Qvo6 logje

[adriearentsen]

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 14:45:09, on 6-12-2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16476)

Boot mode: Normal

Running processes:

C:\Users\arentsen\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe

C:\Users\arentsen\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\arentsen\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Web search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 92.108.103.207:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: SaveSense - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files (x86)\SaveSense\SaveSenseIE.dll

O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\64c60ec9-7315-4db1-ae6c-79a45d5f25fe.exe /check

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\arentsen\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk.disabled

O4 - Startup: MyPC Backup.lnk.disabled

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: VideoWebCamera.exe.lnk = C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.aeriagames.com

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe

O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SProtection - Iminent - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Wsys Service (WsysSvc) - Wsys Co., Ltd. - C:\ProgramData\eSafe\eGdpSvc.exe

--

End of file - 13172 bytes

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Web search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 92.108.103.207:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)

O2 - BHO: SaveSense - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files (x86)\SaveSense\SaveSenseIE.dll

O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)

O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

O4 - Startup: Dropbox.lnk.disabled

O4 - Startup: MyPC Backup.lnk.disabled

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

[adriearentsen]

Logfile of random's system information tool 1.09 (written by random/random)

Run by arentsen at 2013-12-07 07:41:34

Microsoft Windows 7 Home Premium

System drive C: has 49 GB (17%) free of 292 GB

Total RAM: 3764 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:41:51, on 7-12-2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16476)

Boot mode: Normal

Running processes:

C:\Users\arentsen\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe

C:\Users\arentsen\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Users\arentsen\Downloads\HijackThis (2).exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\arentsen.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\64c60ec9-7315-4db1-ae6c-79a45d5f25fe.exe /check

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\arentsen\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: VideoWebCamera.exe.lnk = C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.aeriagames.com

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe

O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SProtection - Iminent - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Wsys Service (WsysSvc) - Wsys Co., Ltd. - C:\ProgramData\eSafe\eGdpSvc.exe

--

End of file - 11338 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\ProgramData\eSafe\eGdpSvc.exe

taskeng.exe {CFC100ED-6F63-47CF-93E1-61304226F5AD}

"taskhost.exe"

"C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe" /c

"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe"

"C:\Windows\WindowsMobile\wmdc.exe"

"C:\Users\arentsen\AppData\Local\Akamai\netsession_win.exe"

"C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe"

"C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe"

"C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe" /s

"C:/Users/arentsen/AppData/Local/Akamai/netsession_win.exe" --client

"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

"C:\Users\arentsen\Downloads\HijackThis (2).exe"

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe"

"C:\Program Files\IB Updater\ExtensionUpdaterService.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"

"C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe"

"C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe"

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"

WLIDSvcM.exe 2272

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\igfxext.exe -Embedding

C:\Windows\system32\igfxsrvc.exe -Embedding

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe"

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

C:\Windows\system32\svchost.exe -k HPService

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

C:\Windows\System32\svchost.exe -k secsvcs

"C:\Program Files (x86)\Windows Live\Mail\wlmail.exe"

"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "http://www.pc-helpforum.be/f163/qvo6-logje-66598-new/"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4272.0.2059288619\1182010806" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0046 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2119 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_81/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4272.1.1134897291\357068723" /prefetch:673131151

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\sppsvc.exe

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 552 556 564 65536 560

"C:\Users\arentsen\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\DSite.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2511679531-4247418346-2881348197-1000Core.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2511679531-4247418346-2881348197-1000UA.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\HP Photo Creations Communicator.job

C:\Windows\tasks\SaveSense.job

C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job

C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-11-15 1567016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]

DVDVideoSoft IE Extension - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2013-10-30 336952]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-11-15 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-15 606544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-11-15 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-11-15 1567016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-15 606544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-23 323584]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-05-07 161304]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-05-07 386584]

"Persistence"=C:\Windows\system32\igfxpers.exe [2010-05-07 413208]

"Acer ePower Management"=C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2010-04-23 861216]

"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"=C:\Users\arentsen\AppData\Local\Akamai\netsession_win.exe [2013-06-05 4489472]

"Rainlendar2"=C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2012-07-24 2498048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aeria Ignite]

C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Users\arentsen\AppData\Local\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]

C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2012-07-24 2498048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-03-01 18643560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]

C:\Users\arentsen\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]

C:\Users\arentsen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

C:\Users\arentsen\Desktop\uTorrent.exe /MINIMIZED []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^arentsen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

C:\Users\arentsen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-05-25 27776968]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-05-10 49208]

""= []

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-11-15 3568312]

"20131121"=C:\Program Files\AVAST Software\Avast\setup\emupdate\64c60ec9-7315-4db1-ae6c-79a45d5f25fe.exe [2013-11-23 180184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

InterVideo WinCinema Manager.lnk - C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe

VideoWebCamera.exe.lnk - C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\progra~2\searchprotect\searchprotect\bin\spvc64loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2010-04-21 269824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"VIDC.XFR1"=xfcodec64.dll

"VIDC.FPS1"=frapsv64.dll

"VIDC.LAGS"=lagarith.dll

"vidc.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-12-07 07:41:34 ----D---- C:\rsit

2013-12-07 07:41:34 ----D---- C:\Program Files\trend micro

2013-11-26 07:09:20 ----D---- C:\ProgramData\eSafe

2013-11-24 22:57:00 ----D---- C:\Temp

2013-11-22 19:42:11 ----D---- C:\ProgramData\SaveSenseLive

2013-11-22 19:42:11 ----D---- C:\Program Files (x86)\SaveSenseLive

2013-11-22 19:41:58 ----D---- C:\ProgramData\Iminent

2013-11-22 19:41:53 ----D---- C:\Users\arentsen\AppData\Roaming\SaveSense

2013-11-22 19:41:38 ----D---- C:\Program Files (x86)\SaveSense

2013-11-22 19:41:34 ----D---- C:\Program Files (x86)\IminentToolbar

2013-11-22 19:41:28 ----D---- C:\Users\arentsen\AppData\Roaming\iminent

2013-11-22 19:41:20 ----D---- C:\Program Files (x86)\Optimizer Pro

2013-11-22 19:41:11 ----D---- C:\Program Files (x86)\Iminent

2013-11-22 19:40:44 ----D---- C:\Program Files (x86)\SecretSauce

2013-11-22 19:38:04 ----D---- C:\Users\arentsen\AppData\Roaming\Python-Eggs

2013-11-22 19:37:44 ----D---- C:\Users\arentsen\AppData\Roaming\BitLord

2013-11-22 19:37:44 ----A---- C:\Users\arentsen\AppData\Roaming\bitlord_log.txt

2013-11-22 19:32:10 ----D---- C:\Program Files (x86)\MyPC Backup

2013-11-22 19:32:01 ----D---- C:\Program Files (x86)\BitLord 2

2013-11-22 19:31:40 ----D---- C:\ProgramData\BonanzaDealsLive

2013-11-22 19:31:40 ----D---- C:\Program Files (x86)\BonanzaDealsLive

2013-11-22 19:31:26 ----D---- C:\Users\arentsen\AppData\Roaming\Systweak

2013-11-22 19:31:10 ----D---- C:\Program Files (x86)\BonanzaDeals

2013-11-16 18:01:44 ----D---- C:\Users\arentsen\AppData\Roaming\DVDVideoSoftIEHelpers

2013-11-16 18:01:04 ----D---- C:\Users\arentsen\AppData\Roaming\OpenCandy

2013-11-16 18:01:04 ----D---- C:\Program Files (x86)\DVDVideoSoft

2013-11-15 16:45:20 ----D---- C:\Users\arentsen\AppData\Roaming\AVAST Software

2013-11-15 15:11:52 ----D---- C:\ProgramData\Oracle

2013-11-15 15:11:48 ----A---- C:\Windows\SYSWOW64\javaws.exe

2013-11-15 15:11:18 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

2013-11-15 15:11:18 ----A---- C:\Windows\SYSWOW64\javaw.exe

2013-11-15 15:11:18 ----A---- C:\Windows\SYSWOW64\java.exe

======List of files/folders modified in the last 1 month======

2013-12-07 07:41:38 ----D---- C:\Windows\Temp

2013-12-07 07:41:34 ----D---- C:\Program Files

2013-12-06 18:20:17 ----D---- C:\Windows\system32\config

2013-12-06 18:05:26 ----A---- C:\Windows\SYSWOW64\log.txt

2013-12-04 14:20:10 ----D---- C:\Users\arentsen\AppData\Roaming\Dropbox

2013-12-04 13:19:34 ----D---- C:\Windows\System32

2013-12-04 13:19:34 ----D---- C:\Windows\inf

2013-12-04 13:19:34 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-12-04 01:13:57 ----SHD---- C:\System Volume Information

2013-12-03 07:13:06 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2013-12-03 04:17:03 ----SHD---- C:\Windows\Installer

2013-12-03 04:12:12 ----D---- C:\Program Files (x86)

