politie,ukash virus

[fluup]

hoi

heb het ukash of politie virus aan mijn been. heb al gescand met microsoft essentials en malwarebytes , die hebben bijde iets gevonden en verwijderd , heb nu nog een hijack this logje gemaakt . daar geraak ik nog niet aan uit .

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:23:01, on 18/01/2014

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.17267)

Boot mode: Safe mode with network support

Running processes:

C:\antivirussen\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: HelloWorldBHO - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: ["C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"] "C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.exe" RunWithWindows

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab

O16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} (TunnelX Control) - https://eu.mydlink.com/8D/activeX//TunnelX.ocx

O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} (Gif89 Lite +Audio Class) - https://eu.mydlink.com/8D/activeX//DCS-93x/aplugLiteDL.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9893 bytes

als er iemand eens een oogje kan op werpen alleszins hartelijk dank

philip

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: HelloWorldBHO - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

Bekijk ook de instructievideo.

[fluup]

Hartelijk dank voor de vlugge hulp

Logfile of random's system information tool 1.09 (written by random/random)

Run by Philip at 2014-01-19 12:23:56

Microsoft Windows 7 Home Premium

System drive C: has 1205 GB (64%) free of 1876 GB

Total RAM: 4078 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:23:57, on 19/01/2014

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.17267)

Boot mode: Safe mode with network support

Running processes:

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\trend micro\Philip.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: ["C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"] "C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.exe" RunWithWindows

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab

O16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} (TunnelX Control) - https://eu.mydlink.com/8D/activeX//TunnelX.ocx

O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} (Gif89 Lite +Audio Class) - https://eu.mydlink.com/8D/activeX//DCS-93x/aplugLiteDL.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9931 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

winlogon.exe

C:\Windows\system32\svchost.exe -k RPCSS

"c:\Program Files\Microsoft Security Client\MsMpEng.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5659e96d-6777-4162-b3c0-d7423d0209ef -SystemEventPortName:HostProcess-96bcf8b8-db3c-4273-9c52-3d7be5b7f9e4 -IoCancelEventPortName:HostProcess-0cd88bc9-d88b-4fef-9a89-a6296eb5b9b2 -NonStateChangingEventPortName:HostProcess-67e1f2fb-0699-4458-a023-3f7d8d43208a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c688fb60-a7fe-44ef-bcc8-cc6fe53a8da1

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

ctfmon.exe

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Users\Philip\Downloads\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001Core.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001UA.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default

prefs.js - "browser.search.suggest.enabled" - false

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "browser.startup.homepage" - "google.be"

prefs.js - "keyword.URL" - "http://search.avg.com/route/?d=4e30bacd&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=nl&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.7.700.202 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]

"Description"=Canon Easy-PhotoPrint EX

"Path"=C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.7.700.202 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=C:\Windows\system32\Wat\npWatWeb.dll

C:\Program Files (x86)\Mozilla Firefox\components\

nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

avg-secure-search.xml

babylon.xml

C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\extensions\

2020Player_IKEA@2020Technologies.com

staged

{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\

babylon.xml

BrowserProtect.xml

imdb.xml

mixidj.xml

search-here.xml

youtube-ssl.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]

Complitly - C:\Users\Philip\AppData\Roaming\Complitly\64\Complitly64.dll [2012-02-21 167416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-14 256080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll [2013-10-06 346576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-03 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]

Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14 175776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-14 194128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-06 1001936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-12-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-14 256080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14 4372120]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-14 194128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"JAVA"=C:\Windows\java.vbs [2010-11-17 83]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-12-09 11613288]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 1271168]

"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-03-14 2779024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]

"OV2_Monitor"=C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe [2012-08-23 231344]

"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-05-08 18680424]

"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-03-31 39408]

"Facebook Update"=C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-02 138096]

"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2013-12-17 5973272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive 9 application]

C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Philip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3 .lnk]

C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-11-06 283160]

"beid"=C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe [2011-05-23 2068480]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1612920]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-11-02 152392]

""C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE""=C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.exe [2012-11-08 10677320]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware (cleanup)"=C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll [2013-04-04 1127496]

C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OpenOffice.org 3.3 .lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"LogonHoursAction"=2

"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux3"=wdmaud.drv

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

"aux4"=wdmaud.drv

"wave5"=wdmaud.drv

"midi5"=wdmaud.drv

"mixer5"=wdmaud.drv

"aux5"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave6"=wdmaud.drv

"midi6"=wdmaud.drv

"mixer6"=wdmaud.drv

"aux6"=wdmaud.drv

"wave7"=wdmaud.drv

"midi7"=wdmaud.drv

"mixer7"=wdmaud.drv

"aux7"=wdmaud.drv

"wave8"=wdmaud.drv

"midi8"=wdmaud.drv

"mixer8"=wdmaud.drv

"aux8"=wdmaud.drv

"wave9"=wdmaud.drv

"midi9"=wdmaud.drv

"mixer9"=wdmaud.drv

"aux9"=wdmaud.drv

"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-19 12:23:56 ----D---- C:\rsit

2014-01-19 12:23:56 ----D---- C:\Program Files\trend micro

2014-01-19 12:17:11 ----A---- C:\Windows\ntbtlog.txt

2014-01-15 22:20:46 ----D---- C:\Windows\Sun

2014-01-15 20:39:34 ----D---- C:\Users\Philip\AppData\Roaming\DlinkViewCam

2014-01-15 20:05:53 ----D---- C:\Program Files (x86)\Activation

2014-01-15 19:57:05 ----D---- C:\Program Files (x86)\D-Link

2014-01-12 16:41:42 ----D---- C:\Windows\system32\SPReview

2014-01-12 16:41:09 ----D---- C:\Windows\system32\EventProviders

2014-01-12 16:39:56 ----A---- C:\Windows\SYSWOW64\atmlib.dll

2014-01-12 16:39:56 ----A---- C:\Windows\SYSWOW64\atmfd.dll

2014-01-12 16:39:56 ----A---- C:\Windows\system32\atmlib.dll

2014-01-12 16:39:56 ----A---- C:\Windows\system32\atmfd.dll

2014-01-12 16:36:21 ----D---- C:\Windows\system32\MRT

2014-01-12 16:36:03 ----A---- C:\Windows\SYSWOW64\imagehlp.dll

2014-01-12 16:36:03 ----A---- C:\Windows\system32\imagehlp.dll

2014-01-12 16:36:03 ----A---- C:\Windows\system32\drivers\fs_rec.sys

2014-01-12 16:36:02 ----A---- C:\Windows\SYSWOW64\wmi.dll

2014-01-12 16:36:02 ----A---- C:\Windows\system32\wmi.dll

2014-01-12 16:33:05 ----A---- C:\Windows\SYSWOW64\tzres.dll

2014-01-12 16:33:05 ----A---- C:\Windows\system32\tzres.dll

2014-01-12 16:32:47 ----A---- C:\Windows\SYSWOW64\win32spl.dll

2014-01-12 16:32:47 ----A---- C:\Windows\system32\win32spl.dll

2014-01-12 16:32:46 ----A---- C:\Windows\system32\drivers\tcpip.sys

2014-01-12 16:32:46 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS

2014-01-12 16:32:45 ----A---- C:\Windows\SYSWOW64\kerberos.dll

2014-01-12 16:32:45 ----A---- C:\Windows\system32\kerberos.dll

2014-01-12 16:32:45 ----A---- C:\Windows\system32\drivers\ntfs.sys

2014-01-12 16:32:44 ----A---- C:\Windows\system32\drivers\usb8023.sys

2014-01-12 16:32:43 ----A---- C:\Windows\system32\drivers\volsnap.sys

2014-01-12 16:32:42 ----A---- C:\Windows\SYSWOW64\synceng.dll

2014-01-12 16:32:42 ----A---- C:\Windows\system32\synceng.dll

2014-01-12 16:32:37 ----A---- C:\Windows\system32\mshtml.dll

2014-01-12 16:32:36 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2014-01-12 16:32:34 ----A---- C:\Windows\system32\ieframe.dll

2014-01-12 16:32:33 ----A---- C:\Windows\system32\iertutil.dll

2014-01-12 16:32:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2014-01-12 16:32:31 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2014-01-12 16:32:29 ----A---- C:\Windows\system32\urlmon.dll

2014-01-12 16:32:29 ----A---- C:\Windows\system32\mstime.dll

2014-01-12 16:32:29 ----A---- C:\Windows\system32\msfeeds.dll

2014-01-12 16:32:28 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2014-01-12 16:32:28 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2014-01-12 16:32:27 ----A---- C:\Windows\SYSWOW64\mstime.dll

2014-01-12 16:32:27 ----A---- C:\Windows\system32\wininet.dll

2014-01-12 16:32:26 ----A---- C:\Windows\SYSWOW64\wininet.dll

2014-01-12 16:32:25 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll

2014-01-12 16:32:25 ----A---- C:\Windows\system32\iedkcs32.dll

2014-01-12 16:32:24 ----A---- C:\Windows\SYSWOW64\url.dll

2014-01-12 16:32:24 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2014-01-12 16:32:24 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll

2014-01-12 16:32:24 ----A---- C:\Windows\SYSWOW64\licmgr10.dll

2014-01-12 16:32:24 ----A---- C:\Windows\SYSWOW64\ieui.dll

2014-01-12 16:32:24 ----A---- C:\Windows\SYSWOW64\iepeers.dll

2014-01-12 16:32:24 ----A---- C:\Windows\system32\url.dll

2014-01-12 16:32:24 ----A---- C:\Windows\system32\mshtmled.dll

2014-01-12 16:32:24 ----A---- C:\Windows\system32\msfeedsbs.dll

2014-01-12 16:32:24 ----A---- C:\Windows\system32\licmgr10.dll

2014-01-12 16:32:24 ----A---- C:\Windows\system32\iepeers.dll

2014-01-12 16:32:23 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe

2014-01-12 16:32:23 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2014-01-12 16:32:23 ----A---- C:\Windows\system32\msfeedssync.exe

2014-01-12 16:32:23 ----A---- C:\Windows\system32\jsproxy.dll

2014-01-12 16:32:23 ----A---- C:\Windows\system32\ieui.dll

2014-01-12 16:32:21 ----A---- C:\Windows\system32\wow64win.dll

2014-01-12 16:32:21 ----A---- C:\Windows\system32\KernelBase.dll

2014-01-12 16:32:21 ----A---- C:\Windows\system32\kernel32.dll

2014-01-12 16:32:20 ----A---- C:\Windows\SYSWOW64\KernelBase.dll

2014-01-12 16:32:20 ----A---- C:\Windows\system32\winsrv.dll

2014-01-12 16:32:20 ----A---- C:\Windows\system32\conhost.exe

2014-01-12 16:32:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2014-01-12 16:32:19 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2014-01-12 16:32:19 ----A---- C:\Windows\SYSWOW64\wow32.dll

