trage laptop

[kobus1234]

hallo, mijn ACER laptop is zeer traag en loopt steeds vast. wie kan mij helpen

[Jion]

Hoi kobus1234,

We zullen eerst een nagaan of malware de oorzaak is van je probleem:

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• 
  
• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• 
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

Bekijk ook de instructievideo.

[kobus1234]

Logfile of random's system information tool 1.09 (written by random/random)

Run by Administrator at 2014-01-06 20:39:15

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 105 GB (47%) free of 225 GB

Total RAM: 1978 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:39:27, on 6-1-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoek 08:02:50&v=11.0.0.9&sap=hp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101127192654.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup

O4 - HKCU\..\Run: [ROC_JAN2013_TB] "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB

O4 - HKUS\S-1-5-21-3528590432-565519147-809439562-1000\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" (User 'Gebruiker')

O4 - HKUS\S-1-5-21-3528590432-565519147-809439562-1000\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'Gebruiker')

O4 - HKUS\S-1-5-21-3528590432-565519147-809439562-1000\..\Run: [skyDrive] "C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background (User 'Gebruiker')

O4 - HKUS\S-1-5-21-3528590432-565519147-809439562-1000\..\Run: [Google Update] "C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Gebruiker')

O4 - HKUS\S-1-5-21-3528590432-565519147-809439562-1000\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Gebruiker')

O4 - HKUS\S-1-5-21-3528590432-565519147-809439562-1000\..\Run: [Google+ Auto Backup] "C:\Users\Gebruiker\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart (User 'Gebruiker')

O4 - S-1-5-21-3528590432-565519147-809439562-1000 Startup: Dropbox.lnk = Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Gebruiker')

O4 - S-1-5-21-3528590432-565519147-809439562-1000 Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (User 'Gebruiker')

O4 - S-1-5-21-3528590432-565519147-809439562-1000 Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (User 'Gebruiker')

O4 - S-1-5-21-3528590432-565519147-809439562-1000 User Startup: Dropbox.lnk = Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Gebruiker')

O4 - S-1-5-21-3528590432-565519147-809439562-1000 User Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (User 'Gebruiker')

O4 - S-1-5-21-3528590432-565519147-809439562-1000 User Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (User 'Gebruiker')

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab

O16 - DPF: {63428D84-81E6-4C11-B2F1-2F9ED15E3F2F} (Ashampoo Online Virus Scanner) - http://virusscan.ashampoo.com/ashampoo_webscan.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{83E2870F-CA42-4317-8F59-3283DB41DAA1}: NameServer = 192.168.29.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\HelperService.exe

O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\ConversionService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 16242 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

"c:\Program Files\Microsoft Security Client\MsMpEng.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe 3265200

\??\C:\Windows\system32\conhost.exe "-29785505011808497149493405411610651079-484200455-4506110981687559427-1420361933

C:\Windows\System32\spoolsv.exe

taskeng.exe {AE81CF4B-8011-4744-AB65-930D4E4BBF31}

"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"

C:\Windows\system32\svchost.exe -k apphost

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

"C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe" service

"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"

"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"

"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

"C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe"

"c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS

"C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe"

"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"

"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE

"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe"

"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000778

"C:\Program Files (x86)\PDF Architect\HelperService.exe"

"C:\Program Files (x86)\PDF Architect\ConversionService.exe"

C:\Windows\SysWOW64\IoctlSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"

C:\Windows\system32\svchost.exe -k iissvcs

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 2156

C:\Windows\system32\DllHost.exe /Processid:{48DA6741-1BF0-4A44-8325-293086C79077}

"c:\Program Files\Microsoft Security Client\NisSrv.exe"

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-246fc112-f57b-4b04-8603-a92074ecb367 -SystemEventPortName:HostProcess-467f88ed-aa3b-4e6e-be13-b5731b60e613 -IoCancelEventPortName:HostProcess-3fbff629-e0b9-4c33-9601-5a0c00891700 -NonStateChangingEventPortName:HostProcess-1ca4eee0-7b09-4257-b6d3-89d8d584b1f5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b8c78fc2-dc84-4d4f-9bad-14bd31f5c6be -DeviceGroupId:WpdFsGroup

"taskhost.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"C:\Program Files\Zune\ZuneLauncher.exe"

"C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

"C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"C:\Users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe"

"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"

"C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

C:\Windows\system32\svchost.exe -k WindowsMobile

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"taskhost.exe"

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

winlogon.exe

"C:\Windows\system32\Dwm.exe"

"taskhost.exe"

C:\Windows\Explorer.EXE

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"taskhost.exe"

"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"C:\Program Files\Zune\ZuneLauncher.exe"

"C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup

"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\sppsvc.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5188 CREDAT:209921 /prefetch:2

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3528590432-565519147-809439562-50016_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3528590432-565519147-809439562-50016 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"

"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5188 CREDAT:603164 /prefetch:2

"C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JMSHERY\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3528590432-565519147-809439562-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3528590432-565519147-809439562-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101127192654.dll [2010-10-13 78968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-06 256080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]

PDF Architect Helper - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2012-11-22 91784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-03 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101127192654.dll [2010-10-13 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-06 194640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-03 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -

!{98889811-442D-49dd-99D7-DC866BE87DBC}

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-06 256080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

!{98889811-442D-49dd-99D7-DC866BE87DBC}

{25A3A431-30BB-47C8-AD6A-E1063801134F} - PDF Architect Toolbar - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2012-11-22 731784]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-06 194640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912]

"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 163552]

"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun []

"Registry Cleaner Scheduler"=C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe [2012-05-12 1403640]

"ROC_JAN2013_TB"=C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe /PROMPT /CMPID=JAN2013_TB []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-03-11 407920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-03-11 201584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup]

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-06 11057768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13 17418928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]

C:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 163552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Cheetah Sync.lnk]

C:\Users\Gebruiker\AppData\Roaming\Microsoft\Installer\{0600EEDA-11EA-4588-81F3-8F1D89FC83DE}\_57396F6D95A618E977BED0.exe [2012-05-06 292326]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]

C:\PROGRA~2\PDANET~1\PdaNetPC.exe [2011-11-25 480880]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2014-01-02 684600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2009-09-02 259584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2013-12-25 243200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

"RestrictRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-01-06 20:39:17 ----D---- C:\Program Files\trend micro

