12-10 22:37:00 ----A---- C:\Windows\system32\tzres.dll 2013-12-10 22:36:59 ----A---- C:\Windows\SYSWOW64\tzres.dll 2013-12-10 22:36:41 ----A---- C:\Windows\SYSWOW64\msieftp.dll 2013-12-10 22:36:41 ----A---- C:\Windows\system32\msieftp.dll 2013-12-10 22:36:40 ----A---- C:\Windows\system32\win32k.sys 2013-12-10 22:36:38 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll 2013-12-10 22:36:38 ----A---- C:\Windows\system32\WMPhoto.dll 2013-12-10 22:36:37 ----A---- C:\Windows\SYSWOW64\imagehlp.dll 2013-12-10 22:36:37 ----A---- C:\Windows\system32\imagehlp.dll 2013-12-10 22:36:36 ----A---- C:\Windows\system32\drivers\portcls.sys 2013-12-10 22:36:36 ----A---- C:\Windows\system32\drivers\drmk.sys 2013-12-10 22:35:49 ----A---- C:\Windows\SYSWOW64\wscript.exe 2013-12-10 22:35:49 ----A---- C:\Windows\SYSWOW64\scrrun.dll 2013-12-10 22:35:49 ----A---- C:\Windows\SYSWOW64\cscript.exe 2013-12-10 22:35:49 ----A---- C:\Windows\system32\wscript.exe 2013-12-10 22:35:49 ----A---- C:\Windows\system32\scrrun.dll 2013-12-10 22:35:49 ----A---- C:\Windows\system32\cscript.exe 2013-12-07 20:45:02 ----D---- C:\32788R22FWJFW ======List of files/folders modified in the last 1 month====== 2014-01-06 20:39:24 ----D---- C:\Windows\Temp 2014-01-06 20:39:17 ----RD---- C:\Program Files 2014-01-06 20:31:41 ----AD---- C:\ProgramData\Temp 2014-01-06 20:30:49 ----D---- C:\Windows\inf 2014-01-06 19:58:26 ----D---- C:\Windows\system32\config 2014-01-06 19:29:59 ----D---- C:\Windows\winsxs 2014-01-06 19:26:29 ----D---- C:\Windows\SysWOW64 2014-01-06 19:26:29 ----D---- C:\Program Files\Internet Explorer 2014-01-06 19:26:29 ----D---- C:\Program Files (x86)\Internet Explorer 2014-01-06 19:26:28 ----D---- C:\Windows\System32 2014-01-04 23:53:16 ----D---- C:\Windows\system32\catroot 2014-01-04 23:53:15 ----D---- C:\Windows\system32\catroot2 2014-01-04 23:52:18 ----SHD---- C:\System Volume Information 2014-01-04 22:10:23 ----SHD---- C:\Windows\Installer 2014-01-04 22:10:22 ----D---- C:\Config.Msi 2014-01-04 21:49:59 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-01-04 21:38:49 ----D---- C:\Windows 2014-01-03 01:00:27 ----D---- C:\Windows\Panther 2014-01-03 01:00:25 ----D---- C:\Windows\Logs 2014-01-03 01:00:25 ----D---- C:\Windows\debug 2014-01-02 22:50:26 ----D---- C:\Windows\system32\drivers 2014-01-02 22:43:27 ----D---- C:\Windows\system32\LogFiles 2013-12-25 10:22:29 ----D---- C:\Windows\SYSWOW64\nl-NL 2013-12-25 10:22:28 ----D---- C:\Windows\system32\nl-NL 2013-12-25 10:22:25 ----D---- C:\Windows\SYSWOW64\migration 2013-12-25 10:22:25 ----D---- C:\Windows\SYSWOW64\en-US 2013-12-25 10:22:21 ----D---- C:\Windows\system32\migration 2013-12-25 10:22:21 ----D---- C:\Windows\system32\en-US 2013-12-25 10:22:21 ----D---- C:\Windows\PolicyDefinitions 2013-12-25 09:55:56 ----D---- C:\Windows\system32\MRT 2013-12-25 09:46:02 ----A---- C:\Windows\system32\MRT.exe 2013-12-15 21:45:43 ----D---- C:\Program Files (x86)\Windows Media Player 2013-12-15 21:45:35 ----D---- C:\Program Files\Windows Media Player 2013-12-15 21:45:00 ----D---- C:\Windows\system32\DriverStore 2013-12-12 22:14:25 ----D---- C:\ProgramData\Microsoft Help 2013-12-12 22:01:03 ----RD---- C:\Program Files (x86) 2013-12-10 23:38:57 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2013-12-07 20:55:02 ----D---- C:\Program Files\Speccy ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696] R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-10-13 529128] R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-10-13 283360] R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2014-01-02 131576] R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2014-01-02 28600] R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 75032] R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576] R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016] R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2014-01-02 108440] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944] R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-20 146432] R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-06-03 4171328] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-02 7369728] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-06 2419176] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-10-13 