2014-01-12 16:32:19 ----A---- C:\Windows\SYSWOW64\sys32dlkb.dll

2014-01-12 16:32:19 ----A---- C:\Windows\SYSWOW64\setup16.exe

2014-01-12 16:32:19 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll

2014-01-12 16:32:19 ----A---- C:\Windows\SYSWOW64\kernel32.dll

2014-01-12 16:32:19 ----A---- C:\Windows\SYSWOW64\instnm.exe

2014-01-12 16:32:19 ----A---- C:\Windows\system32\wow64cpu.dll

2014-01-12 16:32:19 ----A---- C:\Windows\system32\wow64.dll

2014-01-12 16:32:19 ----A---- C:\Windows\system32\ntvdm64.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2014-01-12 16:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll

2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll

2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll

2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll

2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll

2014-01-12 16:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll

2014-01-12 16:32:17 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2014-01-12 16:32:17 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2014-01-12 16:32:17 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2014-01-12 16:32:17 ----A---- C:\Windows\SYSWOW64\user.exe

2014-01-12 16:32:11 ----A---- C:\Windows\system32\mstscax.dll

2014-01-12 16:32:10 ----A---- C:\Windows\SYSWOW64\tsgqec.dll

2014-01-12 16:32:10 ----A---- C:\Windows\SYSWOW64\mstscax.dll

2014-01-12 16:32:10 ----A---- C:\Windows\SYSWOW64\aaclient.dll

2014-01-12 16:32:10 ----A---- C:\Windows\system32\tsgqec.dll

2014-01-12 16:32:10 ----A---- C:\Windows\system32\aaclient.dll

2014-01-12 16:32:08 ----A---- C:\Windows\SYSWOW64\dpnet.dll

2014-01-12 16:32:08 ----A---- C:\Windows\system32\msxml6.dll

2014-01-12 16:32:08 ----A---- C:\Windows\system32\dpnet.dll

2014-01-12 16:32:07 ----A---- C:\Windows\SYSWOW64\msxml6.dll

2014-01-12 16:32:07 ----A---- C:\Windows\system32\msxml3.dll

2014-01-12 16:32:06 ----A---- C:\Windows\SYSWOW64\msxml3.dll

2014-01-12 16:31:44 ----A---- C:\Windows\system32\win32k.sys

2014-01-12 16:31:43 ----A---- C:\Windows\SYSWOW64\wintrust.dll

2014-01-12 16:31:43 ----A---- C:\Windows\SYSWOW64\ncrypt.dll

2014-01-12 16:31:43 ----A---- C:\Windows\system32\ncrypt.dll

2014-01-12 16:31:42 ----A---- C:\Windows\system32\wintrust.dll

2014-01-12 16:31:41 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2014-01-12 16:31:41 ----A---- C:\Windows\system32\ntoskrnl.exe

2014-01-12 16:31:40 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2014-01-12 16:31:40 ----A---- C:\Windows\SYSWOW64\apisetschema.dll

2014-01-12 16:31:40 ----A---- C:\Windows\system32\smss.exe

2014-01-12 16:31:40 ----A---- C:\Windows\system32\csrsrv.dll

2014-01-12 16:30:45 ----A---- C:\Windows\SYSWOW64\crypt32.dll

2014-01-12 16:30:45 ----A---- C:\Windows\system32\crypt32.dll

2014-01-12 16:30:44 ----A---- C:\Windows\system32\cryptsvc.dll

2014-01-12 16:30:43 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll

2014-01-12 16:30:43 ----A---- C:\Windows\SYSWOW64\cryptnet.dll

2014-01-12 16:30:43 ----A---- C:\Windows\system32\cryptnet.dll

======List of files/folders modified in the last 1 month======

2014-01-19 12:23:57 ----D---- C:\Windows\Temp

2014-01-19 12:23:56 ----RD---- C:\Program Files

2014-01-19 12:20:18 ----D---- C:\antivirussen

2014-01-19 12:17:11 ----D---- C:\Windows

2014-01-18 23:48:07 ----D---- C:\Windows\inf

2014-01-18 23:48:05 ----D---- C:\Windows\SoftwareDistribution

2014-01-18 23:48:05 ----D---- C:\Windows\Logs

2014-01-18 23:48:05 ----D---- C:\Windows\debug

2014-01-18 23:43:08 ----D---- C:\Program Files\CCleaner

2014-01-18 23:19:57 ----D---- C:\Windows\system32\drivers

2014-01-18 20:07:19 ----D---- C:\Windows\system32\config

2014-01-18 19:55:01 ----D---- C:\Windows\Prefetch

2014-01-18 19:50:17 ----HD---- C:\ProgramData

2014-01-17 18:45:26 ----SHD---- C:\System Volume Information

2014-01-16 00:04:52 ----D---- C:\Windows\Downloaded Program Files

2014-01-15 20:05:53 ----RD---- C:\Program Files (x86)

2014-01-15 20:03:09 ----D---- C:\Windows\SysWOW64

2014-01-15 19:59:08 ----SHD---- C:\Windows\Installer

2014-01-15 19:58:54 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2014-01-14 22:54:52 ----SHD---- C:\$RECYCLE.BIN

2014-01-14 22:54:44 ----RD---- C:\Users

2014-01-14 22:40:35 ----D---- C:\Windows\system32\NDF

2014-01-12 21:18:20 ----D---- C:\Users\Philip\AppData\Roaming\GrabIt

2014-01-12 21:10:09 ----D---- C:\Windows\System32

2014-01-12 21:10:09 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-01-12 20:34:21 ----D---- C:\Windows\rescache

2014-01-12 18:31:37 ----D---- C:\Windows\winsxs

2014-01-12 18:31:25 ----D---- C:\Windows\system32\DriverStore

2014-01-12 18:27:41 ----D---- C:\Windows\system32\drivers\UMDF

2014-01-12 18:24:49 ----D---- C:\Windows\Microsoft.NET

2014-01-12 18:24:29 ----RSD---- C:\Windows\assembly

2014-01-12 18:08:34 ----D---- C:\Windows\SYSWOW64\nl-NL

2014-01-12 18:08:34 ----D---- C:\Windows\system32\nl-NL

2014-01-12 18:08:34 ----D---- C:\Windows\ehome

2014-01-12 18:08:34 ----D---- C:\Program Files\Common Files\System

2014-01-12 18:08:32 ----D---- C:\Windows\AppPatch

2014-01-12 18:08:30 ----D---- C:\Windows\SYSWOW64\migration

2014-01-12 18:08:30 ----D---- C:\Windows\system32\migration

2014-01-12 18:08:30 ----D---- C:\Program Files\Internet Explorer

2014-01-12 18:08:30 ----D---- C:\Program Files (x86)\Internet Explorer

2014-01-12 18:08:28 ----D---- C:\Program Files\Windows Journal

2014-01-12 16:40:03 ----D---- C:\Windows\system32\catroot

2014-01-12 16:40:02 ----D---- C:\Windows\system32\catroot2

2014-01-09 19:35:58 ----D---- C:\ProgramData\CanonIJPLM

2014-01-02 15:20:02 ----D---- C:\Windows\Tasks

2014-01-02 15:20:02 ----D---- C:\Windows\system32\Tasks

2013-12-29 22:56:44 ----D---- C:\Users\Philip\AppData\Roaming\SoftGrid Client

2013-12-24 19:45:57 ----D---- C:\Windows\system32\FxsTmp

2013-12-20 23:56:32 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-06 438808]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2010-12-17 315568]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]

R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]

R3 WinUsb;WinUsb-stuurprogramma; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448]

S0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 203888]

S1 avqrvmmg;avqrvmmg; \??\C:\Windows\system32\drivers\avqrvmmg.sys []

S1 ekjuykfo;ekjuykfo; \??\C:\Windows\system32\drivers\ekjuykfo.sys []

S1 eppskxwu;eppskxwu; \??\C:\Windows\system32\drivers\eppskxwu.sys []

S1 fxaswngm;fxaswngm; \??\C:\Windows\system32\drivers\fxaswngm.sys []

S1 gzrapzyj;gzrapzyj; \??\C:\Windows\system32\drivers\gzrapzyj.sys []

S1 hjskxrqe;hjskxrqe; \??\C:\Windows\system32\drivers\hjskxrqe.sys []

S1 hqbtcxge;hqbtcxge; \??\C:\Windows\system32\drivers\hqbtcxge.sys []

S1 knlwebnz;knlwebnz; \??\C:\Windows\system32\drivers\knlwebnz.sys []

S1 mpvqibpo;mpvqibpo; \??\C:\Windows\system32\drivers\mpvqibpo.sys []

S1 odssfeow;odssfeow; \??\C:\Windows\system32\drivers\odssfeow.sys []

S1 skowexij;skowexij; \??\C:\Windows\system32\drivers\skowexij.sys []

S3 cpuz134;cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]

S3 IAMTVE;Driver for Intel® Active Management Technology - KCS; C:\Windows\system32\DRIVERS\IAMTVE.sys [2010-12-17 43416]

S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS; C:\Windows\system32\DRIVERS\IAMTXPE.sys [2010-12-17 51096]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-12-09 2565736]

S3 ioatdma1;ioatdma1; C:\Windows\System32\Drivers\qd162x64.sys [2010-12-17 40144]

S3 ioatdma2;Intel® QuickData Technology device ver.2; C:\Windows\System32\Drivers\qd262x64.sys [2010-12-17 42192]

S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]

S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]

S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-02-06 690208]

S3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 12600]

S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]

S2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 136176]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2010-10-25 164008]

S2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

S2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]

S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 136176]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-23 194032]

S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 641352]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-17 119408]

S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-10 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

[fluup]

hier het info log

info.txt logfile of random's system information tool 1.09 2014-01-19 12:23:59

======Uninstall list======

-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}

-->MsiExec.exe /I{27735B09-9EFE-419F-A377-10AA8111C30A}

Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}

Active@ KillDisk-->"C:\Program Files (x86)\InstallShield Installation Information\{7A5E940E-017E-47F8-9D0D-62D49C8D18ED}\setup.exe" -runfromtemp -l0x0009 -removeonly

Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}

Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -maintain plugin

Adobe Reader XI - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AB0000000001}

Adobe Shockwave Player 11.5-->"C:\windows\system32\Adobe\Shockwave 11\uninstaller.exe"