2013-11-26 07:18:17 ----HD---- C:\ProgramData

2013-11-26 07:17:39 ----D---- C:\Program Files (x86)\DSP-worx

2013-11-26 07:17:28 ----D---- C:\Windows\SysWOW64

2013-11-26 07:16:14 ----D---- C:\Windows\system32\Tasks

2013-11-26 07:16:11 ----D---- C:\Windows\Tasks

2013-11-26 07:11:08 ----D---- C:\Program Files (x86)\TornTV.com

2013-11-22 19:41:11 ----D---- C:\Program Files (x86)\Common Files

2013-11-22 19:37:01 ----D---- C:\Windows\winsxs

2013-11-22 19:11:27 ----A---- C:\Windows\NeroDigital.ini

2013-11-22 06:28:04 ----D---- C:\Users\arentsen\AppData\Roaming\BitTorrent

2013-11-22 05:10:29 ----A---- C:\Windows\wininit.ini

2013-11-21 23:11:54 ----D---- C:\ProgramData\Spybot - Search & Destroy

2013-11-20 13:44:35 ----D---- C:\Windows\SYSWOW64\Adobe

2013-11-20 13:41:31 ----D---- C:\Windows\SYSWOW64\Macromed

2013-11-19 07:33:33 ----D---- C:\Windows\system32\catroot2

2013-11-16 18:21:48 ----D---- C:\Users\arentsen\AppData\Roaming\vlc

2013-11-16 18:01:23 ----RSD---- C:\Windows\assembly

2013-11-16 18:01:04 ----D---- C:\Users\arentsen\AppData\Roaming\DVDVideoSoft

2013-11-15 15:13:38 ----D---- C:\Windows

2013-11-15 15:13:32 ----A---- C:\Windows\system32\aswBoot.exe

2013-11-15 15:10:57 ----D---- C:\Program Files (x86)\Java

2013-11-15 15:07:56 ----D---- C:\ProgramData\AVAST Software

2013-11-15 15:06:24 ----D---- C:\Program Files (x86)\Adobe

2013-11-14 00:25:19 ----D---- C:\ProgramData\Microsoft Help

2013-11-14 00:19:08 ----D---- C:\Windows\system32\MRT

2013-11-14 00:19:07 ----D---- C:\Windows\debug

2013-11-14 00:19:04 ----A---- C:\Windows\system32\MRT.exe

2013-11-11 05:50:16 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-11-15 65776]

R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-11-15 205320]

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-04 540696]

R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2012-07-09 645952]

R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2012-07-09 27456]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]

R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-08-21 19600]

R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-11-15 92544]

R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-11-15 1032416]

R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-11-15 409832]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-11-15 38984]

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-11-15 84328]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-04-07 2216960]

R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-04-21 10326784]

R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]

R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]

R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S0 MrFilter;EasyWrite Driver; C:\Windows\system32\drivers\MrFilter.sys []

S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]

S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-06-04 103448]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488]

S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-20 54272]

S3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-06 18432]

S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]

S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys []

S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [2012-12-10 44544]

S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 11264]

S3 sf;sf; \??\C:\AeriaGames\SoldierFront\avital\soldierf64.sys []

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-06-04 203672]

S3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-06 16896]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]

S3 WINUSB;WinUsb-stuurprogramma; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-15 50344]

R2 ePowerSvc;Acer ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-04-23 867360]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]

R2 IB Updater;IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2013-01-29 188760]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-03-03 268824]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]

R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-03-09 250368]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]

R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 SProtection;SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2013-11-17 2905408]

R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

R2 Updater Service;Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

R2 WsysSvc;Wsys Service; C:\ProgramData\eSafe\eGdpSvc.exe [2013-11-26 825920]

S2 BackupStack;Computer Backup (MyPC Backup); C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-09-19 38440]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 135664]

S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S2 savesenselive;SaveSenseLive Service (savesenselive); C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2013-11-22 146920]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-03 257416]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 135664]

S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-02-20 641352]

S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2012-08-07 4562432]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 savesenselivem;SaveSenseLive Service (savesenselivem); C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2013-11-22 146920]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-25 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

7 december 2013 aangepast door kape
quote verwijderd

[kape]

Download Zoek.zip naar het bureaublad.

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

chromelook; 
firefoxlook; 
 IB Updater;s
 Npggsvc;s
 C:\Windows\system32\GameMon.des.exe;f
 Savesenselive;s
 C:\Program Files (x86)\SaveSenseLive;fs
 Savesenselivem;s
 C:\Windows\tasks\SaveSense.job;f
 C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job;f
 C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job;f
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}];r64
 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run];r64
 ""=-;r64
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r64
 "AppInit_DLLs"=-;r64
 C:\ProgramData\eSafe;fs
 C:\ProgramData\SaveSenseLive;fs
 C:\Program Files (x86)\SaveSenseLive;fs
 C:\ProgramData\Iminent;fs
 C:\Users\arentsen\AppData\Roaming\SaveSense;fs
 C:\Program Files (x86)\SaveSense;fs
 C:\Program Files (x86)\IminentToolbar;fs
 C:\Users\arentsen\AppData\Roaming\iminent;fs
 C:\Program Files (x86)\Optimizer Pro;fs
 C:\Program Files (x86)\Iminent;fs
 C:\Program Files (x86)\SecretSauce;fs
 C:\Program Files (x86)\MyPC Backup;fs
 C:\ProgramData\BonanzaDealsLive;fs
 C:\Program Files (x86)\BonanzaDealsLive;fs
 C:\Users\arentsen\AppData\Roaming\Systweak;fs
 C:\Program Files (x86)\BonanzaDeals;fs
 C:\Users\arentsen\AppData\Roaming\DVDVideoSoftIEHelpers;fs
 C:\Users\arentsen\AppData\Roaming\OpenCandy;fs
 C:\Program Files (x86)\TornTV.com;fs
 BackupStack;s
 emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Firefox Defaults
  
• Reset Chrome
  
• IE Defaults
  
• Auto Clean
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post nu de inhoud van het geopende logje in het volgende bericht.
  