2014-01-06 20:39:15 ----D---- C:\rsit

2014-01-04 23:52:53 ----A---- C:\Windows\system32\ieetwcollectorres.dll

2014-01-04 23:52:52 ----A---- C:\Windows\system32\ieui.dll

2014-01-04 23:52:51 ----A---- C:\Windows\SYSWOW64\ieui.dll

2014-01-04 23:52:51 ----A---- C:\Windows\system32\jsproxy.dll

2014-01-04 23:52:50 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2014-01-04 23:52:50 ----A---- C:\Windows\system32\ieUnatt.exe

2014-01-04 23:52:50 ----A---- C:\Windows\system32\iernonce.dll

2014-01-04 23:52:50 ----A---- C:\Windows\system32\ie4uinit.exe

2014-01-04 23:52:49 ----A---- C:\Windows\system32\iesetup.dll

2014-01-04 23:52:48 ----A---- C:\Windows\system32\ieetwproxystub.dll

2014-01-04 23:52:48 ----A---- C:\Windows\system32\ieetwcollector.exe

2014-01-04 23:52:45 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll

2014-01-04 23:52:45 ----A---- C:\Windows\system32\mshtml.dll

2014-01-04 23:52:45 ----A---- C:\Windows\system32\jscript9diag.dll

2014-01-04 23:52:45 ----A---- C:\Windows\system32\ieapfltr.dll

2014-01-04 23:52:44 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll

2014-01-04 23:52:44 ----A---- C:\Windows\system32\iertutil.dll

2014-01-04 23:52:43 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2014-01-04 23:52:42 ----A---- C:\Windows\SYSWOW64\wininet.dll

2014-01-04 23:52:42 ----A---- C:\Windows\system32\wininet.dll

2014-01-04 23:52:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2014-01-04 23:52:41 ----A---- C:\Windows\system32\urlmon.dll

2014-01-04 23:52:38 ----A---- C:\Windows\system32\ieframe.dll

2014-01-04 23:52:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2014-01-04 23:52:31 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2014-01-04 23:52:29 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2014-01-04 23:52:29 ----A---- C:\Windows\system32\jscript9.dll

2013-12-25 10:06:08 ----A---- C:\Windows\system32\IEUDINIT.EXE

2013-12-25 09:59:51 ----A---- C:\Windows\SYSWOW64\elshyph.dll

2013-12-25 09:59:51 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe

2013-12-25 09:59:35 ----A---- C:\Windows\SYSWOW64\jsIntl.dll

2013-12-25 09:59:35 ----A---- C:\Windows\system32\elshyph.dll

2013-12-25 09:59:34 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe

2013-12-25 09:59:34 ----A---- C:\Windows\SYSWOW64\msrating.dll

2013-12-25 09:59:34 ----A---- C:\Windows\SYSWOW64\msls31.dll

2013-12-25 09:59:32 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll

2013-12-25 09:59:31 ----A---- C:\Windows\SYSWOW64\url.dll

2013-12-25 09:59:31 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat

2013-12-25 09:59:31 ----A---- C:\Windows\SYSWOW64\dxtrans.dll

2013-12-25 09:59:31 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll

2013-12-25 09:59:30 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll

2013-12-25 09:59:29 ----A---- C:\Windows\SYSWOW64\licmgr10.dll

2013-12-25 09:59:29 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2013-12-25 09:59:29 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2013-12-25 09:59:29 ----A---- C:\Windows\SYSWOW64\icardie.dll

2013-12-25 09:59:28 ----A---- C:\Windows\SYSWOW64\wextract.exe

2013-12-25 09:59:28 ----A---- C:\Windows\SYSWOW64\webcheck.dll

2013-12-25 09:59:28 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll

2013-12-25 09:59:28 ----A---- C:\Windows\SYSWOW64\inseng.dll

2013-12-25 09:59:28 ----A---- C:\Windows\SYSWOW64\iexpress.exe

2013-12-25 09:59:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2013-12-25 09:59:27 ----A---- C:\Windows\SYSWOW64\pngfilt.dll

2013-12-25 09:59:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2013-12-25 09:59:27 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\occache.dll