ALDI Bestelsoftware-->"C:\Program Files (x86)\ALDI\ALDI Bestelsoftware\uninstall.exe"

Any Video Converter 3.5.7-->"C:\Program Files (x86)\AnvSoft\Any Video Converter\unins000.exe"

Apple Application Support-->MsiExec.exe /I{46F044A5-CE8B-4196-984E-5BD6525E361D}

Apple Mobile Device Support-->MsiExec.exe /I{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}

Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66}

Ashampoo Burning Studio-->"C:\Program Files (x86)\Medion MediaPack\Ashampoo Burning Studio\unins000.exe"

Ashampoo Photo Commander-->"C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\unins000.exe"

Ashampoo Photo Optimizer-->"C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\unins000.exe"

Ashampoo Snap-->"C:\Program Files (x86)\Medion MediaPack\Ashampoo Snap\unins000.exe"

Belgium e-ID middleware 3.5.6 (build 6954)-->MsiExec.exe /I{824563DE-75AD-4166-9DC0-B6482F206954}

Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}

Canon Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll

Canon Easy-WebPrint EX-->"C:\Program Files (x86)\Canon\Easy-WebPrint EX\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\Easy-WebPrint EX\uninst.ini

Canon MG5300 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\DELDRV64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series /L0x0013

Canon MG5300 series On-screen Manual-->C:\Program Files (x86)\Canon\IJ Manual\Canon MG5300 series\uninstall.exe

Canon MP Navigator EX 5.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 5.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 5.0\uninst.ini

Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll

Canon Solution Menu EX-->"C:\Program Files (x86)\Canon\Solution Menu EX\uninst.exe" /UninstallRemove C:\Program Files (x86)\Canon\Solution Menu EX\uninst.ini

Castle Link-->MsiExec.exe /X{71536DEA-31B8-4728-80C2-9F7B360FA017}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CDisplayEx 1.8-->"C:\Program Files (x86)\CDisplayEx\unins000.exe"

Complitly-->"C:\Program Files (x86)\Complitly\unins000.exe"

Control ActiveX de Windows Live Mesh para conexiones remotas-->MsiExec.exe /I{04668DF2-D32F-4555-9C7E-35523DCD6544}

Contrôle ActiveX Windows Live Mesh pour connexions à distance-->MsiExec.exe /I{55D003F4-9599-44BF-BA9E-95D060730DD3}

Controlo ActiveX do Windows Live Mesh para Ligações Remotas-->MsiExec.exe /I{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}

Corel Shell Extension - 64Bit-->MsiExec.exe /I{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}

CorelDRAW Essentials 4 - Content-->MsiExec.exe /I{19AC095C-3520-4999-AA15-93B6D0248A50}

CorelDRAW Essentials 4 - Draw-->MsiExec.exe /I{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}

CorelDRAW Essentials 4 - Filters-->MsiExec.exe /I{F16841F6-5F0F-4DBE-B318-63CEB916F21D}

CorelDRAW Essentials 4 - ICA-->MsiExec.exe /I{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}

CorelDRAW Essentials 4 - IPM - No VBA-->MsiExec.exe /I{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}

CorelDRAW Essentials 4 - Lang BR-->MsiExec.exe /I{ABD8B955-1C69-4AF3-949B-13CD587C175F}

CorelDRAW Essentials 4 - Lang DE-->MsiExec.exe /I{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}

CorelDRAW Essentials 4 - Lang EN-->MsiExec.exe /I{34A9406E-1994-4C20-AC72-04CFA2B24545}

CorelDRAW Essentials 4 - Lang ES-->MsiExec.exe /I{C682F3F0-00A6-4379-B083-4F3273624D7B}

CorelDRAW Essentials 4 - Lang FR-->MsiExec.exe /I{BA9319FE-BCEF-4C99-8039-F464648D046E}

CorelDRAW Essentials 4 - Lang IT-->MsiExec.exe /I{3576C335-958D-4D60-A812-F68F9A2796AF}

CorelDRAW Essentials 4 - Lang NL-->MsiExec.exe /I{5500BB35-1C21-4328-9F16-F894B860FADE}

CorelDRAW Essentials 4 - PHOTO-PAINT-->MsiExec.exe /I{07B62101-7EBD-434A-94B1-B38063BE5516}

CorelDRAW Essentials 4 - Windows Shell Extension-->c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\Uninst_CDE4.exe

CorelDRAW Essentials 4 - Windows Shell Extension-->MsiExec.exe /X{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}

CorelDRAW Essentials 4-->c:\Program Files (x86)\Corel\CorelDRAW Essentials 4\Setup\SetupARP.exe /arp

CorelDRAW Essentials 4-->MsiExec.exe /I{9043B9A0-9505-405B-8202-E7167A38A89C}

CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall

CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall

CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall

CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall

CyberLink PowerDVD Copy-->"C:\Program Files (x86)\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe" /z-uninstall

CyberLink PowerDVD Copy-->"C:\Program Files (x86)\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe" /z-uninstall

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

Device Pack-->"C:\Program Files (x86)\InstallShield Installation Information\{D54D4A22-4382-4485-92DF-00C39F123E87}\setup.exe" -runfromtemp -l0x0409 -removeonly

D-Link D-ViewCam-->"C:\Program Files (x86)\InstallShield Installation Information\{440E9F90-0619-4E84-8226-65AD5073AD24}\setup.exe" -runfromtemp -l0x0413 -removeonly

Easy Watermark Studio-->"C:\Program Files (x86)\Easy Watermark Studio\Uninstall\uninstall.exe" "/U:C:\Program Files (x86)\Easy Watermark Studio\Uninstall\uninstall.xml"

EPS Viewer-->"C:\Program Files (x86)\EPSViewer\unins000.exe"

Facebook Video Calling 2.0.0.447-->MsiExec.exe /X{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}

Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych-->MsiExec.exe /I{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}

Fotogalerija Windows Live-->MsiExec.exe /X{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}

Galeria de Fotografias do Windows Live-->MsiExec.exe /X{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}

Galería fotográfica de Windows Live-->MsiExec.exe /X{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}

Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}

Galerie de photos Windows Live-->MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710}

GIMP 2.8.6-->"C:\Program Files\GIMP 2\uninst\unins000.exe"

Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_231F3FD17DB59CFD.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

GrabIt 1.7.2 Beta 4 (build 997)-->"C:\Program Files (x86)\GrabIt\unins000.exe"

Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall

Intel® Network Connections 15.8.75.0-->MsiExec.exe /i{21927AF8-8738-455F-AB98-7FF8FBFC6282} ARPREMOVE=1

Intel® Network Connections 15.8.75.0-->MsiExec.exe /i{21927AF8-8738-455F-AB98-7FF8FBFC6282} ARPREMOVE=1

Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall

IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe

iTunes-->MsiExec.exe /I{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}

Java 6 Update 22 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416022FF}

Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

Karen's Directory Printer-->C:\Program Files (x86)\Karen's Power Tools\Directory Printer\uninstall.exe

Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave-->MsiExec.exe /I{CA227A9D-09BE-4BFB-9764-48FED2DA5454}

Malwarebytes Anti-Malware versie 1.75.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Medion Home Cinema-->"C:\Program Files (x86)\InstallShield Installation Information\{AB770FDE-8087-4C98-9A85-BD64262C104C}\Setup.exe" /z-uninstall

Medion Home Cinema-->"C:\Program Files (x86)\InstallShield Installation Information\{AB770FDE-8087-4C98-9A85-BD64262C104C}\Setup.exe" /z-uninstall

Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}

Microsoft Office Klik-en-Klaar 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall

Microsoft Office Klik-en-Klaar 2010-->MsiExec.exe /I{90140000-006D-0413-1000-0000000FF1CE}

Microsoft Office Starter 2010 - Nederlands-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0413-0000-0000000FF1CE}

Microsoft PowerPoint Viewer-->MsiExec.exe /X{95140000-00AF-0413-0000-0000000FF1CE}

Microsoft Security Client-->MsiExec.exe /X{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}

Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}

MioMore Desktop 7.50-->C:\Program Files (x86)\Mio\MioMore Desktop 7.50\Uninstall.exe

Mozilla Firefox 25.0.1 (x86 nl)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"

Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"

Mozilla Thunderbird (3.1.9)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

NVIDIA Graphics Driver 263.13-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.Driver

NVIDIA HD Audio Driver 1.1.9.0-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage HDAudio.Driver

NVIDIA PhysX System Software 9.10.0514-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.PhysX

NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}

OLYMPUS Digital Camera Updater-->MsiExec.exe /X{A68C62E8-B243-4777-89BB-12173DFA1D45}

OLYMPUS Viewer 2-->MsiExec.exe /X{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}

OpenOffice.org 3.3-->MsiExec.exe /I{C3BAE9CC-EC6B-4B3E-80C1-C1EC29A09AF8}

PC Wizard 2010.1.96-->"C:\Program Files (x86)\CPUID\PC Wizard 2010\unins000.exe"

Photoupz 1.6-->C:\Program Files (x86)\Photoupz\uninst.exe

Pixlr-o-matic-->msiexec /qb /x {41A63ADA-088B-1C2D-43B3-E4087FE79881}

Pixlr-o-matic-->MsiExec.exe /I{41A63ADA-088B-1C2D-43B3-E4087FE79881}

PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}

Poczta usługi Windows Live-->MsiExec.exe /I{64376910-1860-4CEF-8B34-AA5D205FC5F1}

Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383}

Pošta Windows Live-->MsiExec.exe /I{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}

QuickPar 0.9-->C:\Program Files (x86)\QuickPar\uninst.exe

QuickTime-->MsiExec.exe /I{B67BAFBA-4C9F-48FA-9496-933E3B255044}

Raccolta foto di Windows Live-->MsiExec.exe /X{ED16B700-D91F-44B0-867C-7EB5253CA38D}

Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709

Recuva-->"C:\Program Files\Recuva\uninst.exe"

Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\setup.exe" -runfromtemp -l0x0409 -removeonly

Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}

Safari-->MsiExec.exe /I{FA4C2D53-205F-4245-9717-F3761154824D}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client

SelectionLinks-->C:\Program Files (x86)\OApps\sl-dlc_uninstall.exe

Skype™ 6.3-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}

Spelling Dictionaries Support For Adobe Reader X-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-A00000000004}

Stuurprogrammapakket voor Windows - Fedict SmartCard (12/08/2009 4.0.0.3)-->rundll32.exe C:\PROGRA~1\DIFX\ED00A7CB25A64AAB\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\beidmdrv.inf_amd64_neutral_a86dbbf53927a0ff\beidmdrv.inf