[adriearentsen]

Zoek.exe Version 4.0.0.5 Updated 05-December-2013

Tool run by arentsen on za 07-12-2013 at 12:50:15,38.

Microsoft Windows 7 Home Premium 6.1.7600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\arentsen\Desktop\zoek.pif [script inserted] [Checkboxes used]

==== System Restore Info ======================

7-12-2013 13:00:22 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\DSP-worx deleted successfully

C:\PROGRA~2\Fiddler2 deleted successfully

C:\PROGRA~2\FreeTime deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\OnlineHD.TV deleted successfully

C:\PROGRA~2\Optimizer Pro deleted successfully

C:\PROGRA~2\SecretSauce deleted successfully

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully

C:\Program Files\Google deleted successfully

C:\Program Files\Symantec deleted successfully

C:\ProgramData\4shared Desktop deleted successfully

C:\ProgramData\Oracle deleted successfully

C:\ProgramData\Symantec deleted successfully

C:\Users\arentsen\AppData\Roaming\PerformerSoft deleted successfully

C:\Users\arentsen\AppData\Roaming\Systweak deleted successfully

C:\Windows\serviceprofiles\Localservice\AppData\Roaming\Xfire deleted successfully

C:\Users\arentsen\AppData\Local\DProtect deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2511679531-4247418346-2881348197-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2CA01A78-4F31-475E-AD74-D0D38DE09EC9} deleted successfully

HKEY_USERS\S-1-5-21-2511679531-4247418346-2881348197-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3C0097E0-9032-4E39-B242-92D21BDA7D58} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IB Updater deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IB Updater deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npggsvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Npggsvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Savesenselive deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Savesenselive deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Savesenselivem deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Savesenselivem deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupStack deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BackupStack deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SProtection deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SProtection deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsysSvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WsysSvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WsysSvc deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:

Added to C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\19\prefs.js:

Added to C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\19\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:

Added to C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\0

---- FireFox user.js and prefs.js backups ----

user_07-12-2013_1320_.backup

prefs_07-12-2013_1320_.backup

ProfilePath: C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\19

---- FireFox user.js and prefs.js backups ----

user_07-12-2013_1320_.backup

prefs_07-12-2013_1320_.backup

ProfilePath: C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

---- FireFox user.js and prefs.js backups ----

user_07-12-2013_1320_.backup

prefs_07-12-2013_1320_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]

@="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe"