190136] R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-10-13 441328] R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2010-04-20 18432] R3 pneteth;PdaNet Broadband; C:\Windows\system32\DRIVERS\pneteth.sys [2011-11-24 15360] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-12-10 301104] R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2010-07-09 17408] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-10-13 62800] S3 cpuz135;cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [] S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2012-04-18 19304] S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0; C:\Windows\system32\drivers\libusb0.sys [2011-12-20 29184] S3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-10-13 121248] S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-10-13 94864] S3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista; C:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RemoteControl-USBLAN;RemoteControl-USBLAN; C:\Windows\system32\DRIVERS\rcblan.sys [2007-01-24 46616] S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2011-05-06 28416] S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 19968] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496] S3 usbUDisc;usbUDisc; C:\Windows\system32\DRIVERS\USBDrv_AMD64.sys [2012-03-29 17280] S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S4 RsFx0150;RsFx0150 Driver; C:\Windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira Planner; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-01-02 440376] R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-01-02 440376] R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] R2 BotkindSyncService;Botkind Service; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [2012-11-19 182784] R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104] R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896] R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-13 149032] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952] R2 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864] R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568] R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312] R2 PDF Architect Service;PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-04-03 146272] R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232] R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376] R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896] R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 136176] S2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-10-13 200056] S2 MsDepSvc;Web Deployment Agent Service; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10 257416] S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-16 655624] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-12-06 194032] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-27 1255736] S4 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-01-02 1011768] S4 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384] S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-04-03 267616] -----------------EOF-----------------

hallo, mijn ACER laptop is zeer traag en loopt steeds vast. wie kan mij helpen

De laptop heeft nog geen vastloper weer gehad na het uitvoeren van aanwijzingen. De snelheid houdt niet over duurt ongeveer 100 sec voordat opstart is geweest. Bedankt voor de services. greats kobus1234

hallo, hierbij het ipconfig bestand Windows IP-configuratie Hostnaam . . . . . . . . . . . . : laptop Primair DNS-achtervoegsel . . . . : Knooppunttype . . . . . . . . . . : hybride IP-routering ingeschakeld . . . . : ja WINS-proxy ingeschakeld . . . . . : nee DNS-achtervoegselzoeklijst. . . . : dynamic.ziggo.nl Draadloos LAN-adapter voor Draadloze netwerkverbinding: Verbindingsspec. DNS-achtervoegsel: dynamic.ziggo.nl Beschrijving. . . . . . . . . . . : Broadcom 802.11n Network Adapter Fysiek adres. . . . . . . . . . . : 4C-0F-6E-82-0F-A6 DHCP ingeschakeld . . . . . . . . : ja Autom. configuratie ingeschakeld : ja Link-local IPv6-adres . . . . . . : fe80::44c7:aac2:aef4:64f0%11(voorkeur) IPv4-adres. . . . . . . . . . . . : 192.168.1.100(voorkeur) Subnetmasker. . . . . . . . . . . : 255.255.255.0 Lease verkregen . . . . . . . . . : donderdag 17 mei 2012 18:15:37 Lease verlopen. . . . . . . . . . : vrijdag 