TigoTago-->C:\Program Files (x86)\Yoplo\TigoTago\uninstall.exe

Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe

Total Commander 64-bit (Remove or Repair)-->c:\totalcmd\tcunin64.exe

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi-->MsiExec.exe /I{241E7104-937A-4366-AD57-8FDDDB003939}

Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}

VLC media player 1.1.8-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

Wave Editor 3.2.0.8-->"C:\Program Files (x86)\Wave Editor\unins000.exe"

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{17F99FCE-8F03-4439-860A-25C5A5434E18}

Windows Live Essentials-->MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073}

Windows Live Essentials-->MsiExec.exe /I{410DF0AA-882D-450D-9E1B-F5397ACFFA80}

Windows Live Essentials-->MsiExec.exe /I{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}

Windows Live Essentials-->MsiExec.exe /I{827D3E4A-0186-48B7-9801-7D1E9DD40C07}

Windows Live Essentials-->MsiExec.exe /I{B618C3BF-5142-4630-81DD-F96864F97C7E}

Windows Live Essentials-->MsiExec.exe /I{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}

Windows Live Essentials-->MsiExec.exe /I{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live Essentials-->MsiExec.exe /I{FEEF7F78-5876-438B-B554-C4CC426A4302}

Windows Live Fotogalerie-->MsiExec.exe /X{B113D18C-67B0-4FB7-B329-E89B66194AE6}

Windows Live Fotoğraf Galerisi-->MsiExec.exe /X{BD695C2F-3EA0-4DA4-92D5-154072468721}

Windows Live Fotótár-->MsiExec.exe /X{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}

Windows Live Mail-->MsiExec.exe /I{0D261C88-454B-46FE-B43B-640E621BDA11}

Windows Live Mail-->MsiExec.exe /I{10186F1A-6A14-43DF-A404-F0105D09BB07}

Windows Live Mail-->MsiExec.exe /I{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}

Windows Live Mail-->MsiExec.exe /I{63CF7D0C-B6E7-4EE9-8253-816B613CC437}

Windows Live Mail-->MsiExec.exe /I{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}

Windows Live Mail-->MsiExec.exe /I{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}

Windows Live Mail-->MsiExec.exe /I{B1239994-A850-44E2-BED8-E70A21124E16}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Mail-->MsiExec.exe /I{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}

Windows Live Mail-->MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C}

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen-->MsiExec.exe /I{C32CE55C-12BA-4951-8797-0967FDEF556F}

Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}

Windows Live Mesh ActiveX control for remote connections-->MsiExec.exe /I{C5398A89-516C-4DAF-BA07-EE7949090E56}

Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}

Windows Live Mesh ActiveX-objekt til fjernforbindelser-->MsiExec.exe /I{57220148-3B2B-412A-A2E0-82B9DF423696}

Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz-->MsiExec.exe /I{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}

Windows Live Mesh-->MsiExec.exe /I{00884F14-05BD-4D8E-90E5-1ABF78948CA4}

Windows Live Mesh-->MsiExec.exe /I{3F4143A1-9C21-4011-8679-3BC1014C6886}

Windows Live Mesh-->MsiExec.exe /I{46872828-6453-4138-BE1C-CE35FBF67978}

Windows Live Mesh-->MsiExec.exe /I{5CF5B1A5-CBC3-42F0-8533-5A5090665862}

Windows Live Mesh-->MsiExec.exe /I{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}

Windows Live Mesh-->MsiExec.exe /I{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}

Windows Live Mesh-->MsiExec.exe /I{7496FD31-E5CB-4AE4-82D3-31099558BF6A}

Windows Live Mesh-->MsiExec.exe /I{78DAE910-CA72-450E-AD22-772CB1A00678}

Windows Live Mesh-->MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}

Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}

Windows Live Mesh-->MsiExec.exe /I{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}

Windows Live Mesh-->MsiExec.exe /I{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}

Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}

Windows Live Mesh-->MsiExec.exe /I{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}

Windows Live Messenger-->MsiExec.exe /X{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}

Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}

Windows Live Messenger-->MsiExec.exe /X{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}

Windows Live Messenger-->MsiExec.exe /X{2F54E453-8C93-4B3B-936A-233C909E6CAC}

Windows Live Messenger-->MsiExec.exe /X{443B561F-DE1B-4DEF-ADD9-484B684653C7}

Windows Live Messenger-->MsiExec.exe /X{48294D95-EE9A-4377-8213-44FC4265FB27}

Windows Live Messenger-->MsiExec.exe /X{4B744C85-DBB1-4038-B989-4721EB22C582}

Windows Live Messenger-->MsiExec.exe /X{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}

Windows Live Messenger-->MsiExec.exe /X{8FF3891F-01B5-4A71-BFCD-20761890471C}

Windows Live Messenger-->MsiExec.exe /X{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}

Windows Live Messenger-->MsiExec.exe /X{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}

Windows Live Messenger-->MsiExec.exe /X{B2E90616-C50D-4B89-A40D-92377AC669E5}

Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}

Windows Live Messenger-->MsiExec.exe /X{E9AD2143-26D5-4201-BED1-19DCC03B407D}

Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}

Windows Live Movie Maker-->MsiExec.exe /X{60C3C026-DB53-4DAB-8B97-7C1241F9A847}

Windows Live Movie Maker-->MsiExec.exe /X{640798A0-A4FB-4C52-AC72-755134767F1E}

Windows Live Movie Maker-->MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Movie Maker-->MsiExec.exe /X{A101F637-2E56-42C0-8E08-F1E9086BFAF3}

Windows Live Movie Maker-->MsiExec.exe /X{BF022D76-9F72-4203-B8FA-6522DC66DFDA}

Windows Live Movie Maker-->MsiExec.exe /X{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}

Windows Live Movie Maker-->MsiExec.exe /X{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}

Windows Live Movie Maker-->MsiExec.exe /X{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}

Windows Live Movie Maker-->MsiExec.exe /X{E4E88B54-4777-4659-967A-2EED1E6AFD83}

Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}

Windows Live Movie Maker-->MsiExec.exe /X{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}

Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81}

Windows Live Photo Common-->MsiExec.exe /X{370F888E-42A7-4911-9E34-7D74632E17EB}

Windows Live Photo Common-->MsiExec.exe /X{6B556C37-8919-4991-AC34-93D018B9EA49}

Windows Live Photo Common-->MsiExec.exe /X{73FC3510-6421-40F7-9503-EDAE4D0CF70D}

Windows Live Photo Common-->MsiExec.exe /X{84267681-BF16-40B6-9564-27BC57D7D71C}

Windows Live Photo Common-->MsiExec.exe /X{85373DA7-834E-4850-8AF5-1D99F7526857}

Windows Live Photo Common-->MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B}

Windows Live Photo Common-->MsiExec.exe /X{A41A708E-3BE6-4561-855D-44027C1CF0F8}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}

Windows Live Photo Common-->MsiExec.exe /X{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}

Windows Live Photo Common-->MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live Photo Gallery-->MsiExec.exe /X{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}

Windows Live Photo Gallery-->MsiExec.exe /X{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}

Windows Live Photo Gallery-->MsiExec.exe /X{CF671BFE-6BA3-44E7-98C1-500D9C51D947}

Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}

Windows Live Remote Client Resources-->MsiExec.exe /I{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}

Windows Live Remote Client Resources-->MsiExec.exe /I{2F304EF4-0C31-47F4-8557-0641AAE4197C}

Windows Live Remote Client Resources-->MsiExec.exe /I{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}

Windows Live Remote Client Resources-->MsiExec.exe /I{692CCE55-9EAE-4F57-A834-092882E7FE0B}

Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}

Windows Live Remote Client Resources-->MsiExec.exe /I{850B8072-2EA7-4EDC-B930-7FE569495E76}

Windows Live Remote Client Resources-->MsiExec.exe /I{8970AE69-40BE-4058-9916-0ACB1B974A3D}

Windows Live Remote Client Resources-->MsiExec.exe /I{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}

Windows Live Remote Client Resources-->MsiExec.exe /I{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}

Windows Live Remote Client Resources-->MsiExec.exe /I{C9F05151-95A9-4B9B-B534-1760E2D014A5}

Windows Live Remote Client Resources-->MsiExec.exe /I{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}

Windows Live Remote Client Resources-->MsiExec.exe /I{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}

Windows Live Remote Client Resources-->MsiExec.exe /I{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}

Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}

Windows Live Remote Service Resources-->MsiExec.exe /I{19F09425-3C20-4730-9E2A-FC2E17C9F362}

Windows Live Remote Service Resources-->MsiExec.exe /I{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}

Windows Live Remote Service Resources-->MsiExec.exe /I{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}

Windows Live Remote Service Resources-->MsiExec.exe /I{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}

Windows Live Remote Service Resources-->MsiExec.exe /I{5E2CD4FB-4538-4831-8176-05D653C3E6D4}

Windows Live Remote Service Resources-->MsiExec.exe /I{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}

Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}

Windows Live Remote Service Resources-->MsiExec.exe /I{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}

Windows Live Remote Service Resources-->MsiExec.exe /I{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}

Windows Live Remote Service Resources-->MsiExec.exe /I{A679FBE4-BA2D-4514-8834-030982C8B31A}

Windows Live Remote Service Resources-->MsiExec.exe /I{D3E4F422-7E0F-49C7-8B00-F42490D7A385}

Windows Live Remote Service Resources-->MsiExec.exe /I{D930AF5C-5193-4616-887D-B974CEFC4970}

Windows Live Remote Service Resources-->MsiExec.exe /I{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}

Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live Temel Parçalar-->MsiExec.exe /I{1203DC60-D9BD-44F9-B372-2B8F227E6094}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{09922FFE-D153-44AE-8B60-EA3CB8088F93}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{37B33B16-2535-49E7-8990-32668708A0A3}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{40BFD84C-64CD-42CC-9909-8734C50429C6}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{4D141929-141B-4605-95D6-2B8650C1C6DA}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{523DF2BB-3A85-4047-9898-29DC8AEB7E69}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{76046298-768C-492C-8C93-2983C9E3719E}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{77477AEA-5757-47D8-8B33-939F43D82218}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{E5DD4723-FE0B-436E-A815-DC23CF902A0B}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218}

Windows Live Writer Resources-->MsiExec.exe /X{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}

Windows Live Writer Resources-->MsiExec.exe /X{26E3C07C-7FF7-4362-9E99-9E49E383CF16}

Windows Live Writer Resources-->MsiExec.exe /X{3125D9DE-8D7A-4987-95F3-8A42389833D8}

Windows Live Writer Resources-->MsiExec.exe /X{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}

Windows Live Writer Resources-->MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194}

