Laptop loopt vast

pierrewien · 27 januari 2014

Bedankt kweezie wabbit voor je reactie. Het ziet er allemaal wel ingewikkeld uit maar ik ga erme aan de slag! Zo gauw ik meer weet, mail ik weer. Hartelijk dank, pierrewien

pierrewien · 28 januari 2014

Beste Kweezie wabbit

Het is gelukt met zoek.exe. Ik heb het log hieronder gezet en ben benieuwd naar het resultaat. Voorafgaand aan de zoek-actoe heb ik met malware byte nog een virus gevonden: (Trojan.agent) en Windows security essentials had nog een virus in quarantaine (Backdoor.win32/kelihos.F). Die heb ik allemaal verwijderd.

Zoek.exe v5.0.0.0 Updated 25-January-2014

Tool run by Pierre on ma 27-01-2014 at 23:37:14,96.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Pierre\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\mfevtps.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\PC Veilig\Common\FSM32.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Users\Pierre\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Windows\ehome\ehmsas.exe

C:\Users\Pierre\AppData\Local\Temp\RtkBtMnt.exe

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Pierre\Downloads\zoek.exe

C:\Windows\system32\conime.exe

==== System Restore Info ======================

27-1-2014 23:41:34 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully

C:\Program Files\NOS deleted successfully

C:\Program Files\trend micro deleted successfully

C:\ProgramData\CanonEPP deleted successfully

C:\ProgramData\CanonIJEPPEX2 deleted successfully

C:\ProgramData\NOS deleted successfully

C:\ProgramData\~0 deleted successfully

C:\Users\Pierre\AppData\Roaming\.# deleted successfully

C:\Users\Pierre\AppData\Local\kpn deleted successfully

C:\Users\Pierre\AppData\Local\PackageAware deleted successfully

C:\Users\Pierre\AppData\Local\TomTom deleted successfully

==== Creating Sample_28-01-2014_0011.zip ======================

Process rundll32.exe killed

Copied file C:\Users\Pierre\Nero_BurnLite-10.0.10600.exe to sample\Nero_BurnLite-10.0.10600.exe

sample\Nero_BurnLite-10.0.10600.exe renamed to 72F9E9A0681D8C2380093E4EDA9B602C

C:\Users\Public\Desktop\sample_28-01-2014_0011.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{265EEE8E-3228-44D3-AEA5-F7FDF5860049} deleted successfully

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{265EEE8E-3228-44D3-AEA5-F7FDF5860049} deleted successfully

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Internet Explorer\SearchScopes\{214C679E-A52E-4F30-BB31-3EDE2CDA2A61} deleted successfully

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DCF4BD82-996F-46EC-8A66-3ACB06BF278F} deleted successfully

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DEED1538-078F-4FDB-8CA4-F947A48AABA6} deleted successfully

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{265EEE8E-3228-44D3-AEA5-F7FDF5860049} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{265EEE8E-3228-44D3-AEA5-F7FDF5860049} deleted successfully

==== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)