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

""=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Optimizer Pro not found

C:\Program Files (x86)\SecretSauce not found

C:\Users\arentsen\AppData\Roaming\Systweak not found

"C:\windows\SysNative\GameMon.des.exe" not found

C:\ProgramData\eSafe deleted

C:\ProgramData\Iminent deleted

C:\Users\arentsen\AppData\Roaming\SaveSense deleted

C:\Program Files (x86)\IminentToolbar deleted

C:\Users\arentsen\AppData\Roaming\iminent deleted

C:\Program Files (x86)\Iminent deleted

C:\Program Files (x86)\MyPC Backup deleted

C:\ProgramData\BonanzaDealsLive deleted

C:\Program Files (x86)\BonanzaDealsLive deleted

C:\Program Files (x86)\BonanzaDeals deleted

C:\Users\arentsen\AppData\Roaming\DVDVideoSoftIEHelpers deleted

C:\Users\arentsen\AppData\Roaming\OpenCandy deleted

C:\Program Files (x86)\TornTV.com deleted

C:\Windows\syswow64\appdata deleted

C:\PROGRA~2\Mozilla Firefox\user.js deleted

C:\PROGRA~2\BitLord 2 deleted

C:\PROGRA~2\COMMON~1\Umbrella deleted

C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted

C:\PROGRA~2\SearchProtect deleted

C:\Program Files\IB Updater deleted

C:\PROGRA~2\Gophoto.it deleted

C:\PROGRA~2\Conduit deleted

C:\Users\arentsen\AppData\Roaming\BitLord deleted

C:\Users\arentsen\AppData\Roaming\File Scout deleted

C:\Users\arentsen\AppData\Roaming\DSite deleted

C:\ProgramData\Ask deleted

C:\ProgramData\APN deleted

C:\ProgramData\Partner deleted

C:\ProgramData\boost_interprocess deleted

C:\ProgramData\IBUpdaterService deleted

C:\ProgramData\Tarma Installer deleted

C:\Users\arentsen\AppData\Local\BonanzaDealsLive deleted

C:\Users\arentsen\AppData\Local\SearchProtect deleted

C:\Users\arentsen\AppData\Local\avgchrome deleted

C:\Users\arentsen\AppData\Local\Pokki deleted

C:\Users\arentsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx deleted

C:\Users\arentsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent deleted

C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup deleted

C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki deleted

C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard deleted

C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted

C:\Windows\SysNative\roboot64.exe deleted

C:\windows\SysNative\dmwu.exe deleted

C:\windows\SysNative\Tasks\DSite deleted

C:\Users\arentsen\Downloads\iLividSetup_B-r362-t-bc.exe deleted

C:\Users\arentsen\Downloads\FreeYouTubeToMP3Converter.exe deleted

C:\Users\arentsen\Downloads\FileConverter_1.4.exe deleted

C:\Users\arentsen\Downloads\SoftonicDownloader_voor_autocad.exe deleted

C:\Users\arentsen\Downloads\SoftonicDownloader_voor_free-youtube-to-mp3-converter.exe deleted

C:\Users\arentsen\AppData\LocalLow\Softonic deleted

C:\Users\arentsen\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com deleted

C:\Users\arentsen\AppData\LocalLow\Incredibar.com deleted

C:\Users\arentsen\AppData\LocalLow\PriceGong deleted

C:\Users\arentsen\AppData\LocalLow\Conduit deleted

C:\Windows\wininit.ini deleted

C:\windows\SysNative\Tasks\EPUpdater deleted

C:\windows\SysNative\tasks\QtraxPlayer deleted

C:\Windows\tasks\DSite.job deleted

C:\windows\SysNative\tasks\BitGuard deleted

C:\user.js deleted

C:\windows\SysNative\ljkb deleted

C:\Windows\Syswow64\jmdp_old deleted

C:\Windows\Syswow64\SearchProtect deleted

C:\Windows\SysWow64\AI_RecycleBin deleted

C:\Windows\SysWow64\searchplugins deleted

C:\Windows\SysWow64\Extensions deleted

C:\Users\arentsen\Documents\Optimizer Pro deleted

C:\Users\arentsen\Documents\BitLord deleted

C:\Users\arentsen\Desktop\MyPC Backup.lnk deleted

"C:\Windows\tasks\SaveSense.job" deleted

"C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job" deleted

"C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job" deleted

"C:\Windows\Installer\2cd80c0.msi" deleted

"C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\19\extensions\torntv@torntv.com.xpi" deleted

"C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe" deleted

"C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdate.dll" deleted

"C:\ProgramData\SaveSenseLive\Update\Log\SaveSenseLive.log" not deleted

"C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe" deleted

"C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdate.dll" deleted

"C:\Program Files (x86)\SaveSenseLive" not deleted

"C:\ProgramData\SaveSenseLive" not deleted

"C:\Program Files (x86)\SaveSenseLive" not deleted

"C:\Program Files (x86)\SaveSenseLive\Update" not deleted

"C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0" not deleted

"C:\ProgramData\SaveSenseLive\Update" not deleted

"C:\ProgramData\SaveSenseLive\Update\Log" not deleted

"C:\Program Files (x86)\SaveSenseLive\Update" not deleted

"C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\arentsen\AppData\Local\Temp ====

====== Java Cache =====

2013-11-15 14:15:43 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\arentsen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-6d619b3b

2013-11-15 14:15:31 A9D6ABE8B9937150A3D9AE30AD031840 99 ----a-w- C:\Users\arentsen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap

2013-11-15 14:15:31 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\arentsen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-673de396

2013-11-15 14:15:22 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\arentsen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-23a600e6

2013-11-15 14:15:33 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\arentsen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-333db403

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

====== C:\Windows\Tasks ======

2013-11-09 21:56:55 DC0AECEDF4A832C3796161FDF4CF7F89 3166 ----a-w- C:\Windows\Sysnative\Tasks\{02BF168A-AA48-423E-B29A-74E35BAEB2E9}

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-12-07 06:41:34 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

2013-11-22 18:42:11 -------- d-----w- C:\PROGRA~2\SaveSenseLive

2013-11-16 17:01:04 -------- d-----w- C:\PROGRA~2\DVDVideoSoft

2013-11-16 17:01:04 -------- d-----w- C:\PROGRA~2\COMMON~1\DVDVideoSoft

2013-11-15 14:12:32 -------- d-----w- C:\PROGRA~2\COMMON~1\Java

======= C: =====

====== C:\Users\arentsen\AppData\Roaming ======

2013-11-22 18:42:11 -------- d-----w- C:\Users\arentsen\AppData\Local\SaveSenseLive

2013-11-22 18:41:39 -------- d-----w- C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense

2013-11-22 18:38:04 -------- d-----w- C:\Users\arentsen\AppData\Roaming\Python-Eggs