Windows Live Writer Resources-->MsiExec.exe /X{7E90B133-FF47-48BB-91B8-36FC5A548FE9}

Windows Live Writer Resources-->MsiExec.exe /X{93E464B3-D075-4989-87FD-A828B5C308B1}

Windows Live Writer Resources-->MsiExec.exe /X{C29FC15D-E84B-4EEC-8505-4DED94414C59}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer Resources-->MsiExec.exe /X{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}

Windows Live Writer Resources-->MsiExec.exe /X{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}

Windows Live Writer Resources-->MsiExec.exe /X{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}

Windows Live Writer-->MsiExec.exe /X{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}

Windows Live Writer-->MsiExec.exe /X{1D6C2068-807F-4B76-A0C2-62ED05656593}

Windows Live Writer-->MsiExec.exe /X{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}

Windows Live Writer-->MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F}

Windows Live Writer-->MsiExec.exe /X{48C0DC5E-820A-44F2-890E-29B68EDD3C78}

Windows Live Writer-->MsiExec.exe /X{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}

Windows Live Writer-->MsiExec.exe /X{71A81378-79D5-40CC-9BDC-380642D1A87F}

Windows Live Writer-->MsiExec.exe /X{7E017923-16F8-4E32-94EF-0A150BD196FE}

Windows Live Writer-->MsiExec.exe /X{859D4022-B76D-40DE-96EF-C90CDA263F44}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

Windows Live Writer-->MsiExec.exe /X{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}

Windows Live Writer-->MsiExec.exe /X{E55E0C35-AC3C-4683-BA2F-834348577B80}

Windows Live Writer-->MsiExec.exe /X{E8524B28-3BBB-4763-AC83-0E83FE31C350}

Windows Live-->MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}

Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows-stuurprogrammapakket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)-->C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst.exe /d /u C:\Windows\System32\DriverStore\FileRepository\olycamcomm64.inf_amd64_neutral_ef14f466647d2167\olycamcomm64.inf

WinRAR 4.00 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe

Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις-->MsiExec.exe /I{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}

Συλλογή φωτογραφιών του Windows Live-->MsiExec.exe /X{C00C2A91-6CB3-483F-80B3-2958E29468F1}

======System event log======

Computer Name: Enterprise

Event Code: 1118

Message: Microsoft Antimalware heeft een niet-kritieke fout gevonden tijdens het ondernemen van actie tegen schadelijke of andere mogelijk ongewenste software.

Zie de onderstaande gegevens voor meer informatie:

TrojanDownloader:Java/Rexec

Naam: TrojanDownloader:Java/Rexec

Id: 2147657903

Ernst: Ernstig

Categorie: Downloadprogramma in Trojaans paard

Pad: containerfile:_C:\Users\Philip\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120621132941726.rsc;file:_C:\Users\Philip\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120621132941726.rsc->120621132941726-000864.file

Detectieoorsprong: Lokale computer

Detectietype: Concreet

Detectiebron: Systeem

Gebruiker: NT AUTHORITY\SYSTEM

Procesnaam: Unknown

Actie: In quarantaine plaatsen

Actiestatus: No additional actions required

Foutcode: 0x800700df

Foutbeschrijving: De bestandsgrootte heeft de toegestane limiet overschreden en kan niet worden opgeslagen.

Versie handtekening: AV: 1.155.2339.0, AS: 1.155.2339.0, NIS: 17.36.0.0

Versie engine: AM: 1.1.9700.0, NIS: 2.1.8904.0

Record Number: 21200110

Source Name: Microsoft Antimalware

Time Written: 20130815165210.000000-000

Event Type: Waarschuwing

User:

Computer Name: Enterprise

Event Code: 1118

Message: Microsoft Antimalware heeft een niet-kritieke fout gevonden tijdens het ondernemen van actie tegen schadelijke of andere mogelijk ongewenste software.

Zie de onderstaande gegevens voor meer informatie:

Trojan:Win32/Reveton.C

Naam: Trojan:Win32/Reveton.C

Id: 2147654102

Ernst: Ernstig

Categorie: Trojaans paard

Pad: containerfile:_C:\Users\Philip\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120621132941726.rsc;file:_C:\Users\Philip\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120621132941726.rsc->120621132941726-000651.file

Detectieoorsprong: Lokale computer

Detectietype: Concreet

Detectiebron: Systeem

Gebruiker: NT AUTHORITY\SYSTEM

Procesnaam: Unknown

Actie: In quarantaine plaatsen

Actiestatus: No additional actions required

Foutcode: 0x800700df

Foutbeschrijving: De bestandsgrootte heeft de toegestane limiet overschreden en kan niet worden opgeslagen.

Versie handtekening: AV: 1.155.2339.0, AS: 1.155.2339.0, NIS: 17.36.0.0

Versie engine: AM: 1.1.9700.0, NIS: 2.1.8904.0

Record Number: 21200109

Source Name: Microsoft Antimalware

Time Written: 20130815165210.000000-000

Event Type: Waarschuwing

User:

Computer Name: Enterprise

Event Code: 7036

Message: De Windows Modules Installer-service heeft nu de status gestopt.

Record Number: 21200108

Source Name: Service Control Manager

Time Written: 20130815164802.381536-000

Event Type: Informatie

User:

Computer Name: Enterprise

Event Code: 7040

Message: Het opstarttype van de service Windows Modules Installer is gewijzigd van automatisch starten in starten op aanvraag.

Record Number: 21200107

Source Name: Service Control Manager

Time Written: 20130815164802.131935-000

Event Type: Informatie

User: NT AUTHORITY\SYSTEM

Computer Name: Enterprise

Event Code: 7040

Message: Het opstarttype van de service Windows Modules Installer is gewijzigd van starten op aanvraag in automatisch starten.

Record Number: 21200106

Source Name: Service Control Manager

Time Written: 20130815164801.305134-000

Event Type: Informatie

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Enterprise

Event Code: 33

Message: Kan activeringscontext voor 'C:\Windows\system32\conhost.exe' niet maken. Kan afhankelijke assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Record Number: 248666

Source Name: SideBySide

Time Written: 20131110215300.000000-000

Event Type: Fout

User:

Computer Name: Enterprise

Event Code: 33

Message: Kan activeringscontext voor 'C:\Windows\system32\conhost.exe' niet maken. Kan afhankelijke assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Record Number: 248665

Source Name: SideBySide

Time Written: 20131110215200.000000-000

Event Type: Fout

User:

Computer Name: Enterprise

Event Code: 33

Message: Kan activeringscontext voor 'C:\Windows\system32\conhost.exe' niet maken. Kan afhankelijke assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Record Number: 248664

Source Name: SideBySide

Time Written: 20131110215100.000000-000

Event Type: Fout

User:

Computer Name: Enterprise

Event Code: 33

Message: Kan activeringscontext voor 'C:\Windows\system32\conhost.exe' niet maken. Kan afhankelijke assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Record Number: 248663

Source Name: SideBySide

Time Written: 20131110215000.000000-000

Event Type: Fout

User:

Computer Name: Enterprise

Event Code: 33

Message: Kan activeringscontext voor 'C:\Windows\system32\conhost.exe' niet maken. Kan afhankelijke assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Record Number: 248662

Source Name: SideBySide

Time Written: 20131110214900.000000-000

Event Type: Fout

User:

=====Security event log=====

Computer Name: Enterprise

Event Code: 4624

Message: Er is een account aangemeld.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: ENTERPRISE$

Accountdomein: WORKGROUP

Aanmeldings-id: 0x3e7

Aanmeldingstype: 5

Nieuwe aanmelding:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Procesgegevens:

Proces-id: 0x26c

Naam proces: C:\Windows\System32\services.exe

Netwerkgegevens:

Naam van werkstation:

Netwerkadres van bron: -

Poort van bron: -

Gedetailleerde verificatiegegevens:

Aanmeldingsproces: Advapi

Verificatiepakket: Negotiate

Doorgezette services: -

Pakketnaam (alleen NTLM): -

Sleutellengte: 0

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

Record Number: 2901

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110516220000.986366-000

Event Type: Controle geslaagd

User:

Computer Name: Enterprise

Event Code: 4672

Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Bevoegdheden: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 2900

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110516194708.003338-000

Event Type: Controle geslaagd

User:

Computer Name: Enterprise

Event Code: 4624

Message: Er is een account aangemeld.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: ENTERPRISE$

Accountdomein: WORKGROUP

Aanmeldings-id: 0x3e7

Aanmeldingstype: 5

Nieuwe aanmelding:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Procesgegevens:

Proces-id: 0x26c

Naam proces: C:\Windows\System32\services.exe

Netwerkgegevens:

Naam van werkstation:

Netwerkadres van bron: -

Poort van bron: -

Gedetailleerde verificatiegegevens:

Aanmeldingsproces: Advapi

Verificatiepakket: Negotiate

Doorgezette services: -

Pakketnaam (alleen NTLM): -

Sleutellengte: 0

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

Record Number: 2899

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110516194708.003338-000

Event Type: Controle geslaagd

User:

Computer Name: Enterprise

Event Code: 4672

Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Bevoegdheden: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 2898

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110516175107.460217-000

Event Type: Controle geslaagd

User:

Computer Name: Enterprise

Event Code: 4624

Message: Er is een account aangemeld.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: ENTERPRISE$

Accountdomein: WORKGROUP

Aanmeldings-id: 0x3e7

Aanmeldingstype: 5

Nieuwe aanmelding:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Procesgegevens:

Proces-id: 0x26c

Naam proces: C:\Windows\System32\services.exe

Netwerkgegevens:

Naam van werkstation:

Netwerkadres van bron: -

Poort van bron: -

Gedetailleerde verificatiegegevens:

Aanmeldingsproces: Advapi

Verificatiepakket: Negotiate

Doorgezette services: -

Pakketnaam (alleen NTLM): -

Sleutellengte: 0

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

Record Number: 2897

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110516175107.460217-000

Event Type: Controle geslaagd

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Belgium Identity Card;%PROGRAMFILES%\Internet Explorer;C:\Program Files (x86)\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=4

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=2a07

"asl.log"=Destination=file

"CLASSPATH"=.;C:\Program Files (x86)\Belgium Identity Card;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

[kape]

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Ga naar Java en download daar de correcte Java versie.

• Klik op "Gratis Java-download".
  
• Ga akkoord met de licentiebepalingen en klik op de button voor de gratis download.
  
• Het bestand JavaSetup wordt aangeboden - kies hier voor "bestand opslaan".
  
• Sluit alle programma's die eventueel open zijn - zeker je web browser!
  
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  
• Vink alles aan met Java Runtime Environment (JRE of J2SE of JAVA) in de naam.
  