Aangifte inkomstenbelasting 2008 voor ondernemers

Aangifte inkomstenbelasting voor ondernemers 2009

Aangifte inkomstenbelasting voor ondernemers 2010

Aangifte inkomstenbelasting voor ondernemers 2011

Aangifte inkomstenbelasting voor ondernemers 2012

Acer Arcade Deluxe

Acer Crystal Eye Webcam

Acer eAudio Management

Acer eDataSecurity Management

Acer eLock Management

Acer Empowering Technology

Acer eNet Management

Acer ePower Management

Acer ePresentation Management

Acer eSettings Management

Acer GameZone Console 2.0.1.1

Acer GridVista

Acer Mobility Center Plug-In

Acer ScreenSaver

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.4

Agatha Christie Death on the Nile

Alice Greenfingers

Amazon Cloud Player

Apple Application Support

Apple Software Update

ArcSoft PhotoStudio 5.5

Ask Toolbar

Ask Toolbar Updater

ATI Catalyst Install Manager

Azada

Backspin Billiards

Big Kahuna Reef

Bookworm Deluxe

Bricks of Egypt

Broadcom Gigabit Integrated Controller

Brownie

Cake Mania

Canon Easy-PhotoPrint EX

Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data

Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data

Canon Easy-PhotoPrint Pro

Canon Easy-WebPrint EX

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MG6100 series MP Drivers

Canon MP Navigator 3.0

Canon MP Navigator EX 4.0

Canon MP600

Canon My Printer

Canon Solution Menu EX

Canon Utilities Easy-PhotoPrint

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CD-LabelPrint

Chicken Invaders 3

Chuzzle

Diner Dash Flo on the Go

Flip Words 2

Gebruikersregistratie voor Canon MG6100 series

Gebruikersregistratie voor Canon MP600

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel© Matrix Storage Manager

Java 6 Update 26

Jewel Quest Solitaire

Kick N Rush

KPN Assistent

Launch Manager

LightScribe 1.4.142.1

Mahjong Escape Ancient China

Mahjongg Artifacts

Malwarebytes Anti-Malware versie 1.75.0.1300

McAfee Virtual Technician

Microsoft .NET Framework 3.5 Language Pack SP1 - nld

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile NLD Language Pack

Microsoft FrontPage 2002

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Dutch) 2007

Microsoft Office Communicator 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Dutch) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (Dutch) 2007

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office Outlook MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Dutch) 2007

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Word MUI (Dutch) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery Case Files - Huntsville

Mystery Solitaire - Secret Island

Nero BurnLite 10

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

NTI Backup NOW 4.7

NTI CD & DVD-Maker

OGA Notifier 2.0.0048.0

Orion

PC Veilig

Picasa 3

PowerProducer

QuickTime

Rapport

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01

ScanSoft OmniPage SE 4.0

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)

Skins

Skype Click to Call

SkypeT 6.10

Spelling Dictionaries Support For Adobe Reader 8

Synaptics Pointing Device Driver

Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

Trusteer Eindpuntbeveiliging

Turbo Pizza

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition

Update voor Microsoft Office Excel 2007 Help (KB963678)

Update voor Microsoft Office Powerpoint 2007 Help (KB963669)

Update voor Microsoft Office Word 2007 Help (KB963665)

Visual Studio C++ 10.0 Runtime

Winbond CIR Drivers

Yahoo Toolbar

Zuma Deluxe

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Program Files\PCVeilig not found

C:\ProgramFiles\Ask.com not found

C:\ProgramFiles\PC Veilig not found

"C:\$RECYCLE.BIN\S-1-5-18\$127ca2af1d9719dbf6854a512a4227c0" not found

C:\Program Files\Yahoo!\Companion deleted

C:\Program Files\Yahoo! deleted

C:\Users\Pierre\AppData\Roaming\Yahoo! deleted

C:\ProgramData\Ask deleted

C:\ProgramData\Yahoo! Companion deleted

C:\Users\Marcha\AppData\LocalLow\AskToolbar deleted

C:\Users\Pierre\AppData\LocalLow\AskToolbar deleted

C:\Users\Wieneke\AppData\LocalLow\AskToolbar deleted

C:\Windows\SYSTEM32\TASKS\Scheduled Update for Ask Toolbar deleted

C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted

C:\Users\Pierre\Nero_BurnLite-10.0.10600.exe deleted

"C:\ProgramData\7C9B2AF967FA71D400007C9AAE667994\7C9B2AF967FA71D400007C9AAE667994" deleted

"C:\Program Files\Ask.com\Updater\Updater.exe" deleted

"C:\$RECYCLE.BIN\S-1-5-21-198152872-3049808660-2793780389-1000\$127ca2af1d9719dbf6854a512a4227c0" deleted

"C:\ProgramData\7C9B2AF967FA71D400007C9AAE667994" deleted

"C:\$RECYCLE.BIN\S-1-5-21-198152872-3049808660-2793780389-1000\$127ca2af1d9719dbf6854a512a4227c0\L" deleted

"C:\$RECYCLE.BIN\S-1-5-21-198152872-3049808660-2793780389-1000\$127ca2af1d9719dbf6854a512a4227c0\U" deleted

"C:\Program Files\Ask.com" deleted

"C:\Program Files\Ask.com\Updater" deleted

==== Registry Search Results for "$127ca2af1d9719dbf6854a512a4227c0" ======================

No instances of string "$127ca2af1d9719dbf6854a512a4227c0" found.