====== C:\Users\arentsen ======

2013-12-07 06:41:15 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\arentsen\Downloads\RSITx64.exe

2013-11-22 18:42:11 -------- d-----w- C:\ProgramData\SaveSenseLive

2013-11-16 17:01:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

2013-11-15 14:14:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2013-11-15 14:11:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

====== C: exe-files ==

2013-12-07 06:41:36 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\arentsen.exe

2013-12-07 06:41:15 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\arentsen\Downloads\RSITx64.exe

2013-12-05 06:04:44 0C04A51D2892F0501FED4D0EAA43FA36 1751392 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\31.0.1650.63\31.0.1650.63_31.0.1650.57_chrome_updater.exe

2013-12-03 03:12:05 CA0A340ABCF0C14A09691CBC90186AB4 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleUpdateBroker.exe

2013-12-03 03:12:05 C98E0215F7B65F0DDEE0591BD57EDFA6 847128 ----a-w- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleUpdateSetup.exe

2013-12-03 03:12:05 600B1A4BCC0823A96DC7B86F005ADBB8 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe

2013-12-03 03:11:52 9CCBA5E2489E603BB1578D1D541252A8 273800 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

2013-12-03 03:11:52 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleUpdate.exe

2013-12-03 03:11:52 465680BDE344CE4FF6646626AA3A9125 223112 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

2013-12-03 03:11:49 C98E0215F7B65F0DDEE0591BD57EDFA6 847128 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.3\GoogleUpdateSetup.exe

=== C: other files ==

2013-12-07 02:21:33 5CA8C4CF3790A8EE6DBCD1EEB16DBD91 5547 ----a-w- C:\Users\arentsen\.rainlendar2\backups\20131207-Rainlendar2Backup.zip

2013-12-06 02:55:06 034F56A436B2995E266C4F3F858D2F77 5547 ----a-w- C:\Users\arentsen\.rainlendar2\backups\20131206-Rainlendar2Backup.zip

2013-12-05 01:49:33 7BBFA5ED3497F54EF7E63043E2F595D2 5547 ----a-w- C:\Users\arentsen\.rainlendar2\backups\20131205-Rainlendar2Backup.zip

2013-12-03 23:00:00 EB7E683AD51C419D552D4F5F42D74DEB 5547 ----a-w- C:\Users\arentsen\.rainlendar2\backups\20131204-Rainlendar2Backup.zip

2013-12-02 23:00:00 77F37AB24936493BA39AECD146377E16 5547 ----a-w- C:\Users\arentsen\.rainlendar2\backups\20131203-Rainlendar2Backup.zip

2013-12-02 02:14:42 E7672321DA759BE4439A169771234BA9 5547 ----a-w- C:\Users\arentsen\.rainlendar2\backups\20131202-Rainlendar2Backup.zip

2013-11-30 23:00:01 4383AA5F0C67B62B08EF1B874C70F69D 5547 ----a-w- C:\Users\arentsen\.rainlendar2\backups\20131201-Rainlendar2Backup.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2511679531-4247418346-2881348197-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="C:\Users\arentsen\AppData\Local\Akamai\netsession_win.exe"

"Rainlendar2"="C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

"20131121"="C:\Program Files\AVAST Software\Avast\setup\emupdate\64c60ec9-7315-4db1-ae6c-79a45d5f25fe.exe /check"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="C:\Users\arentsen\AppData\Local\Akamai\netsession_win.exe"

"Rainlendar2"="C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"Acer ePower Management"="C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe"

"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe "

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]

"Verjaardagen"=""

"msnmsgr"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

"Facebook Update"="\"C:\\Users\\arentsen\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

"12Voip"="\"C:\\Program Files (x86)\\12Voip.com\\12Voip\\12voip.exe\" -nosplash -minimized"

"swg"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

"BitTorrent"="\"C:\\Users\\arentsen\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe\" /MINIMIZED"

"SpybotSD TeaTimer"="C:\\Program Files (x86)\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

"IAStorIcon"="C:\\Program Files (x86)\\Intel\\Intel® Rapid Storage Technology\\IAStorIcon.exe"

"Aeria Ignite"="\"C:\\Program Files (x86)\\Aeria Games\\Ignite\\aeriaignite.exe\" silent"

"APSDaemon"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

"DivXMediaServer"="C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe"

"DivXUpdate"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

"BackupManagerTray"="\"C:\\Program Files (x86)\\NewTech Infosystems\\Packard Bell MyBackup\\BackupManagerTray.exe\" -h -k"

"OEM Upgrade DVD"="C:\\Program Files (x86)\\Packard Bell\\Upgrade Kit\\DVDMainStart.Launcher.exe"

"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

"Iminent"="C:\\Program Files (x86)\\Iminent\\Iminent.exe /warmup \"F77F87E5-A6BD-4922-A530-EDF63D7E9F8C\""