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  
• Herhaal dit tot alle oudere versies verdwenen zijn.
  
• Na het verwijderen van alle oudere versies, herstart je pc.
  
• Klik vervolgens op JavaSetup om de nieuwste versie van Java te installeren.
  
• Vink de installatie van de Ask toolbar uit en ga dan verder met de installatie.
  

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie).

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

chromelook; 
firefoxlook;
  C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\extensions\[email="2020Player_IKEA@2020Technologies.com"]2020Player_IKEA@2020Technologies.com[/email];fs
 C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\extensions\staged;fs
 C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b};fs
 C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\babylon.xml;f
 C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\BrowserProtect.xml;f
 C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\imdb.xml;f
 C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\mixidj.xml;f
 C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\search-here.xml;f
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}];r
 Avqrvmmg;s
ekjuykfo;s
eppskxwu;s
fxaswngm;s
gzrapzyj;s
hjskxrqe;s
hqbtcxge;s
knlwebnz;s
mpvqibpo;s
odssfeow;s
skowexij;s
 Java(TM) 6 Update 22;u
 Java(TM) 6 Update 22;u
 emptyfolderscheck;delete 
startupall; 
filesrcm;

• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[fluup]

Hoi

Ik weet niet of het uitmaakt of ik dit in safe mode of normale mode doe

[kape]

Maakt niet echt uit ! Kan het in normale modus, doe dat dan. Zo niet, neem je veilige modus.

[fluup]

hier het logje

Zoek.exe v5.0.0.0 Updated 18-Januari-2014

Tool run by Philip on zo 19/01/2014 at 18:21:58,09.

Microsoft Windows 7 Home Premium 6.1.7600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Philip\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

19/01/2014 18:36:10 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Activation deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully

C:\ProgramData\Babylon deleted successfully

C:\ProgramData\CanonEPP deleted successfully

C:\ProgramData\CanonIJEPPEX2 deleted successfully

C:\ProgramData\Karen's Power Tools deleted successfully

C:\ProgramData\Oracle deleted successfully

C:\Users\Philip\AppData\Roaming\DefaultTab deleted successfully

C:\Users\Philip\AppData\Roaming\Media Player Classic deleted successfully

C:\Users\Philip\AppData\Roaming\Software Inspection Library deleted successfully

C:\Users\Philip\AppData\Roaming\TP deleted successfully

C:\Users\surfen\AppData\Local\VirtualStore deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avqrvmmg deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avqrvmmg deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ekjuykfo deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ekjuykfo deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eppskxwu deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eppskxwu deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fxaswngm deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fxaswngm deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gzrapzyj deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gzrapzyj deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hjskxrqe deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hjskxrqe deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hqbtcxge deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hqbtcxge deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\knlwebnz deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\knlwebnz deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpvqibpo deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mpvqibpo deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\odssfeow deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\odssfeow deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\skowexij deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\skowexij deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]

==== Deleting Files \ Folders ======================

C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\extensions\2020Player_IKEA@2020Technologies.com deleted

C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\extensions\staged deleted

C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} deleted

"C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\babylon.xml" deleted

"C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\BrowserProtect.xml" deleted

"C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\imdb.xml" deleted

"C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\mixidj.xml" deleted

"C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default\searchplugins\search-here.xml" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Philip\AppData\Local\Temp ====

2014-01-18 18:49:44 BCD9E4D7900D2DF19B809D8C719392C7 230400 ----a-w- C:\Users\Philip\AppData\Local\Temp\0537.dll

====== Java Cache =====

2014-01-19 17:11:30 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-14ef6ee7

2014-01-19 17:11:23 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-215db979

2014-01-19 17:11:23 BF484809E8F0F8BD45EBAA9AD4A936B0 99 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap

2014-01-19 17:11:22 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-327e0305

2014-01-19 17:11:24 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-5249971a

2014-01-15 21:20:47 73DACBBEB0B19E64C801466CF3301CBC 25715 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3482e945-17280543

2014-01-19 17:23:18 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-3a11c8f2

====== C:\Windows\SysWOW64 =====

2014-01-19 17:09:39 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe

2014-01-19 17:09:31 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe

2014-01-19 17:09:31 A7871E39687EC6EE9712209DAE248B3A 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-01-19 17:09:31 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Windows\SysWOW64\java.exe

2014-01-12 15:39:56 FC26D3B40C5E612FE925CDEE31ECED09 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll

2014-01-12 15:39:56 4716E04E53A988B9745B227B51CBF134 295424 ----a-w- C:\Windows\SysWOW64\atmfd.dll

2014-01-12 15:36:03 97CCB4D737B426B200E5EF90C877DF32 158720 ----a-w- C:\Windows\SysWOW64\imagehlp.dll

2014-01-12 15:36:02 AFF03EAADAB9BE41A98B76332B980283 5120 ----a-w- C:\Windows\SysWOW64\wmi.dll

2014-01-12 15:33:05 662398B18EE2A910265630893AD09B1B 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll

2014-01-12 15:32:47 DD670B01D42CCC61232320E120B62033 492032 ----a-w- C:\Windows\SysWOW64\win32spl.dll

2014-01-12 15:32:45 056B0E466AD1C99D9892F9C7DD4A8449 541184 ----a-w- C:\Windows\SysWOW64\kerberos.dll

2014-01-12 15:32:42 30EFF24123E5A2A24F2308DDBCFB633C 78336 ----a-w- C:\Windows\SysWOW64\synceng.dll

2014-01-12 15:32:36 5ABB67F8CA088F32F8BF1A81F1C82EA9 6032384 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2014-01-12 15:32:32 61B689EF11BC48F230C69A4BC49C57DA 2077184 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2014-01-12 15:32:31 A5A2C690C2B9417D79998EBB1C782564 11019776 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2014-01-12 15:32:28 6257FAEB361E9069AEBCBB87CB8811AA 627200 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2014-01-12 15:32:28 4B11E69A3AD8CA55193565F824FC3747 1230848 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2014-01-12 15:32:27 FD2069827C3DBB1F16A313A2F0EBC2C2 606208 ----a-w- C:\Windows\SysWOW64\mstime.dll

2014-01-12 15:32:26 6A02CB2EDC24630845D11B507952141A 981504 ----a-w- C:\Windows\SysWOW64\wininet.dll

2014-01-12 15:32:25 99103984D22678A16D8A53B7CCA0958E 381440 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll

2014-01-12 15:32:24 D314EACECB5C89C834DC071AD5C0CC6D 132096 ----a-w- C:\Windows\SysWOW64\url.dll

2014-01-12 15:32:24 BFB6DB1B3E161C83258DB02A86B709DC 185856 ----a-w- C:\Windows\SysWOW64\iepeers.dll

2014-01-12 15:32:24 B90716F11E4AE892E19C2A68CB764404 44544 ----a-w- C:\Windows\SysWOW64\licmgr10.dll

2014-01-12 15:32:24 9215A667742ADACAA656EBEF06F7EDA3 386048 ----a-w- C:\Windows\SysWOW64\html.iec

2014-01-12 15:32:24 8A2C077BEF0D7EDF8B47A81C209C439F 67584 ----a-w- C:\Windows\SysWOW64\mshtmled.dll

2014-01-12 15:32:24 616F3B69DE4E2F70A45437A85E9D7DD2 64512 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll

2014-01-12 15:32:24 611AFD393D035580C015065D990C8740 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll

2014-01-12 15:32:23 4E201C980E43A49224123D42BACFC595 1638912 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2014-01-12 15:32:23 3BB1D5DFC245245F4C60A9574F66C303 12800 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe

2014-01-12 15:32:23 0F6DDF69657EAA26A8A533B5227BF8F7 48128 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2014-01-12 15:32:20 6E26AABE8342B18A9215CC71039AD7B4 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll

2014-01-12 15:32:19 958D942D273AD5AA72A6CBC503183E02 660 ----a-w- C:\Windows\SysWOW64\sys32dlkb.dll

2014-01-12 15:32:19 8C4917F8945D888E54542B720CD929F7 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe

2014-01-12 15:32:19 7E4E5B7B5015BE9963E92E1D7325F4A2 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll

2014-01-12 15:32:19 68E0354B7CFEA7D617B17F4473723260 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll

2014-01-12 15:32:19 385BE92E3106491BBB542F8F1C06C606 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll

2014-01-12 15:32:19 11BFDDA19C92775C515F61353180E027 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe

2014-01-12 15:32:17 FE2EA676F981AAEB1E552557B56635D7 2048 ----a-w- C:\Windows\SysWOW64\user.exe

2014-01-12 15:32:10 E6CBA5A625E1AC65261D97809CE03B51 36864 ----a-w- C:\Windows\SysWOW64\tsgqec.dll

2014-01-12 15:32:10 DE8EF41911A07E14EB8C89599743FB81 2691072 ----a-w- C:\Windows\SysWOW64\mstscax.dll

2014-01-12 15:32:10 BE6866F36C4BF3296FC117F56376F031 131072 ----a-w- C:\Windows\SysWOW64\aaclient.dll

2014-01-12 15:32:08 35C0FF8D1999D1B32F6FEB2FBC976F18 376832 ----a-w- C:\Windows\SysWOW64\dpnet.dll

2014-01-12 15:32:07 2A089E7AB1C81D9D2EF5CE9554DB97BB 1388544 ----a-w- C:\Windows\SysWOW64\msxml6.dll

2014-01-12 15:32:06 462400256655B8DAE8DD8E33720481AF 1236992 ----a-w- C:\Windows\SysWOW64\msxml3.dll

2014-01-12 15:31:43 5BBF32865EB3D66988C6E06834EC2675 219136 ----a-w- C:\Windows\SysWOW64\ncrypt.dll

2014-01-12 15:31:43 334A663962618F7A136FA1F80F773C5F 172544 ----a-w- C:\Windows\SysWOW64\wintrust.dll

2014-01-12 15:31:41 B02D4E4A4EBEF9E33488969DF6E9BC22 3958120 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe

2014-01-12 15:31:40 D1751CB2E03D7F57AC04C702D02974AC 3902312 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe

2014-01-12 15:31:40 8BCE0FBF28C2C6AEE2BB58505D345373 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll

2014-01-12 15:30:45 7DA089C75B1E92032D0CBE4ADE7C32BC 1157632 ----a-w- C:\Windows\SysWOW64\crypt32.dll

2014-01-12 15:30:43 F2FDE6C8DBAAD44CC58D1E07E4AF4EED 139264 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll

2014-01-12 15:30:43 1F778C34C751E1B585E4FC66659BA904 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-01-12 15:39:56 94094E8FE42319471D3845485EEA66FF 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll

2014-01-12 15:39:56 778D7DFD114A300E79496291FDB9169F 367616 ----a-w- C:\Windows\Sysnative\atmfd.dll

2014-01-12 15:36:03 15A54626213EBF003F7D4C9D8380A656 80896 ----a-w- C:\Windows\Sysnative\imagehlp.dll

2014-01-12 15:36:02 76DC9F4FE66BC3867615F142766B4C50 5120 ----a-w- C:\Windows\Sysnative\wmi.dll

2014-01-12 15:33:05 29C9C38E15F775C94FE0D53CBBAE958E 2048 ----a-w- C:\Windows\Sysnative\tzres.dll

2014-01-12 15:32:47 ABB515748212F8B5D3A9B07041E97B32 751104 ----a-w- C:\Windows\Sysnative\win32spl.dll

2014-01-12 15:32:45 00B40A10E3DB79E4D3E127B9C2233A6B 714752 ----a-w- C:\Windows\Sysnative\kerberos.dll

2014-01-12 15:32:42 288D1B3F5D094BBE05F9BD19FAA0C2B9 95744 ----a-w- C:\Windows\Sysnative\synceng.dll

2014-01-12 15:32:37 633B37E7AB84DF5E0A95173A9C33938F 9377280 ----a-w- C:\Windows\Sysnative\mshtml.dll

2014-01-12 15:32:34 C640993D91902D7E05037A134409C205 12405760 ----a-w- C:\Windows\Sysnative\ieframe.dll

2014-01-12 15:32:33 DE84BB2286490E260C2294D56C41B80A 2463744 ----a-w- C:\Windows\Sysnative\iertutil.dll

2014-01-12 15:32:29 C6D1280AE74CE2E4C30A775429DC655E 1026560 ----a-w- C:\Windows\Sysnative\mstime.dll

2014-01-12 15:32:29 2874307E9E3BCFDED87A000D30B0E59C 1499648 ----a-w- C:\Windows\Sysnative\urlmon.dll

2014-01-12 15:32:29 01B0D00A22BDE028490686E562EE66FA 735744 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2014-01-12 15:32:27 8523338F749AC8C5300C125BC4B08275 1198080 ----a-w- C:\Windows\Sysnative\wininet.dll

2014-01-12 15:32:25 0C8C6E188253785B0F8FDFA9FD2CAE4F 445952 ----a-w- C:\Windows\Sysnative\iedkcs32.dll

2014-01-12 15:32:24 DE9E43A8CC5A0831059D17499D593A33 482816 ----a-w- C:\Windows\Sysnative\html.iec

2014-01-12 15:32:24 9E9292E72C43EE4BC98E2EB2D244C7A2 57856 ----a-w- C:\Windows\Sysnative\licmgr10.dll

2014-01-12 15:32:24 48692821373CBA186635EEADA4F4C8C7 97792 ----a-w- C:\Windows\Sysnative\mshtmled.dll

2014-01-12 15:32:24 40DA358B673B476E2F741D5606F3EB80 82944 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll

2014-01-12 15:32:24 352BA603FBF4720287C5DA8E83EE2830 134144 ----a-w- C:\Windows\Sysnative\url.dll

2014-01-12 15:32:24 34C095BAC39B3F20DEC8E329C03A1A23 256000 ----a-w- C:\Windows\Sysnative\iepeers.dll

2014-01-12 15:32:23 71EE6C5D68E0E07BDB3D5C04F36645DF 12288 ----a-w- C:\Windows\Sysnative\msfeedssync.exe

2014-01-12 15:32:23 3651766F456E5707C3239DEC35ED1DC8 247808 ----a-w- C:\Windows\Sysnative\ieui.dll

2014-01-12 15:32:23 2D75189BFB44F201AF815F9B707A186D 64512 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2014-01-12 15:32:23 1EBB980D67EFF953B9A230EDB3FFA615 1638912 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2014-01-12 15:32:21 C5097B45DE21ADF2469B69DFC64DCE55 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll

2014-01-12 15:32:21 865C5A432F2855F0669DCE66547CC237 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll

2014-01-12 15:32:21 43DB3433F141F01E53D1C5AA0F434098 1161216 ----a-w- C:\Windows\Sysnative\kernel32.dll

2014-01-12 15:32:20 7EB88F63D424832B774E24458DCE2049 338432 ----a-w- C:\Windows\Sysnative\conhost.exe

2014-01-12 15:32:20 3FB74FF230B5D240A57AE1C4A3D0459D 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll

2014-01-12 15:32:19 3CEE7783176FA7BED592E4C14BDE241E 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll

2014-01-12 15:32:19 28C7B5FB4C0E8F8289B6490C90B73256 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll

2014-01-12 15:32:19 0060718115F3590EACEB860DFFE95A0C 243200 ----a-w- C:\Windows\Sysnative\wow64.dll

2014-01-12 15:32:11 4D76442C1A0D4396DE472D7D51264A31 3138048 ----a-w- C:\Windows\Sysnative\mstscax.dll

2014-01-12 15:32:10 D89910C60DC519E5E9905131E2D4249C 158208 ----a-w- C:\Windows\Sysnative\aaclient.dll

2014-01-12 15:32:10 CB3271A6DC3A5EAD97052133FA4D5CD3 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll

2014-01-12 15:32:08 7C02AD2F4BEF1D5C51CB9B402AB3603F 2001408 ----a-w- C:\Windows\Sysnative\msxml6.dll

2014-01-12 15:32:08 20208A6B30D214D94280D189891D2C20 478208 ----a-w- C:\Windows\Sysnative\dpnet.dll

2014-01-12 15:32:07 61B2873C02ECBF86CD6455A40F24CE33 1880064 ----a-w- C:\Windows\Sysnative\msxml3.dll

2014-01-12 15:31:44 15CFE2E15703D323D2FE2F0CF6F0C99E 3150848 ----a-w- C:\Windows\Sysnative\win32k.sys

2014-01-12 15:31:43 E2D60E901428A72BB47931C938A1ED95 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll

2014-01-12 15:31:42 987508ED06FC097E754A91BA8A8AAD0E 220160 ----a-w- C:\Windows\Sysnative\wintrust.dll

2014-01-12 15:31:41 EF1D47835019186DB5E34C52571A6539 5497688 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe

2014-01-12 15:31:40 FA64733BD65F52712F0545F56FDB4BE6 112640 ----a-w- C:\Windows\Sysnative\smss.exe

2014-01-12 15:31:40 48C41EE4E694E72235CBC57551A239EF 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll

2014-01-12 15:30:45 D256EB74BF77026FC9A3D7193861C7AD 1462784 ----a-w- C:\Windows\Sysnative\crypt32.dll

2014-01-12 15:30:44 BAF19B633933A9FB4883D27D66C39E9A 182272 ----a-w- C:\Windows\Sysnative\cryptsvc.dll

2014-01-12 15:30:43 4FAC55936209B4F3EB78532181C9ED5E 140288 ----a-w- C:\Windows\Sysnative\cryptnet.dll

====== C:\Windows\Sysnative\drivers =====

2014-01-12 15:36:03 D3E3F93D67821A2DB2B3D9FAC2DC2064 22896 ----a-w- C:\Windows\Sysnative\drivers\fs_rec.sys

2014-01-12 15:32:46 5CFB7AB8F9524D1A1E14369DE63B83CC 1893224 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys

2014-01-12 15:32:46 2FFDCD3E5ABAC88C3C193F3AC3360ED9 287576 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS

2014-01-12 15:32:45 9A6089B056EA1B83B36424FC9D0A300E 1653096 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys

2014-01-12 15:32:44 EF45DCE7B2BED36C566EAC743EAE66A4 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys

2014-01-12 15:32:43 9E425AC5C9A5A973273D169F43B4F5E1 295792 ----a-w- C:\Windows\Sysnative\drivers\volsnap.sys

====== C:\Windows\Tasks ======

2014-01-02 14:20:02 D3FE977CA3E039E3D91AD7DA1F27928F 3542 ----a-w- C:\Windows\Sysnative\Tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001Core

2014-01-02 14:20:02 C8368422A1B10C6A5984C948128CC6BB 3910 ----a-w- C:\Windows\Sysnative\Tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001UA

2014-01-02 14:20:02 9DE8A657C020964115DD542B0F8D40AE 910 ----a-w- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001Core.job

2014-01-02 14:20:02 0B70ECE099D58DBAEC48D189D97AE28D 932 ----a-w- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001UA.job

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-01-19 11:23:56 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

2014-01-19 17:10:13 -------- d-----w- C:\PROGRA~2\COMMON~1\Java

2014-01-15 18:57:05 -------- d-----w- C:\PROGRA~2\D-Link

======= C: =====

====== C:\Users\Philip\AppData\Roaming ======

2014-01-19 11:51:14 -------- d-----w- C:\Users\Philip\AppData\Local\ElevatedDiagnostics

2014-01-18 21:58:19 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Mozilla

2014-01-18 21:58:19 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Mozilla

2014-01-18 18:55:35 1C5AD0EEBA823A4D9F166EBA59D2CF79 68920 ----a-w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-18 18:55:32 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Intel Corporation

2014-01-18 18:55:17 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Canon

2014-01-18 18:55:15 2D611B44D6E1F0B0CE4DC0E7E4B14D0C 68920 ----a-w- C:\Windows\SysNative\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-18 18:55:15 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Power2Go

2014-01-18 18:55:05 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-01-18 18:55:02 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp

2014-01-18 18:55:01 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-01-18 18:55:01 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-01-18 18:54:44 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Identities

2014-01-18 18:54:40 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp

2014-01-15 19:39:34 -------- d-----w- C:\Users\Philip\AppData\Roaming\DlinkViewCam

2014-01-14 21:55:19 -------- d-----w- C:\Users\surfen\AppData\Roaming\Intel Corporation

2014-01-14 21:55:16 97CBBA0AD9E5CC00D108B1DAF4FB6E21 68920 ----a-w- C:\Users\surfen\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-14 21:55:16 -------- d-----w- C:\Users\surfen\AppData\Roaming\Canon

2014-01-14 21:55:16 -------- d-----w- C:\Users\surfen\AppData\Roaming\Apple Computer

2014-01-14 21:55:15 -------- d-----w- C:\Users\surfen\AppData\Local\Power2Go

2014-01-14 21:55:03 -------- d-----w- C:\Users\surfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-01-14 21:55:02 -------- d-----r- C:\Users\surfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-14 21:55:02 -------- d-----r- C:\Users\surfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-01-14 21:54:55 -------- d-s---w- C:\Users\surfen\AppData\Locallow\Microsoft