==== System Specs ======================

Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002)

Memory (RAM): 3070 MB

CPU Info: Intel® Core2 Duo CPU T7500 @ 2.20GHz

CPU Speed: 2198,5 MHz

Sound Card: Luidsprekers (Realtek High Defi |

Realtek Digital Output(Optical) |

Realtek HDMI Output (Realtek Hi |

Apparaat voor digitale uitvoer |

Display Adapters: ATI Mobility Radeon HD 3470 | ATI Mobility Radeon HD 3470 | RDPDD Chained DD | RDP Encoder Mirror Driver

Monitors: 1x; Algemeen PnP-beeldscherm |

Screen Resolution: 1280 X 768 - 32 bit

Network: Network Present

Network Adapters: Intel® PRO/Wireless 3945ABG Network Connection

CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GSA-T40N

Ports: COM3 LPT Port NOT Present.

Mouse: 16 Button Wheel Mouse Present

Hard Disks: C: 143,8GB | D: 140,3GB

Hard Disks - Free: C: 43,4GB | D: 140,2GB

Manufacturer *: Acer

BIOS Info: AT/AT COMPATIBLE | 06/18/08 | ACRSYS - 6040000

Time Zone: West-Europa (standaardtijd)

Motherboard *: Acer, Inc. Chapala

Country: Nederland

Language: NLD

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)

Anti-Virus: F-Secure Anti-Virus 9.20.15437 On-access scanning disabled (Outdated)

Anti-Spyware: F-Secure Anti-Virus 9.20.15437 disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: Microsoft Security Essentials disabled (Outdated)

Firewall: PC Veilig 9.12 disabled

Default Browser: Google Chrome 31.0.1650.57

Internet Explorer Version: 9.0.8112.16421

Google Chrome version: 31.0.1650.57

Adobe Reader version: 8.1.0.2007051100

Sun Java version: 1.6.0_26 (32-bit)

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Pierre\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

2014-01-26 23:10:02 C2E35F6FCBD5B4DB2B52B32D1153EC04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2014-01-26 23:10:02 2429485305BCCFB1014B19BFB512E8F9 73216 ----a-w- C:\Windows\System32\mshtmled.dll

2014-01-26 23:10:01 ADB9477A9C95C79FDF5DC214225603B0 420864 ----a-w- C:\Windows\System32\vbscript.dll

2014-01-26 23:10:00 E8F37AF4D09972684D9EE1786901F540 176640 ----a-w- C:\Windows\System32\ieui.dll

2014-01-26 23:10:00 822E4743E61687933629AE3A8DECABC2 65024 ----a-w- C:\Windows\System32\jsproxy.dll

2014-01-26 23:09:59 A0C6AFE2C9C74573F5C0776CDE1128B1 142848 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-01-26 23:09:59 36E4D129029784EE37A2C14393B6A4E8 607744 ----a-w- C:\Windows\System32\msfeeds.dll

2014-01-26 23:09:58 C05A60DB2ED385E9BB5CF7AE773A3D9B 717824 ----a-w- C:\Windows\System32\jscript.dll

2014-01-26 23:09:58 4CC9DF09C3D915BA0A101A11DB684F26 1129472 ----a-w- C:\Windows\System32\wininet.dll

2014-01-26 23:09:57 BDA52464C16707EAA513C8A2920ACE1F 231936 ----a-w- C:\Windows\System32\url.dll

2014-01-26 23:09:57 795202EFA9ED73F99C96235C1DC6A1AC 1806848 ----a-w- C:\Windows\System32\jscript9.dll

2014-01-26 23:09:56 B787EE3F327ABAC1EC47313B3A673598 1796096 ----a-w- C:\Windows\System32\iertutil.dll

2014-01-26 23:09:54 5AAFA41F2A09D68F43741EF13937650A 1105408 ----a-w- C:\Windows\System32\urlmon.dll