"IminentMessenger"="C:\\Program Files (x86)\\Iminent\\Iminent.Messengers.exe"

"NeroFilterCheck"="C:\\Windows\\system32\\NeroCheck.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aeria Ignite]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Aeria Ignite"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Aeria Games\\Ignite\\aeriaignite.exe\" silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Google Update"

"hkey"="HKCU"

"command"="\"C:\\Users\\arentsen\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Rainlendar2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Rainlendar2"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Rainlendar2\\Rainlendar2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Spotify"

"hkey"="HKCU"

"command"="\"C:\\Users\\arentsen\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Spotify Web Helper"

"hkey"="HKCU"

"command"="\"C:\\Users\\arentsen\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="swg"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="uTorrent"

"hkey"="HKCU"

"command"="\"C:\\Users\\arentsen\\Desktop\\uTorrent.exe\" /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^arentsen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

"item"="Dropbox"

"path"="C:\\Users\\arentsen\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"

"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\Users\\arentsen\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup"

==== Startup Folders ======================

2011-07-26 09:36:19 2148 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk

2010-09-25 22:16:41 2067 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [03-12-2013 07:13]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2511679531-4247418346-2881348197-1000Core.job --a------ C:\Users\arentsen\AppData\Local\Facebook\Update\FacebookUpdate.exe []

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2511679531-4247418346-2881348197-1000UA.job --a------ C:\Users\arentsen\AppData\Local\Facebook\Update\FacebookUpdate.exe []

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-06-2011 16:07]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-06-2011 16:07]

C:\Windows\tasks\HP Photo Creations Communicator.job --a------ C:\ProgramData\HP Photo Creations\Communicator.exe [25-03-2013 20:39]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2511679531-4247418346-2881348197-1000Core" [C:\Users\arentsen\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2511679531-4247418346-2881348197-1000UA" [C:\Users\arentsen\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe]

"C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 3050 J610 series" ["C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe"]

"C:\Windows\SysNative\tasks\{83E746E2-7602-477F-9F34-C2C74AE003C2}" [C:\Program Files (x86)\Verjaardagen\Verjaardagen.exe]

"C:\Windows\SysNative\tasks\{B4A4C17B-3BD8-45DE-88FB-58A157A6CC12}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe]

"C:\Windows\SysNative\tasks\{F79FC866-DE3C-4088-BFF5-7E7EA2F7749B}" ["c:\program files (x86)\internet explorer\iexplore.exe" ]Downloading

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\SysNative\tasks\Symantec\Symantec Error Analyzer 17.1.0.19" [C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\SymErr.exe]

"C:\Windows\SysNative\tasks\Symantec\Symantec Error Processor 17.1.0.19" [C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\SymErr.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"="C:\Program Files\IB Updater\Firefox" []

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"="C:\Program Files\IB Updater\Firefox" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\0

- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

- Online HD TV - %ProfilePath%\extensions\onlinehdtv@onlinehd.tv.xpi

ExtDir: C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

- GoPhotoIt - %ExtDir%\gophoto@gophoto.it.xpi

==== Firefox Plugins ======================

==== Deleted Firefox Extensions ======================

C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\onlinehdtv@onlinehd.tv.xpi deleted

C:\Users\arentsen\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dkinklhnkmkhkhofcnapakaoehijaoih - C:\Program Files (x86)\OnlineHD.TV\onhd10.crx[]

dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\IB Updater\source.crx[]

efbkdhmfnmnmfimllbjamfodcoanhmdd - C:\Users\arentsen\AppData\Local\WebToSave.crx[]

hnofepcmbghfcimfbjicplikedjcnalm - C:\Users\arentsen\AppData\Local\CouponsMalibu.crx[]

ifohbjbgfchkkfhphahclmkpgejiplfo - C:\Users\arentsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx[]

kcendgajlhoaiiccpijilcpmgphfflnj - C:\Users\arentsen\AppData\Local\newhb.crx[]

lladpgmmlijbmhfknhgkenkhikoaapmj - C:\Users\arentsen\AppData\Local\RealSummerSale.crx[]

pkhojieggfgllhllcegoffdcnmdeojgb - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminent.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

efbkdhmfnmnmfimllbjamfodcoanhmdd - C:\Users\arentsen\AppData\Local\WebToSave.crx[]

hnofepcmbghfcimfbjicplikedjcnalm - C:\Users\arentsen\AppData\Local\CouponsMalibu.crx[]

kcendgajlhoaiiccpijilcpmgphfflnj - C:\Users\arentsen\AppData\Local\newhb.crx[]

lladpgmmlijbmhfknhgkenkhikoaapmj - C:\Users\arentsen\AppData\Local\RealSummerSale.crx[]

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[29-10-2013 21:08]

Safe ads - arentsen - Default\Extensions\hcggmljcgggleponbhifaannmoimdnob

SaveSense - arentsen - Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk

DVDVideoSoft - arentsen - Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp

Google Wallet - arentsen - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chrome Fix ======================