2014-01-14 21:54:54 -------- d-----w- C:\Users\surfen\AppData\Roaming\Identities

2014-01-14 21:54:44 -------- d-s---w- C:\Users\surfen\AppData\Roaming\Microsoft

2014-01-14 21:54:44 -------- d-----w- C:\Users\surfen\AppData\Roaming\Media Center Programs

2014-01-14 21:54:44 -------- d-----w- C:\Users\surfen\AppData\Local\Temp

2014-01-14 21:54:44 -------- d-----w- C:\Users\surfen\AppData\Local\Microsoft

2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-01-02 14:19:57 -------- d-----w- C:\Users\Philip\AppData\Local\Facebook

====== C:\Users\Philip ======

2014-01-19 17:09:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-01-19 17:07:35 D6A3D61864E8F9565550548865D7522C 921000 ----a-w- C:\Users\Philip\Downloads\jxpiinstall(1).exe

2014-01-19 12:36:55 D6A3D61864E8F9565550548865D7522C 921000 ----a-w- C:\Users\Philip\Downloads\jxpiinstall.exe

2014-01-19 11:22:43 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Philip\Downloads\RSITx64.exe

2014-01-18 22:42:27 4D86CDAA75E9F14EC50A844727AD17CA 4649312 ----a-w- C:\Users\Philip\Downloads\ccsetup409pro.exe

2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Videos

2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Pictures

2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Music

2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Favorites

2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Downloads

2014-01-18 18:54:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Documents

2014-01-18 18:54:40 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Favorites

2014-01-18 18:54:09 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Desktop

2014-01-18 18:49:53 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\ProgramData\zj8z7tx13.odd

2014-01-15 19:44:15 5D2362364C3B5F726092572463465932 10521720 ----a-w- C:\Users\Philip\Downloads\autorun.exe

2014-01-15 18:59:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link D-ViewCam

2014-01-14 21:55:02 -------- d-----r- C:\Users\surfen\Searches

2014-01-14 21:54:53 -------- d-----r- C:\Users\surfen\Contacts

2014-01-14 21:54:46 DA7CB217632122795E20393309FA5FD6 914 --sha-r- C:\Users\surfen\ntuser.pol

2014-01-14 21:54:45 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\surfen\ntuser.ini

2014-01-14 21:54:44 -------- d--h--w- C:\Users\surfen\AppData

2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Videos

2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Saved Games

2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Pictures

2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Music

2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Links

2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Favorites

2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Downloads

2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Documents

2014-01-14 21:54:44 -------- d-----r- C:\Users\surfen\Desktop

2014-01-14 21:31:38 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\ProgramData\j1vwlqmq.odd

2014-01-09 18:38:05 -------- d-----w- C:\Users\Philip\garantiebonnen

2013-12-26 18:48:49 7B00B33DCF1C15ABA0AD4CC15CE8A4F9 61024 ----atw- C:\ProgramData\bwl388l.zvv

2013-12-26 18:48:48 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\ProgramData\bwl388l.odd

2013-12-26 18:48:47 72FD41C0FEB1C06F2A69D3E5F23D3B6B 12600 ----a-w- C:\ProgramData\bwl388l.fee

====== C: exe-files ==

2014-01-19 17:09:11 C422AF851B98378A39B51D99FE707E64 146344 ----a-w- C:\Program Files (x86)\Java\jre7\bin\unpack200.exe

2014-01-19 17:09:11 0E37C7C174521E16CEA0A6BC46F03BCD 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe

2014-01-19 17:09:10 F4BA3A5D5FDE0A321CD7C4A74749CE5B 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\pack200.exe

2014-01-19 17:09:10 EBAB810C999D8C31F0D5D8B28B3EEDD1 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\servertool.exe

2014-01-19 17:09:10 ACA236A716C2291E40ED069F2CBB3D35 49064 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe

2014-01-19 17:09:10 6E2BECF6E17FF8DC850C058A38A50C4F 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe

2014-01-19 17:09:10 6E1B0EEBF3D1CC7ECF4104E1473900FF 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmid.exe

2014-01-19 17:09:10 397A6EA17BB97800939DE44D7BFEEC04 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\policytool.exe

2014-01-19 17:09:10 18BC25C50200C3DD4E67611D2467DAA2 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\orbd.exe

2014-01-19 17:09:09 ED1F5F1906F8D963612A4831CDB331D6 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ktab.exe

2014-01-19 17:09:09 B9436A665A8621073A12338B16D7BFD4 182696 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jqs.exe

2014-01-19 17:09:09 A8F2A6D5782AA0166D8367FF674DDF77 52648 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe

2014-01-19 17:09:09 762E372DCFDAE32FAE52C1A50A0029C2 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\klist.exe

2014-01-19 17:09:09 6EEAD2C8A5CAC1F0F2066ABD77BA9092 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\keytool.exe

2014-01-19 17:09:09 49A5F3169A23C00F9F2023DFE04D7AF6 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\kinit.exe

2014-01-19 17:09:08 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaw.exe

2014-01-19 17:09:08 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaws.exe

2014-01-19 17:09:07 FBC27FD8E76C53E6E8066944BBE2BF73 48040 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe

2014-01-19 17:09:07 E9BFEA5B2F3F7598DA990F9728768790 66984 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javacpl.exe

2014-01-19 17:09:07 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java.exe

2014-01-19 17:09:07 5877E6618DA03EE8E7A869F57EE6ACE5 15784 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe

2014-01-19 11:23:56 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Philip.exe

2014-01-17 17:39:10 1D0A1FF655C6CF2EA2DE4FB6AA8246AD 9046696 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.76\32.0.1700.76_31.0.1650.63_chrome_updater.exe

2014-01-15 18:58:54 61DFE2BF15A8AEB9821EFE009DD16241 811672 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{D54D4A22-4382-4485-92DF-00C39F123E87}\setup.exe

2014-01-15 18:58:35 6234AED1D68CB92BBFE0F5D3B2B73521 2415688 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\Verification.exe

2014-01-15 18:58:28 F5C93A435CD9E78B7B110213A340093C 4262984 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\LiveView.exe

2014-01-15 18:58:17 5C2429EF10F69756E022055EBC6A708C 4103240 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\Playback.exe

2014-01-15 18:57:49 5C82BE7AD1775B67916EE19C15B99331 2723264 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\www\vcredist_x86.exe

2014-01-15 18:57:47 5C82BE7AD1775B67916EE19C15B99331 2723264 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\vcredist_x86.exe

2014-01-15 18:57:16 58CBC79FBB5C0C59A9D2AA059E3F7197 6656 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\WindowClose.exe

2014-01-15 18:57:13 79C8567E71C404E82815ECBE1202149D 363592 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\RmtDskServer.exe

2014-01-15 18:57:08 896DA6A0EA9EDDA49049FBE19B3FFE9B 10677320 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.exe

2014-01-15 18:57:07 F5A71CFF05EEBD72632B8D7648CBB0C2 420936 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\DBConv.exe

2014-01-15 18:57:07 848976EC020110C64141913804344706 2100296 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\DBTools.exe

2014-01-15 18:57:07 3D8D36E32EB0BF9AA5BF63C86B0D72A6 3247176 ----a-w- C:\Program Files (x86)\D-Link\D-ViewCam\Backup.exe

2014-01-15 18:57:04 05AF1104D5727402AE038B715D244919 811672 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{440E9F90-0619-4E84-8226-65AD5073AD24}\setup.exe

=== C: other files ==

2014-01-19 17:09:11 863EB6802B1C3B7630290871599BE0BD 18636 ----a-w- C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip

2014-01-15 20:59:37 9AFB4B536B9B9FF57781A698955B70F6 3686714 ----a-w- C:\Users\Philip\Downloads\dcs930l_v109_b2.zip

2014-01-15 19:43:06 7406D435B8504C4828558A9896051324 107406188 ----a-w- C:\Users\Philip\Downloads\DLink_Bundle_3_6_0_DP_1_5_3_20131203.zip

2014-01-15 18:58:24 4FC235F47D65F1BDAC351FC5D51837B7 11549986 ----a-w- C:\Users\Philip\Desktop\Setup_wizard_930L_v1.04.07\Setup_wizard_930L_v1.04.07.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2255611087-1238972643-2999816019-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"OV2_Monitor"="C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"Facebook Update"="C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"="C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.exe RunWithWindows"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"OV2_Monitor"="C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"Facebook Update"="C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MacDrive 9 application]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MacDrive 9 application"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Mediafour\\MacDrive 9\\MacDrive.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Philip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3 .lnk]

"item"="OpenOffice.org 3.3 "

"path"="C:\\Users\\Philip\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.3 .lnk"

"backup"="C:\\Windows\\pss\\OpenOffice.org 3.3 .lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~2\\OPENOF~1.ORG\\program\\QUICKS~1.EXE"

==== Startup Folders ======================

2012-11-28 20:53:58 1243 ----a-w- C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001Core.job --a------ C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe [02/01/2014 15:19]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001UA.job --a------ C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe [02/01/2014 15:19]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/03/2011 19:33]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/03/2011 19:33]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\BitGuard" [C:\Windows\system32\sc.exe start BitGuard]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\DealPly" [C:\Users\Philip\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE]

"C:\Windows\SysNative\tasks\DealPlyUpdate" ["C:\Program Files (x86)\DealPly\DealPlyUpdate.exe"]

"C:\Windows\SysNative\tasks\EPUpdater" [C:\Users\Philip\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001Core" [C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2255611087-1238972643-2999816019-1001UA" [C:\Users\Philip\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default

- Default Tab - %ProfilePath%\extensions\addon@defaulttab.com.xpi

- Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi

- Password Exporter - %ProfilePath%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi

- Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\faxjd9e9.default

FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Philip\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash

87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies

AC47B55B38D626B678897F195793ECAB - C:\windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dlfienamagdnkekbbbocojppncdambda - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx[21/02/2012 04:27]

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]

kdidombaedgpfiiedeimiebkmbilgmlc - C:\Program Files (x86)\DefaultTab\DefaultTab.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]

Select Links App - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blfhfbphkcpnkoljmeabehhbhcpmoajl

MixiDJ Toolbar - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengakjhkcbp

Complitly plugin for chrome - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda

DealPly - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

DefaultTab - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== C:\zoek_backup content ======================

C:\zoek_backup (files=117 folders=43 3057084 bytes)

==== EOF on zo 19/01/2014 at 18:46:34,43 ======================

[fluup]

Nogmaals bedankt voor de hulp

[fluup]

Hoi

krijg nu een melding in verband met een onbekende dll file nl 0537.dll , mag ik die wissen