2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll

2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\mshta.exe

2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe

2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll

2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\jscript.dll

2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\imgutil.dll

2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\iepeers.dll

2013-12-25 09:59:26 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll

2013-12-25 09:59:25 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe

2013-12-25 09:59:25 ----A---- C:\Windows\SYSWOW64\mshtmler.dll

2013-12-25 09:59:25 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll

2013-12-25 09:59:24 ----A---- C:\Windows\SYSWOW64\iesysprep.dll

2013-12-25 09:59:23 ----A---- C:\Windows\system32\jsIntl.dll

2013-12-25 09:59:22 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe

2013-12-25 09:59:22 ----A---- C:\Windows\system32\msrating.dll

2013-12-25 09:59:22 ----A---- C:\Windows\system32\msls31.dll

2013-12-25 09:59:22 ----A---- C:\Windows\system32\msfeedsbs.dll

2013-12-25 09:59:21 ----A---- C:\Windows\system32\SetIEInstalledDate.exe

2013-12-25 09:59:21 ----A---- C:\Windows\system32\mshtmler.dll

2013-12-25 09:59:21 ----A---- C:\Windows\system32\msfeedssync.exe

2013-12-25 09:59:21 ----A---- C:\Windows\system32\iesysprep.dll

2013-12-25 09:59:21 ----A---- C:\Windows\system32\IEAdvpack.dll

2013-12-25 09:59:20 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll

2013-12-25 09:59:20 ----A---- C:\Windows\system32\dxtrans.dll

2013-12-25 09:59:20 ----A---- C:\Windows\system32\dxtmsft.dll

2013-12-25 09:59:19 ----A---- C:\Windows\system32\webcheck.dll

2013-12-25 09:59:19 ----A---- C:\Windows\system32\url.dll

2013-12-25 09:59:19 ----A---- C:\Windows\system32\mshtmlmedia.dll

2013-12-25 09:59:19 ----A---- C:\Windows\system32\licmgr10.dll

2013-12-25 09:59:19 ----A---- C:\Windows\system32\iedkcs32.dll

2013-12-25 09:59:19 ----A---- C:\Windows\system32\ieapfltr.dat

2013-12-25 09:59:19 ----A---- C:\Windows\system32\icardie.dll

2013-12-25 09:59:18 ----A---- C:\Windows\system32\wextract.exe

2013-12-25 09:59:18 ----A---- C:\Windows\system32\vbscript.dll

2013-12-25 09:59:18 ----A---- C:\Windows\system32\pngfilt.dll

2013-12-25 09:59:18 ----A---- C:\Windows\system32\occache.dll

2013-12-25 09:59:18 ----A---- C:\Windows\system32\mshtmled.dll

2013-12-25 09:59:18 ----A---- C:\Windows\system32\msfeeds.dll

2013-12-25 09:59:18 ----A---- C:\Windows\system32\inseng.dll

2013-12-25 09:59:18 ----A---- C:\Windows\system32\iexpress.exe

2013-12-25 09:59:17 ----A---- C:\Windows\system32\MshtmlDac.dll

2013-12-25 09:59:17 ----A---- C:\Windows\system32\mshta.exe

2013-12-25 09:59:17 ----A---- C:\Windows\system32\jscript.dll

2013-12-25 09:59:17 ----A---- C:\Windows\system32\imgutil.dll

2013-12-25 09:59:17 ----A---- C:\Windows\system32\iepeers.dll

2013-12-23 20:32:50 ----A---- C:\Windows\SYSWOW64\GPhotos.scr

2013-12-12 22:14:56 ----A---- C:\Windows\system32\wmploc.DLL

2013-12-12 22:14:55 ----A---- C:\Windows\SYSWOW64\wmploc.DLL

2013-12-12 22:14:54 ----A---- C:\Windows\SYSWOW64\wmp.dll

2013-12-12 22:14:52 ----A---- C:\Windows\system32\wmp.dll

2013-12-12 22:01:03 ----D---- C:\Program Files (x86)\GUMBD55.tmp

2013-12-12 22:01:03 ----A---- C:\Program Files (x86)\GUTBD56.tmp

2013-12-10 22:37:00 ----A---- C:\Windows\system32\tzres.dll

2013-12-10 22:36:59 ----A---- C:\Windows\SYSWOW64\tzres.dll

2013-12-10 22:36:41 ----A---- C:\Windows\SYSWOW64\msieftp.dll

2013-12-10 22:36:41 ----A---- C:\Windows\system32\msieftp.dll

2013-12-10 22:36:40 ----A---- C:\Windows\system32\win32k.sys

2013-12-10 22:36:38 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll

2013-12-10 22:36:38 ----A---- C:\Windows\system32\WMPhoto.dll

2013-12-10 22:36:37 ----A---- C:\Windows\SYSWOW64\imagehlp.dll

2013-12-10 22:36:37 ----A---- C:\Windows\system32\imagehlp.dll

2013-12-10 22:36:36 ----A---- C:\Windows\system32\drivers\portcls.sys

2013-12-10 22:36:36 ----A---- C:\Windows\system32\drivers\drmk.sys

2013-12-10 22:35:49 ----A---- C:\Windows\SYSWOW64\wscript.exe

2013-12-10 22:35:49 ----A---- C:\Windows\SYSWOW64\scrrun.dll

2013-12-10 22:35:49 ----A---- C:\Windows\SYSWOW64\cscript.exe

2013-12-10 22:35:49 ----A---- C:\Windows\system32\wscript.exe

2013-12-10 22:35:49 ----A---- C:\Windows\system32\scrrun.dll

2013-12-10 22:35:49 ----A---- C:\Windows\system32\cscript.exe

2013-12-07 20:45:02 ----D---- C:\32788R22FWJFW

======List of files/folders modified in the last 1 month======

2014-01-06 20:39:24 ----D---- C:\Windows\Temp

2014-01-06 20:39:17 ----RD---- C:\Program Files

2014-01-06 20:31:41 ----AD---- C:\ProgramData\Temp

2014-01-06 20:30:49 ----D---- C:\Windows\inf

2014-01-06 19:58:26 ----D---- C:\Windows\system32\config

2014-01-06 19:29:59 ----D---- C:\Windows\winsxs

2014-01-06 19:26:29 ----D---- C:\Windows\SysWOW64

2014-01-06 19:26:29 ----D---- C:\Program Files\Internet Explorer

2014-01-06 19:26:29 ----D---- C:\Program Files (x86)\Internet Explorer

2014-01-06 19:26:28 ----D---- C:\Windows\System32

2014-01-04 23:53:16 ----D---- C:\Windows\system32\catroot

2014-01-04 23:53:15 ----D---- C:\Windows\system32\catroot2

2014-01-04 23:52:18 ----SHD---- C:\System Volume Information

2014-01-04 22:10:23 ----SHD---- C:\Windows\Installer

2014-01-04 22:10:22 ----D---- C:\Config.Msi

2014-01-04 21:49:59 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-01-04 21:38:49 ----D---- C:\Windows

2014-01-03 01:00:27 ----D---- C:\Windows\Panther

2014-01-03 01:00:25 ----D---- C:\Windows\Logs

2014-01-03 01:00:25 ----D---- C:\Windows\debug

2014-01-02 22:50:26 ----D---- C:\Windows\system32\drivers

2014-01-02 22:43:27 ----D---- C:\Windows\system32\LogFiles

2013-12-25 10:22:29 ----D---- C:\Windows\SYSWOW64\nl-NL

2013-12-25 10:22:28 ----D---- C:\Windows\system32\nl-NL

2013-12-25 10:22:25 ----D---- C:\Windows\SYSWOW64\migration

2013-12-25 10:22:25 ----D---- C:\Windows\SYSWOW64\en-US

2013-12-25 10:22:21 ----D---- C:\Windows\system32\migration

2013-12-25 10:22:21 ----D---- C:\Windows\system32\en-US

2013-12-25 10:22:21 ----D---- C:\Windows\PolicyDefinitions

2013-12-25 09:55:56 ----D---- C:\Windows\system32\MRT

2013-12-25 09:46:02 ----A---- C:\Windows\system32\MRT.exe

2013-12-15 21:45:43 ----D---- C:\Program Files (x86)\Windows Media Player

2013-12-15 21:45:35 ----D---- C:\Program Files\Windows Media Player

2013-12-15 21:45:00 ----D---- C:\Windows\system32\DriverStore

2013-12-12 22:14:25 ----D---- C:\ProgramData\Microsoft Help

2013-12-12 22:01:03 ----RD---- C:\Program Files (x86)