C:\Users\arentsen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage deleted successfully

C:\Users\arentsen\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kcendgajlhoaiiccpijilcpmgphfflnj deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{3C0097E0-9032-4E39-B242-92D21BDA7D58}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3C0097E0-9032-4E39-B242-92D21BDA7D58}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_nlNL437"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\arentsen\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\arentsen\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\arentsen\Desktop\Ad-aware 6.0.lnk - C:\Program Files (x86)\Lavasoft\Ad-aware 6\UNWISE.EXE /W1 "C:\Program Files (x86)\Lavasoft\Ad-aware 6\INSTALL.LOG"

C:\Users\arentsen\Desktop\Continue VLC Media Player Installation.lnk - C:\Users\arentsen\AppData\Local\Temp\Shortcut_VLCMediaPlayerSDM.exe -Shortcut

C:\Users\arentsen\Desktop\Dropbox.lnk - C:\Users\arentsen\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\arentsen\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe QVO6

C:\Users\arentsen\Desktop\Opgeruimd\12Voip.lnk - C:\Program Files (x86)\12Voip.com\12Voip\12Voip.exe

C:\Users\arentsen\Desktop\Opgeruimd\Internetbrowser selecteren.lnk - C:\Windows\System32\browserchoice.exe /launch

C:\Users\arentsen\Desktop\Opgeruimd\intranet guler - Snelkoppeling (2).lnk - C:\Users\arentsen\Documents\intranet guler.txt

C:\Users\arentsen\Desktop\Opgeruimd\intranet guler - Snelkoppeling.lnk - C:\Users\arentsen\Documents\intranet guler.txt

C:\Users\arentsen\Desktop\Opgeruimd\converteren\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\avast Free Antivirus.lnk -

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe

C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe QVO6

C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts in Users Start Menu ======================

C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk - C:\Users\arentsen\AppData\Roaming\BitTorrent\BitTorrent.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe QVO6

C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe QVO6

C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\arentsen\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk - C:\Program Files (x86)\SaveSense\uninst.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free YouTube to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\PremiumMembershipOffer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell - Security & Support\Contact.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe QVO6

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts in Quick Launch ======================

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Users\arentsen\AppData\Roaming\BitTorrent\BitTorrent.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe QVO6

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Ahead\Nero StartSmart\NeroStartSmart.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk - C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe QVO6

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe QVO6

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe QVO6

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\arentsen\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell - Security & Support\Contact.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\61386F821F8B50E4ABFD24BDCE4BF0E0 deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hnofepcmbghfcimfbjicplikedjcnalm deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\hnofepcmbghfcimfbjicplikedjcnalm deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lladpgmmlijbmhfknhgkenkhikoaapmj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lladpgmmlijbmhfknhgkenkhikoaapmj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\hnofepcmbghfcimfbjicplikedjcnalm deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lladpgmmlijbmhfknhgkenkhikoaapmj deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\61386F821F8B50E4ABFD24BDCE4BF0E0 deleted successfully

HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D14143D5782BEE842A45208B63A8E465 deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aeria Ignite deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\arentsen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\arentsen\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\arentsen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\arentsen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\arentsen\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\arentsen\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\SaveSenseLive\Update\Log\SaveSenseLive.log" deleted

"C:\Users\arentsen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Program Files (x86)\SaveSenseLive" not found

"C:\ProgramData\SaveSenseLive" deleted

"C:\Program Files (x86)\SaveSenseLive" not found

"C:\Users\arentsen\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UPPJJVWF\www.cartoonnetwork.com" not found

==== EOF on za 07-12-2013 at 14:01:20,66 ======================

- - - Updated - - -

ik zie nu dat mijn startpagina weer normaal is:adore: echt superbedankt voor je hulp. en dan ook echt super bedankt heb me rot gezocht om dit weg te krijgen maar lukte me niet vandaar hulp hier gezocht. super dat jullie er zijn

[kape]

We gaan nog even verder, want zijn er nog niet helemaal:

Dubbelklik op Zoek.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  C:\Users\arentsen\AppData\Local\SaveSenseLive;fs
 C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense;fs
 C:\Users\arentsen\AppData\Roaming\Python-Eggs;fs
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-];r64
 "Iminent"=-;r64
 "IminentMessenger"=-;r64
 [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions];r64
 "{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"=-;r64
 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions];r64
 "{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"=-;r64
 C:\Users\arentsen\Desktop\Internet Explorer.lnk;f
 C:\Users\Public\Desktop\Google Chrome.lnk;f
 C:\Program Files (x86)\SaveSenseLive;fs
 C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk;f
 C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk;f
 C:\Users\arentsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk;f
 C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk;f
 C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk;f
 C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk;f
 C:\Users\arentsen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk;f
 autoclean;

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.