18 mei 2012 18:15:37 Standaardgateway. . . . . . . . . : 192.168.1.1 DHCP-server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 390860654 DHCPv6-client DUID. . . . . . . . : 00-01-00-01-14-25-0B-CC-88-AE-1D-9D-EE-2F DNS-servers . . . . . . . . . . . : 212.54.40.25 212.54.35.25 NetBIOS via TCPIP . . . . . . . . : ingeschakeld Ethernet-adapter voor LAN-verbinding: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet Fysiek adres. . . . . . . . . . . : 88-AE-1D-9D-EE-2F DHCP ingeschakeld . . . . . . . . : ja Autom. configuratie ingeschakeld : ja Ethernet-adapter voor LAN-verbinding 4: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : PdaNet Broadband Adapter Fysiek adres. . . . . . . . . . . : 00-26-37-BD-39-42 DHCP ingeschakeld . . . . . . . . : ja Autom. configuratie ingeschakeld : ja Tunnel-adapter voor isatap.dynamic.ziggo.nl: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: dynamic.ziggo.nl Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja Tunnel-adapter voor isatap.{21A10D18-A54B-4642-A4BC-D7F8A55F4FED}: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter #2 Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja Tunnel-adapter voor Teredo Tunneling Pseudo-Interface: Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja IPv6-adres. . . . . . . . . . . . : 2001:0:5ef5:79fd:1022:551:3f57:fe9b(voorkeur) Link-local IPv6-adres . . . . . . : fe80::1022:551:3f57:fe9b%17(voorkeur) Standaardgateway. . . . . . . . . : :: NetBIOS via TCPIP . . . . . . . . : uitgeschakeld Tunnel-adapter voor isatap.{5AFCF273-E187-4472-9D56-7F3673B777B0}: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter #3 Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja

Hallo, hierbij het Combofix bestand: ComboFix 12-05-16.02 - Gebruiker 6.mei.2012 22:32:19.1.1 - x64 Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\users\Gebruiker\adjperm.dll c:\users\Gebruiker\AppData\Local\assembly\tmp c:\users\Gebruiker\AppData\Roaming\Eqpaaq c:\users\Gebruiker\AppData\Roaming\Eqpaaq\bimy.igy c:\users\Gebruiker\glibmm-2.4.dll c:\users\Gebruiker\iCustBundleGen.dll c:\users\Gebruiker\libcds.dll c:\users\Gebruiker\libcurl.dll c:\users\Gebruiker\liblber.dll c:\users\Gebruiker\libldap.dll c:\users\Gebruiker\libldap_r.dll c:\users\Gebruiker\libxml2.dll c:\users\Gebruiker\mkisofs.exe c:\users\Gebruiker\mspack.dll c:\users\Gebruiker\p2vHlpr.dll c:\users\Gebruiker\p2vWizard.dll c:\users\Gebruiker\sigc-2.0.dll c:\users\Gebruiker\singleJobRunner.dll c:\users\Gebruiker\uninst.exe c:\users\Gebruiker\unzip.exe c:\users\Gebruiker\vmappcfg.dll c:\users\Gebruiker\vmappsdk.dll c:\users\Gebruiker\vmapputil.dll c:\users\Gebruiker\vmclientcore.dll c:\users\Gebruiker\vmcuiutil.dll c:\users\Gebruiker\vmdkShellExt.dll c:\users\Gebruiker\vmhwcfg.dll c:\users\Gebruiker\vmnetui.dll c:\users\Gebruiker\vmware-authd.exe c:\users\Gebruiker\vmware-tray-helper.dll c:\users\Gebruiker\vmware-ufad.exe c:\users\Gebruiker\vmwarebase.dll c:\users\Gebruiker\vmwarecui.dll c:\users\Gebruiker\vmwarewui.dll c:\users\Gebruiker\xmlparse.dll c:\users\Gebruiker\xmlrpc.dll c:\users\Gebruiker\xmltok.dll c:\users\Gebruiker\zip.exe c:\windows\system32\drivers\etc\hosts.ics . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))) . . 2012-05-16 20:47 . 2012-05-16 20:47 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2012-05-16 20:47 . 2012-05-16 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-16 20:21 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8085A407-45A5-48F7-94F9-06E781BF39FE}\mpengine.dll 2012-05-16 06:03 . 2012-05-16 06:03 -------- d-----w- c:\users\Gebruiker\AppData\Local\AVG Secure Search 2012-05-16 06:02 . 2012-05-16 06:03 -------- d-----w- c:\programdata\AVG Secure Search 2012-05-16 06:02 . 2012-05-16 06:02 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-05-16 06:02 . 2012-05-16 06:02 -------- d-----w- c:\program files (x86)\AVG Secure Search 2012-05-16 06:02 . 2012-05-16 06:02 -------- d--h--w- c:\programdata\Common Files 2012-05-15 20:12 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-15 18:42 . 2012-05-15 20:16 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Ehhao 2012-05-15 18:42 . 2012-05-15 18:42 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Ikahom 2012-05-15 17:22 . 2012-05-15 17:22 -------- d-----w- c:\program files (x86)\CleanMyPC 2012-05-14 17:34 . 