2013-12-10 23:38:57 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2013-12-07 20:55:02 ----D---- C:\Program Files\Speccy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696]

R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-10-13 529128]

R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-10-13 283360]

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2014-01-02 131576]

R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2014-01-02 28600]

R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 75032]

R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]

R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]

R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2014-01-02 108440]

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944]

R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-20 146432]

R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-06-03 4171328]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-02 7369728]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-06 2419176]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-10-13 190136]

R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-10-13 441328]

R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2010-04-20 18432]

R3 pneteth;PdaNet Broadband; C:\Windows\system32\DRIVERS\pneteth.sys [2011-11-24 15360]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-12-10 301104]

R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2010-07-09 17408]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-10-13 62800]

S3 cpuz135;cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys []

S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2012-04-18 19304]

S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0; C:\Windows\system32\drivers\libusb0.sys [2011-12-20 29184]

S3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-10-13 121248]

S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-10-13 94864]

S3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista; C:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 RemoteControl-USBLAN;RemoteControl-USBLAN; C:\Windows\system32\DRIVERS\rcblan.sys [2007-01-24 46616]

S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2011-05-06 28416]

S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 19968]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]

S3 usbUDisc;usbUDisc; C:\Windows\system32\DRIVERS\USBDrv_AMD64.sys [2012-03-29 17280]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S4 RsFx0150;RsFx0150 Driver; C:\Windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira Planner; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-01-02 440376]

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-01-02 440376]

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 BotkindSyncService;Botkind Service; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [2012-11-19 182784]

R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]

R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]

R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-13 149032]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]

R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]

R2 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]

R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568]

R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]

R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312]

R2 PDF Architect Service;PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]

R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-04-03 146272]

R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]

R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]

R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]

R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 136176]

S2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-10-13 200056]

S2 MsDepSvc;Web Deployment Agent Service; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10 257416]

S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-16 655624]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 136176]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-12-06 194032]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-27 1255736]

S4 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-01-02 1011768]

S4 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]

S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-04-03 267616]

-----------------EOF-----------------

[Jion]

Je hebt 2 virusscanners geïnstalleerd staan: McAffee en Avira.

Ga via je Configuratiescherm naar Programma's verwijderen en verwijder daar 1 van beide.

(Ik raad aan om Avira te houden en McAffee te verwijderen).

Herstart hierna de computer.

Download Zoek.zip naar het bureaublad.

• 
  
• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

{3A2D5EBA-F86D-4BD3-A177-019765996711};c
C:\Program Files (x86)\PDF Architect;fs
{98889811-442D-49dd-99D7-DC866BE87DBC};c
{25A3A431-30BB-47C8-AD6A-E1063801134F};c
C:\Program Files (x86)\AVG Secure Search;fs
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"ROC_JAN2013_TB"=-;r
autoclean;
iedefaults;
emptyclsid;
startupall; 
filesrcm;

• 
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[kobus1234]

Je hebt 2 virusscanners geïnstalleerd staan: McAffee en Avira.

Ga via je Configuratiescherm naar Programma's verwijderen en verwijder daar 1 van beide.

(Ik raad aan om Avira te houden en McAffee te verwijderen).

Herstart hierna de computer.

Download Zoek.zip naar het bureaublad.

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

{3A2D5EBA-F86D-4BD3-A177-019765996711};c
C:\Program Files (x86)\PDF Architect;fs
{98889811-442D-49dd-99D7-DC866BE87DBC};c
{25A3A431-30BB-47C8-AD6A-E1063801134F};c
C:\Program Files (x86)\AVG Secure Search;fs
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"ROC_JAN2013_TB"=-;r
autoclean;
iedefaults;
emptyclsid;
startupall; 
filesrcm;

• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

sorry voor het late bericht, was met vakantie,

Zoek.exe v5.0.0.0 Updated 20-Januari-2014

Tool run by Gebruiker on 20.jan.2014 at 23:37:54,54.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Gebruiker\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

20.jan.2014 23:40:01 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample__0002.zip ======================

Process iexplore.exe killed

Copied file C:\Users\Gebruiker\ace_upgrade.exe to sample\ace_upgrade.exe

Copied file C:\Users\Gebruiker\devcon.exe to sample\devcon.exe

Copied file C:\Users\Gebruiker\drvInst64.exe to sample\drvInst64.exe

Copied file C:\Users\Gebruiker\farexec-service.exe to sample\farexec-service.exe

Copied file C:\Users\Gebruiker\hqtray.exe to sample\hqtray.exe

Copied file C:\Users\Gebruiker\vixDiskMountServer.exe to sample\vixDiskMountServer.exe

Copied file C:\Users\Gebruiker\vmnat.exe to sample\vmnat.exe

Copied file C:\Users\Gebruiker\vmnetcfg.exe to sample\vmnetcfg.exe

Copied file C:\Users\Gebruiker\VMnetDHCP.exe to sample\VMnetDHCP.exe

Copied file C:\Users\Gebruiker\vmplayer-service.exe to sample\vmplayer-service.exe

Copied file C:\Users\Gebruiker\vmplayer.exe to sample\vmplayer.exe

Copied file C:\Users\Gebruiker\vmrun.exe to sample\vmrun.exe

Copied file C:\Users\Gebruiker\vmss2core.exe to sample\vmss2core.exe

Copied file C:\Users\Gebruiker\vmUpdateLauncher.exe to sample\vmUpdateLauncher.exe

Copied file C:\Users\Gebruiker\vmware-fullscreen.exe to sample\vmware-fullscreen.exe

Copied file C:\Users\Gebruiker\vmware-remotemks.exe to sample\vmware-remotemks.exe

Copied file C:\Users\Gebruiker\vmware-tray.exe to sample\vmware-tray.exe

Copied file C:\Users\Gebruiker\vmware-unity-helper.exe to sample\vmware-unity-helper.exe

Copied file C:\Users\Gebruiker\vmware-usbarbitrator.exe to sample\vmware-usbarbitrator.exe

Copied file C:\Users\Gebruiker\vmware-vdiskmanager.exe to sample\vmware-vdiskmanager.exe

Copied file C:\Users\Gebruiker\vmware-vmx-debug.exe to sample\vmware-vmx-debug.exe

Copied file C:\Users\Gebruiker\vmware-vmx-stats.exe to sample\vmware-vmx-stats.exe

Copied file C:\Users\Gebruiker\vmware-vmx.exe to sample\vmware-vmx.exe

Copied file C:\Users\Gebruiker\vmware.exe to sample\vmware.exe

Copied file C:\Users\Gebruiker\vnetlib.exe to sample\vnetlib.exe

Copied file C:\Users\Gebruiker\vnetsniffer.exe to sample\vnetsniffer.exe

Copied file C:\Users\Gebruiker\vnetstats.exe to sample\vnetstats.exe

Copied file C:\Users\Gebruiker\vprintproxy.exe to sample\vprintproxy.exe

Copied file C:\Users\Gebruiker\vssSnapVista64.exe to sample\vssSnapVista64.exe

Copied file C:\Users\Gebruiker\WiFiManager_v57_Trial.exe to sample\WiFiManager_v57_Trial.exe

sample\ace_upgrade.exe renamed to 4B3236757B6575389FC878437097FE92

sample\devcon.exe renamed to C4B470269324517EE838789C7CF5E606

sample\drvInst64.exe renamed to D0294F6379C9DC389B0B4C6489120186

sample\farexec-service.exe renamed to A29F11EB292D64BA177DB04E79780A15

sample\hqtray.exe renamed to 724F35F60C3892075B6EDB25035BB69E

sample\vixDiskMountServer.exe renamed to 2722CF6ADC27F27098AC093E1F107D60

sample\vmnat.exe renamed to 94108996405446AE95F56606FD702A43

sample\vmnetcfg.exe renamed to DE780DEF07AB6883C6594E8D0FFCB73D

sample\VMnetDHCP.exe renamed to 8BB18290BAA79BFB99475223E0585CA5

sample\vmplayer-service.exe renamed to 23D721B762B33C7AA1903D2777822D75

sample\vmplayer.exe renamed to 0CF91CB088F5DEBC3FEC2AF695B346D5

sample\vmrun.exe renamed to 1FDB50DDD6FC97629B62A9B2D078819A

sample\vmss2core.exe renamed to D30D9AB44DBB1CE15410CD6EDF795FCE

sample\vmUpdateLauncher.exe renamed to FA4BB04A80D1511FF745EA73D2FB0E43

sample\vmware-fullscreen.exe renamed to 67F742FB140D175B36FE5CA9C8AEAA2C

sample\vmware-remotemks.exe renamed to EC6A9AE095B54422C5373172800F3BB6

sample\vmware-tray.exe renamed to DC9A2FAC79856FDB980FC28EB4D7C196

sample\vmware-unity-helper.exe renamed to F16C849AE1D6B51F96CFD81BB4ED03D2

sample\vmware-usbarbitrator.exe renamed to 26BD025B6D74D1C345D13FF9C509E893

sample\vmware-vdiskmanager.exe renamed to 1FD5F772C734EE104293EDD3D5593571

sample\vmware-vmx-debug.exe renamed to 045D66BD13D817BE16A01DC12D7F7911

sample\vmware-vmx-stats.exe renamed to FF12EB363FC6CFB265EBA328E4064568

sample\vmware-vmx.exe renamed to C5F6EAA7B28FD1C2458281FE62B05DD9

sample\vmware.exe renamed to C0DBA32D028ECF9946522E97E7F5AF8F

sample\vnetlib.exe renamed to 1A2B40BC2F2C9F4784C69380E89E649F

sample\vnetsniffer.exe renamed to 8B71A19A7DFFAA83444D39BBFE025731

sample\vnetstats.exe renamed to BED228A9773117E2EAEECBDA8510E6BA

sample\vprintproxy.exe renamed to 660D83773A992812B2988102C8911E30

sample\vssSnapVista64.exe renamed to 53EDAD6E3E5CDC0D859C92846E79CEFA

sample\WiFiManager_v57_Trial.exe renamed to CAFC0298A8D6F36AA8739B5611DCDCF4

C:\Users\Public\Desktop\sample__0002.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A2D5EBA-F86D-4BD3-A177-019765996711} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A2D5EBA-F86D-4BD3-A177-019765996711} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3D8F9775-0397-41A7-873A-D4E7DF977B61} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{783B5826-A51A-49A4-A2CA-7FBDF981C402} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EA1BE7FA-498E-4E43-93C1-D48A9804EA3A} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38542454-DFB6-44F5-B052-D4E071A3D073} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{38542454-DFB6-44F5-B052-D4E071A3D073} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46735DEE-F862-49D1-876D-6382794DC625} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46735DEE-F862-49D1-876D-6382794DC625} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3A2D5EBA-F86D-4BD3-A177-019765996711} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{38542454-DFB6-44F5-B052-D4E071A3D073} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46735DEE-F862-49D1-876D-6382794DC625} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9427041A-A8DC-4D06-9A68-93873486E957} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully

HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0734D757-FEA6-4637-A7E4-2BD40A7FD8DA} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{25A3A431-30BB-47C8-AD6A-E1063801134F} deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ROC_JAN2013_TB"=-

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\AVG Secure Search not found