2012-05-15 18:11 -------- d-----w- c:\users\Administrator 2012-05-12 17:58 . 2012-05-12 17:58 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes 2012-05-12 17:58 . 2012-05-14 08:19 -------- d-----w- c:\programdata\Malwarebytes 2012-05-12 17:58 . 2012-05-14 08:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-12 17:58 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-12 17:45 . 2012-05-12 17:45 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-12 17:45 . 2012-05-14 08:18 -------- d-----w- c:\program files (x86)\Trend Micro 2012-05-12 13:06 . 2012-05-14 08:29 -------- d-----w- c:\users\Gebruiker\AppData\Local\Chris_Pietschmann_(http__ 2012-05-12 13:03 . 2012-05-15 19:01 -------- d-----w- c:\program files (x86)\Virtual Router 2012-05-12 10:50 . 2010-04-03 18:51 47456 ----a-w- c:\windows\SysWow64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll 2012-05-12 10:50 . 2010-04-03 17:57 77152 ----a-w- c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll 2012-05-12 10:49 . 2010-04-03 18:51 73568 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll 2012-05-12 10:49 . 2010-04-03 17:57 79200 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll 2012-05-12 10:48 . 2012-05-12 10:48 -------- d-----w- c:\windows\system32\RsFx 2012-05-12 10:47 . 2012-05-14 08:18 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0 2012-05-12 10:47 . 2012-05-14 08:18 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2012-05-12 10:37 . 2012-05-14 08:29 -------- d-----w- c:\program files\IIS 2012-05-12 10:37 . 2012-05-14 08:29 -------- d-----w- c:\program files (x86)\IIS 2012-05-12 10:36 . 2012-05-14 08:31 -------- d-----w- c:\windows\SysWow64\1033 2012-05-12 10:36 . 2012-05-14 08:30 -------- d-----w- c:\windows\system32\1033 2012-05-12 10:36 . 2012-05-14 08:29 -------- d-----w- c:\program files\Microsoft SQL Server 2012-05-12 10:36 . 2012-05-14 08:29 -------- d-----w- c:\program files (x86)\Microsoft SQL Server 2012-05-12 10:36 . 2012-05-12 10:36 -------- d-----w- c:\program files (x86)\Microsoft SDKs 2012-05-12 10:34 . 2012-05-14 08:31 -------- d-----w- c:\users\Classic .NET AppPool 2012-05-12 10:33 . 2012-05-12 10:33 -------- d-----w- c:\windows\SysWow64\BestPractices 2012-05-12 10:33 . 2012-05-14 08:30 -------- d-----w- c:\windows\system32\BestPractices 2012-05-12 10:33 . 2012-05-14 08:17 -------- d-----w- C:\inetpub 2012-05-12 10:29 . 2012-05-14 08:29 -------- d-----w- c:\program files (x86)\Microsoft 2012-05-12 10:29 . 2012-05-14 08:18 -------- d-----w- c:\program files\Microsoft 2012-05-12 08:30 . 2012-05-12 08:30 12672 ----a-w- c:\windows\SysWow64\drivers\sr9usb.sys 2012-05-12 08:30 . 2012-05-14 08:29 -------- d-----w- c:\program files (x86)\SR9USB 2012-05-12 08:29 . 2004-10-22 00:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2012-05-12 08:29 . 2004-10-22 00:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2012-05-12 08:29 . 2004-10-22 00:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2012-05-12 08:29 . 2004-10-22 00:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2012-05-12 08:29 . 2012-05-12 08:29 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2012-05-12 08:29 . 2004-10-22 00:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2012-05-12 08:29 . 2012-05-12 08:29 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2012-05-11 21:58 . 2012-05-14 08:29 -------- d-----w- c:\users\Gebruiker\AppData\Local\MetaGeek,_LLC 2012-05-11 20:28 . 2012-05-14 08:17 -------- d-----w- c:\program files (x86)\MetaGeek 2012-05-11 20:09 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-11 20:09 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-11 20:09 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-11 20:09 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-11 20:09 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 20:08 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-11 20:08 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-11 20:08 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-11 20:08 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-11 20:08 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 20:08 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-11 20:08 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-11 20:08 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 19:30 . 