C:\PROGRA~2\GUTBD56.tmp deleted

C:\PROGRA~2\GUTCC.tmp deleted

C:\PROGRA~2\GUMBB.tmp deleted

C:\PROGRA~2\GUMBD55.tmp deleted

C:\PROGRA~2\Shareaza deleted

C:\PROGRA~2\ParetoLogic deleted

C:\PROGRA~2\SopCast deleted

C:\PROGRA~2\Vuze deleted

C:\PROGRA~2\Conduit deleted

C:\Users\Gebruiker\AppData\Roaming\Uniblue deleted

C:\Users\Gebruiker\AppData\Roaming\PCCUStubInstaller deleted

C:\Users\Gebruiker\AppData\Roaming\SpeedyPC Software deleted

C:\Users\Gebruiker\AppData\Roaming\ParetoLogic deleted

C:\Users\Gebruiker\AppData\Roaming\DriverCure deleted

C:\Users\Gebruiker\AppData\Roaming\pdfforge deleted

C:\Users\Gebruiker\AppData\Roaming\YourFileDownloader deleted

C:\Users\Gebruiker\acronis_api_vs.dll deleted

C:\Users\Gebruiker\dbghelp.dll deleted

C:\Users\Gebruiker\deployPkg.dll deleted

C:\Users\Gebruiker\elevated.dll deleted

C:\Users\Gebruiker\gdiplus.dll deleted

C:\Users\Gebruiker\glib-2.0.dll deleted

C:\Users\Gebruiker\gmodule-2.0.dll deleted

C:\Users\Gebruiker\gobject-2.0.dll deleted

C:\Users\Gebruiker\gthread-2.0.dll deleted

C:\Users\Gebruiker\gvmomi.dll deleted

C:\Users\Gebruiker\iconv.dll deleted

C:\Users\Gebruiker\intl.dll deleted

C:\Users\Gebruiker\libeay32.dll deleted

C:\Users\Gebruiker\libeaynf32.dll deleted

C:\Users\Gebruiker\msvcp71.dll deleted

C:\Users\Gebruiker\msvcr71.dll deleted

C:\Users\Gebruiker\p2vJobManager.dll deleted

C:\Users\Gebruiker\p2vSupport.dll deleted

C:\Users\Gebruiker\p2vXML.dll deleted

C:\Users\Gebruiker\pixops.dll deleted

C:\Users\Gebruiker\pkgGen.dll deleted

C:\Users\Gebruiker\sbimageapi.dll deleted

C:\Users\Gebruiker\ssleay32.dll deleted

C:\Users\Gebruiker\ssleaynf32.dll deleted

C:\Users\Gebruiker\sysimgbase.dll deleted

C:\Users\Gebruiker\tibdll.dll deleted

C:\Users\Gebruiker\TPClnRDP.dll deleted

C:\Users\Gebruiker\TPClnt.dll deleted

C:\Users\Gebruiker\TPClntloc.dll deleted

C:\Users\Gebruiker\TPClnVM.dll deleted

C:\Users\Gebruiker\TPView.dll deleted

C:\Users\Gebruiker\types.dll deleted

C:\Users\Gebruiker\ufa-agent.dll deleted

C:\Users\Gebruiker\ufa-client.dll deleted

C:\Users\Gebruiker\ufa-common.dll deleted

C:\Users\Gebruiker\ufa-slave.dll deleted

C:\Users\Gebruiker\ufa-sysMigration.dll deleted

C:\Users\Gebruiker\ufa-sysReconfig.dll deleted

C:\Users\Gebruiker\ufa-types.dll deleted

C:\Users\Gebruiker\ufa-vmImporter.dll deleted

C:\Users\Gebruiker\ufa-vmsvc.dll deleted

C:\Users\Gebruiker\V2iDiskLib.dll deleted

C:\Users\Gebruiker\vixDiskMountApi.dll deleted

C:\Users\Gebruiker\vmacore.dll deleted

C:\Users\Gebruiker\vmauthd.dll deleted

C:\Users\Gebruiker\vmcryptolib.dll deleted

C:\Users\Gebruiker\vmdbCOM.dll deleted

C:\Users\Gebruiker\vmeventmsg.dll deleted

C:\Users\Gebruiker\vmnc.dll deleted

C:\Users\Gebruiker\vmnetmgr.dll deleted

C:\Users\Gebruiker\vmomi.dll deleted

C:\Users\Gebruiker\vmPerfmon.dll deleted

C:\Users\Gebruiker\vmwarestring.dll deleted

C:\Users\Gebruiker\vnetinst.dll deleted

C:\Users\Gebruiker\vnetlib.dll deleted

C:\Users\Gebruiker\vsocklib.dll deleted

C:\Users\Gebruiker\vssSnap2003.dll deleted

C:\Users\Gebruiker\vssSnapVista64.dll deleted

C:\Users\Gebruiker\vssSnapXP.dll deleted

C:\Users\Gebruiker\zlib1.dll deleted

C:\Users\Gebruiker\vm-support.vbs deleted

C:\Users\Gebruiker\Uninstall.bat deleted

C:\Users\Gebruiker\????.bat deleted

C:\ProgramData\Ask deleted

C:\ProgramData\SpeedyPC Software deleted

C:\ProgramData\Partner deleted

C:\ProgramData\boost_interprocess deleted

C:\ProgramData\OberonGameConsole deleted

C:\ProgramData\ParetoLogic deleted

C:\ProgramData\Babylon deleted

C:\Users\Gebruiker\AppData\Local\Ilivid Player deleted

C:\Users\Gebruiker\AppData\Local\OpenCandy deleted

C:\Users\Gebruiker\AppData\Local\Vuze_Remote deleted

C:\Users\Gebruiker\AppData\Local\PackageAware deleted

C:\Users\Gebruiker\AppData\Local\Conduit deleted

C:\Users\Gebruiker\AppData\Local\ConduitEngine deleted

C:\Windows\SysNative\roboot64.exe deleted

C:\windows\SysNative\Tasks\Your File Updater deleted

C:\Users\Gebruiker\AppData\LocalLow\ShoppingReport2 deleted

C:\Users\Gebruiker\AppData\LocalLow\Search.com deleted

C:\Users\Gebruiker\AppData\LocalLow\PriceGong deleted

C:\Users\Gebruiker\AppData\LocalLow\Conduit deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted

C:\Windows\wininit.ini deleted

C:\windows\SysNative\tasks\RunAsStdUser Task deleted

C:\windows\SysNative\tasks\YourFile Update deleted

C:\user.js deleted

C:\Windows\Syswow64\ConduitEngine.tmp deleted

C:\Users\Gebruiker\ace_upgrade.exe deleted

C:\Users\Gebruiker\devcon.exe deleted

C:\Users\Gebruiker\drvInst64.exe deleted

C:\Users\Gebruiker\farexec-service.exe deleted

C:\Users\Gebruiker\hqtray.exe deleted

C:\Users\Gebruiker\vixDiskMountServer.exe deleted

C:\Users\Gebruiker\vmnat.exe deleted

C:\Users\Gebruiker\vmnetcfg.exe deleted

C:\Users\Gebruiker\VMnetDHCP.exe deleted

C:\Users\Gebruiker\vmplayer-service.exe deleted

C:\Users\Gebruiker\vmplayer.exe deleted

C:\Users\Gebruiker\vmrun.exe deleted

C:\Users\Gebruiker\vmss2core.exe deleted

C:\Users\Gebruiker\vmUpdateLauncher.exe deleted

C:\Users\Gebruiker\vmware-fullscreen.exe deleted

C:\Users\Gebruiker\vmware-remotemks.exe deleted

C:\Users\Gebruiker\vmware-tray.exe deleted

C:\Users\Gebruiker\vmware-unity-helper.exe deleted

C:\Users\Gebruiker\vmware-usbarbitrator.exe deleted

C:\Users\Gebruiker\vmware-vdiskmanager.exe deleted

C:\Users\Gebruiker\vmware-vmx-debug.exe deleted

C:\Users\Gebruiker\vmware-vmx-stats.exe deleted

C:\Users\Gebruiker\vmware-vmx.exe deleted

C:\Users\Gebruiker\vmware.exe deleted

C:\Users\Gebruiker\vnetlib.exe deleted

C:\Users\Gebruiker\vnetsniffer.exe deleted

C:\Users\Gebruiker\vnetstats.exe deleted

C:\Users\Gebruiker\vprintproxy.exe deleted

C:\Users\Gebruiker\vssSnapVista64.exe deleted

C:\Users\Gebruiker\WiFiManager_v57_Trial.exe deleted

"C:\Users\Gebruiker\AppData\Roaming\Ikahom\urli.aba" deleted

"C:\Users\Gebruiker\AppData\Roaming\Ikahom\urli.tmp" deleted

"C:\Program Files (x86)\PDF Architect\ConversionService.exe" deleted

"C:\Program Files (x86)\PDF Architect\HelperService.exe" deleted

"C:\Program Files (x86)\PDF Architect\libcurl.dll" deleted

"C:\Program Files (x86)\PDF Architect\libeay32.dll" deleted

"C:\Program Files (x86)\PDF Architect\ssleay32.dll" deleted

"C:\Program Files (x86)\PDF Architect\addin\OutlookPlugIn.dll" deleted

"C:\Users\Gebruiker\AppData\Roaming\Ehhao" deleted

"C:\Users\Gebruiker\AppData\Roaming\eSobi" deleted

"C:\Users\Gebruiker\AppData\Roaming\Ikahom" deleted

"C:\Users\Gebruiker\AppData\Roaming\GrabPro" deleted

"C:\Users\Gebruiker\AppData\Roaming\Samsung" deleted

"C:\Program Files (x86)\PDF Architect" not deleted

"C:\Program Files (x86)\PDF Architect\addin" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\GEBRUI~1\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-01-06 19:39:17 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Gebruiker\AppData\Roaming ======

2014-01-09 21:10:01 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup

====== C:\Users\Gebruiker ======

====== C: exe-files ==

2014-01-20 22:18:20 1D0A1FF655C6CF2EA2DE4FB6AA8246AD 9046696 ----a-w- C:\Users\Gebruiker\AppData\Local\Google\Update\Install\{91FB59CE-2E8C-41E6-AAC1-42FAFF3DC080}\32.0.1700.76_31.0.1650.63_chrome_updater.exe

2014-01-20 22:18:19 1D0A1FF655C6CF2EA2DE4FB6AA8246AD 9046696 ----a-w- C:\Users\Gebruiker\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.76\32.0.1700.76_31.0.1650.63_chrome_updater.exe

=== C: other files ==

2014-01-20 23:03:49 B43541A28B404524A90C7469D3F1F2A4 25604220 ----a-w- C:\Users\Public\Desktop\sample__0002.zip

2014-01-20 22:30:34 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Users\Gebruiker\AppData\Local\temp\scripttest.vbs

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3528590432-565519147-809439562-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020"

"SkyDrive"="C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"

"Google Update"="C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"Google+ Auto Backup"="C:\Users\Gebruiker\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBKeyScan"="C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020"

"SkyDrive"="C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"

"Google Update"="C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"Google+ Auto Backup"="C:\Users\Gebruiker\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe"

"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe Reader Speed Launcher"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EgisTecPMMUpdate"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EgisUpdate"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Norton Online Backup"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RtHDVCpl"

"hkey"="HKLM"

"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zune Launcher]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Zune Launcher"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Cheetah Sync.lnk]

"path"="C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Cheetah Sync.lnk"

"backup"="C:\\Windows\\pss\\Cheetah Sync.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Installer\\{0600EEDA-11EA-4588-81F3-8F1D89FC83DE}\\_57396F6D95A618E977BED0.exe "

"item"="Cheetah Sync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]

"path"="C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\PdaNet Desktop.lnk"

"backup"="C:\\Windows\\pss\\PdaNet Desktop.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~2\\PDANET~1\\PdaNetPC.exe "

"item"="PdaNet Desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McAfee SiteAdvisor Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McComponentHostService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McMPFSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\mcmscsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McNaiAnn]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McNASvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McODS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McProxy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\mfefire]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MSK80Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

==== Startup Folders ======================

2012-05-07 21:36:36 1055 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2012-08-09 18:34:49 1172 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

2012-07-15 20:00:42 1158 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10.dec.2013 23:38]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05.feb.2011 22:52]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3528590432-565519147-809439562-1000Core.job --a------ C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [01.jul.2012 19:18]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3528590432-565519147-809439562-1000UA.job --a------ C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [01.jul.2012 19:18]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3528590432-565519147-809439562-1000Core" [C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3528590432-565519147-809439562-1000UA" [C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\KMS Activation for Office" [C:\Windows\KMSAct.exe]

"C:\Windows\SysNative\tasks\Start Registry Reviver" [C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe]

"C:\Windows\SysNative\tasks\{4660C249-A739-4BCF-8F75-38A1FA3990BD}" [C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe]

"C:\Windows\SysNative\tasks\{52E5F115-352C-46C7-9C56-97E65F599ED5}" ["c:\program files (x86)\internet explorer\iexplore.exe" Downloading]

"C:\Windows\SysNative\tasks\{976BC566-765C-484C-99C1-E06A40919F83}" [C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe]

"C:\Windows\SysNative\tasks\{9D6C12D4-8FE2-4075-8700-C10E8EB6BB4C}" [C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe]

"C:\Windows\SysNative\tasks\{A29D45E0-6FA8-4736-A42B-4EBEF89AAFF4}" [C:\Program Files (x86)\JRT Studio\Cheetah Sync\CheetahSync.exe]