2012-05-14 08:29 -------- d-----w- c:\program files\Defraggler 2012-05-11 17:19 . 2012-05-14 08:29 -------- d-----w- c:\program files\Speccy 2012-05-10 16:37 . 2011-12-27 17:04 2323827 ----a-w- c:\users\Gebruiker\WiFiManager_v57_Trial.exe 2012-05-10 16:28 . 2012-05-15 20:47 -------- d-----w- c:\program files (x86)\WiFi-Manager 2012-05-08 19:33 . 2012-05-08 19:33 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys 2012-05-08 19:03 . 2012-05-14 08:29 -------- d-----w- c:\programdata\PC Drivers HeadQuarters 2012-05-08 17:48 . 2012-05-08 17:48 -------- d-----w- c:\programdata\InstallShield 2012-05-08 17:37 . 2010-11-11 10:26 412272 ----a-w- c:\users\Gebruiker\vmPerfmon.dll 2012-05-07 21:39 . 2012-05-16 20:12 -------- d-----r- c:\users\Gebruiker\Dropbox 2012-05-07 21:35 . 2012-05-16 20:12 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Dropbox 2012-05-03 05:42 . 2012-05-03 05:42 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\JRT Studio 2012-05-03 05:41 . 2012-05-06 14:27 -------- d-----w- c:\program files (x86)\JRT Studio 2012-04-24 20:01 . 2012-05-06 02:46 -------- d-----w- c:\windows\system32\ð 2012-04-22 21:56 . 2012-05-06 02:45 -------- d-----w- c:\users\Gebruiker\.swt 2012-04-19 21:41 . 2012-05-05 18:38 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-15 20:40 . 2010-09-17 11:48 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-05-15 20:40 . 2010-09-17 11:48 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll 2012-05-15 20:40 . 2010-09-17 11:48 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-05-05 18:39 . 2012-04-03 06:03 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 18:39 . 2011-06-21 20:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-29 20:38 . 2012-03-29 20:38 17280 ----a-w- c:\windows\system32\drivers\USBDrv_AMD64.sys 2012-03-20 18:44 . 2010-10-24 19:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-20 18:44 . 2010-10-24 19:25 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-01 06:46 . 2012-04-12 15:14 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-12 15:14 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-12 15:14 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-12 15:14 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-12 15:14 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-12 15:14 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-12 15:14 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:56 . 2012-04-12 15:27 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 06:49 . 2012-04-12 15:27 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 06:48 . 2012-04-12 15:27 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 06:42 . 2012-04-12 15:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 01:18 . 2012-04-12 15:27 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-28 01:11 . 2012-04-12 15:27 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11 . 2012-04-12 15:27 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 01:03 . 2012-04-12 15:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-02-17 06:38 . 2012-03-13 20:36 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-13 20:36 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-13 20:36 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-13 20:36 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-05-16 06:02 2067328 ----a-w- c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-16 2067328] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-05-16 1116544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 136176] R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-20 29184] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv_AMD64.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AntiVirSchedulerService;Avira Planner;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-02-03 86224] S2 BotkindSyncService;Botkind Service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-13 149032] S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232] S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-05-16 932736] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Inhoud van de 'Gedeelde Taken' map . 2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:39] . 2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 21:52] . 