"C:\Windows\SysNative\tasks\{CCB6EA6B-2D5B-40DD-905B-4E3D1125BA4B}" [C:\Program Files (x86)\JRT Studio\Cheetah Sync\CheetahSync.exe]

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[]

Box - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl

Gantter for Google Drive - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo

Cloud File Picker - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpeiggegnjmcinljkdmjglpjopdjihff

Quick Note - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

"Search Page"="Google"

"Search Bar"="Upgrade to Google Chrome"

"Default_Search_URL"="Upgrade to Google Chrome"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://www.google.com/search?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="Upgrade to Google Chrome"

"Default_Search_URL"="Upgrade to Google Chrome"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="Bing"

"Search Bar"="Bing"

"Default_Search_URL"="Bing"

"Start Page"="Google"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="%s - Bing"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="Bing"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{8B26BEAF-B2B9-4043-B54B-5888D50086E1}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{8B26BEAF-B2B9-4043-B54B-5888D50086E1} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADFA_nl"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1044 folders=141 395277558 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully

C:\Users\BB443B11-7D12-450c-9F85-2D32804655F9\AppData\Local\Temp emptied successfully

C:\Users\Classic .NET AppPool\AppData\Local\Temp emptied successfully

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully

C:\Users\Public\AppData\Local\Temp emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files (x86)\PDF Architect" not found

==== EOF on 21.jan.2014 at 0:27:58,79 ======================

[Jion]

1.

Download AdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

• 
  
• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op de knop Scan.
  
• Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  
• Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  
• Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  
• Plaats dit logbestand in het volgende bericht.
  

2.

Download MalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• 
  
• Update MalwareBytes' Anti-Malware
  
• Start MalwareBytes' Anti-Malware
  
• Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.
  

Klik daarna op "Voltooien".

Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

• 
  
• Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  
• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  
• Ga dan naar "Scanner Instellingen". Onderaan bij "PUP" kies je voor "Weergeven in scan resultaten - selecteren voor verwijdering".
  
• Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  
• Druk vervolgens op "Scannen" om de scan te starten.
  
• Het scannen kan een tijdje duren, dus wees geduldig.
  
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  
• Herstart de computer indien nodig en post hierna de log in het volgende bericht.
  

[kobus1234]

1.

Download AdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op de knop Scan.
  
• Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  
• Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  
• Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  
• Plaats dit logbestand in het volgende bericht.
  

2.

Download MalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• Update MalwareBytes' Anti-Malware
  
• Start MalwareBytes' Anti-Malware
  
• Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.
  

Klik daarna op "Voltooien".

Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

• Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  
• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  
• Ga dan naar "Scanner Instellingen". Onderaan bij "PUP" kies je voor "Weergeven in scan resultaten - selecteren voor verwijdering".
  
• Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  
• Druk vervolgens op "Scannen" om de scan te starten.
  
• Het scannen kan een tijdje duren, dus wees geduldig.
  
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  
• Herstart de computer indien nodig en post hierna de log in het volgende bericht.
  

# AdwCleaner v3.017 - Report created 21/01/2014 at 19:22:16

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Gebruiker - LAPTOP

# Running from : C:\Users\Gebruiker\Desktop\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software

Folder Deleted : C:\Program Files (x86)\NCH Software

Folder Deleted : C:\Users\Gebruiker\AppData\Roaming\NCH Software

File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2481029

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mwsnap_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mwsnap_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_calibre_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_calibre_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_duplicate-photo-finder_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_duplicate-photo-finder_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_nitro-pdf-reader_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_nitro-pdf-reader_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7854F00C-DC77-477E-A10E-603F48442D3B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\NCH Software

Key Deleted : HKCU\Software\Orbit

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\SpeedyPC Software

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\YourFileDownloader

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\iLividSRTB

Key Deleted : HKLM\Software\NCH Software

Key Deleted : HKLM\Software\Orbit

Key Deleted : HKLM\Software\ParetoLogic

Key Deleted : HKLM\Software\SpeedyPC Software

Key Deleted : HKLM\Software\Uniblue

Key Deleted : HKLM\Software\YourFileDownloader

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar

Key Deleted : [x64] HKLM\SOFTWARE\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v

[ File : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8118 octets] - [21/01/2014 19:18:42]

AdwCleaner[s0].txt - [7632 octets] - [21/01/2014 19:22:16]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7692 octets] ##########

[kobus1234]

# AdwCleaner v3.017 - Report created 21/01/2014 at 19:22:16

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Gebruiker - LAPTOP

# Running from : C:\Users\Gebruiker\Desktop\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software

Folder Deleted : C:\Program Files (x86)\NCH Software

Folder Deleted : C:\Users\Gebruiker\AppData\Roaming\NCH Software

File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2481029

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mwsnap_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mwsnap_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_calibre_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_calibre_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_duplicate-photo-finder_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_duplicate-photo-finder_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_nitro-pdf-reader_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_nitro-pdf-reader_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7854F00C-DC77-477E-A10E-603F48442D3B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\NCH Software

Key Deleted : HKCU\Software\Orbit

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\SpeedyPC Software

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\YourFileDownloader

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\iLividSRTB

Key Deleted : HKLM\Software\NCH Software

Key Deleted : HKLM\Software\Orbit

Key Deleted : HKLM\Software\ParetoLogic

Key Deleted : HKLM\Software\SpeedyPC Software

Key Deleted : HKLM\Software\Uniblue

Key Deleted : HKLM\Software\YourFileDownloader

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar

Key Deleted : [x64] HKLM\SOFTWARE\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v

[ File : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8118 octets] - [21/01/2014 19:18:42]

AdwCleaner[s0].txt - [7632 octets] - [21/01/2014 19:22:16]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7692 octets] ##########

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Databaseversie: v2014.01.21.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Gebruiker :: LAPTOP [administrator]

Bescherming: Ingeschakeld

21.jan.2014 19:43:16

mbam-log-2014-01-21 (19-43-16).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 300153

Verstreken tijd: 11 minuut/minuten, 43 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

[Jion]

Hoe gaat het nu met de problemen?

[kobus1234]

Hoe gaat het nu met de problemen?

Hallo, hij is beter geworden. Zal nog wel overbodige bestanden moeten verwijderen. Bedankt voor de snelle hulp:-)