2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 21:52] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://isearch.avg.com/?cid={ED9CFD38-4A49-4A5E-8840-50FF8AA7541E}&mid=fdf1329b912747d0b98a59e75b7907dc-a8ac39c904d9ea41f899b844a8c1f533c18c4096〈=nl&ds=od011&pr=sa&d=2012-05-16 08:02&v=11.0.0.9&sap=hp mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Converteren naar Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Doel van koppeling converteren naar Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 IE: Toevoegen aan bestaande PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{83E2870F-CA42-4317-8F59-3283DB41DAA1}: NameServer = 192.168.29.1 TCP: Interfaces\{BA9EDFA5-6120-4EC6-AA0E-DF84AE0F1295}\C696E6B6379737: DhcpNameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{D3FE8ED8-A8F9-4DF8-95B4-C767FE7E29A7}: DhcpNameServer = 212.54.40.25 212.54.35.25 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {63428D84-81E6-4C11-B2F1-2F9ED15E3F2F} - hxxp://virusscan.ashampoo.com/ashampoo_webscan.cab . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-NPSStartup - (no file) Toolbar-Locked - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) WebBrowser-{38542454-DFB6-44F5-B052-D4E071A3D073} - (no file) WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{9427041A-A8DC-4D06-9A68-93873486E957} - (no file) WebBrowser-{0734D757-FEA6-4637-A7E4-2BD40A7FD8DA} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc] "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\kde.org\libphonon] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Local AppWizard-Generated Applications\CanInstallWeFi] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Local AppWizard-Generated Applications\Launch Tool] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Mobipocket\WebCompanion] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-05-16 22:52:51 ComboFix-quarantined-files.txt 2012-05-16 20:52 . Pre-Run: 93.748.174.848 bytes beschikbaar Post-Run: 94.487.654.400 bytes beschikbaar . - - End Of File - - F184140B5F5D23D29BFA27153D13DC59

hallo, e vorige logfile was niet juist hierbij de juiste: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:04:50, on 15.mei.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Users\Gebruiker\AppData\Roaming\Ehhao\naqo.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101127192654.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [Diupqulueh] C:\Users\Gebruiker\AppData\Roaming\Ehhao\naqo.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab O16 - DPF: {63428D84-81E6-4C11-B2F1-2F9ED15E3F2F} (Ashampoo Online Virus Scanner) - http://virusscan.ashampoo.com/ashampoo_webscan.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{83E2870F-CA42-4317-8F59-3283DB41DAA1}: NameServer = 192.168.29.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11948 bytes

hallo, iets langer gedeur maar laptop kreeg nu alleen maar fout berichten bij opstart maar hier het bericht welke als administrator is uitgevoerd: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:50:34, on 12.mei.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Connectify\Connectify.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Analysis of program downloads scanned for viruses and spyware. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101127192654.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file) O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Virtual Router Manager.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab O16 - DPF: {63428D84-81E6-4C11-B2F1-2F9ED15E3F2F} (Ashampoo Online Virus Scanner) - http://virusscan.ashampoo.com/ashampoo_webscan.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{83E2870F-CA42-4317-8F59-3283DB41DAA1}: NameServer = 192.168.29.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{F60BA805-64A0-42D3-BE11-AE0798AB8047}: NameServer = 192.168.29.1 O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe O23 - Service: Connectify - Unknown owner - C:\Program Files (x86)\Connectify\ConnectifyService.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VirtualRouterService (Virtual Router) - Chris Pietschmann (Chris Pietschmann | husband, father, code ninja, autodidact, entrepreneur, innovator, Microsoft MVP and pursuing an education in Neuroscience) - C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13350 bytes