2014-01-26 23:09:54 06FDA396980A0157469A334E1BFEAF17 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-01-26 23:09:53 C89906FA43A58FD4CFC7EA06D885A597 12344320 ----a-w- C:\Windows\System32\mshtml.dll

2014-01-26 23:09:52 B231416DD7569B5C16F2DD2D2D64BB5A 9739264 ----a-w- C:\Windows\System32\ieframe.dll

2014-01-26 22:34:36 A6E18756EA7B6E971184B57B86251FC5 2050560 ----a-w- C:\Windows\System32\win32k.sys

2014-01-26 22:34:33 57390AF2F8939AB038FC4A5D10B50D52 335360 ----a-w- C:\Windows\System32\SysFxUI.dll

2014-01-26 22:34:28 DDEA43CDF00D6987F633F80AE4B7F2CE 172032 ----a-w- C:\Windows\System32\scrrun.dll

2014-01-26 22:34:28 B44B59C85DC2C2D39542F97BF545A308 135168 ----a-w- C:\Windows\System32\cscript.exe

2014-01-26 22:34:28 2497FD012104DFF64BF01DA98ECF6F75 131072 ----a-w- C:\Windows\System32\wshom.ocx

2014-01-26 22:34:28 1D0A82B11235D68CF55A54B2ADECB9F1 155648 ----a-w- C:\Windows\System32\wscript.exe

2014-01-26 22:34:27 F9D5C623E913CDAA198ECF0E6D2AA54A 36864 ----a-w- C:\Windows\System32\wshcon.dll

====== C:\Windows\system32\drivers =====

2014-01-26 22:34:33 6DBA75306DD9B242B6F1C343179AD201 167936 ----a-w- C:\Windows\System32\drivers\portcls.sys

2014-01-26 22:34:33 2A63675F6FA8EF0FF9F5C72695584CAA 130048 ----a-w- C:\Windows\System32\drivers\drmk.sys

2014-01-21 11:45:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

====== C:\Windows\Tasks ======

2014-01-19 16:27:42 8437485E10DF4E902FF625F311A254FF 3016 ----a-w- C:\Windows\system32\Tasks\{965D19CC-D1E0-4CA8-A1DE-CF667E59D6CF}

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Users\Pierre\AppData\Roaming ======

====== C:\Users\Pierre ======

====== C: exe-files ==

2014-01-27 20:43:43 75B0D4CC6E1BFD6344EEF198270A773D 36532904 ----a-w- C:\Program Files\Google\Update\Install\{CD59E0B8-1433-485B-81F8-D849CED1BF8C}\32.0.1700.102_chrome_installer.exe

2014-01-27 20:43:41 75B0D4CC6E1BFD6344EEF198270A773D 36532904 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.102\32.0.1700.102_chrome_installer.exe

2014-01-26 23:09:59 A0C6AFE2C9C74573F5C0776CDE1128B1 142848 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-01-26 23:09:59 3348D1B1D702E333CE99F7E0FD313460 468480 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2014-01-26 23:09:56 43E6F2A7FB182F2D7CB0CE5B8F1005CF 757488 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2014-01-26 22:48:48 1ACCA74287FE5D7449FBB2B9F0C83341 309328 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarUser_32_D053C89A9DB0461F.exe

2014-01-26 22:48:44 228A4633D638F7EEA6400D5ED5274397 1071696 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_231F3FD17DB59CFD.exe

2014-01-26 22:48:14 BD5A28471F81D492D21A381610672411 531424 ----a-w- C:\Program Files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.4805.320\GoogleToolbarInstaller_updater_signed.exe

2014-01-26 22:43:20 017CB85356CBD66E103E88532E0FE676 9063080 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.76\32.0.1700.76_31.0.1650.57_chrome_updater.exe

2014-01-26 22:34:28 B44B59C85DC2C2D39542F97BF545A308 135168 ----a-w- C:\Windows\System32\cscript.exe

2014-01-26 22:34:28 1D0A82B11235D68CF55A54B2ADECB9F1 155648 ----a-w- C:\Windows\System32\wscript.exe

2014-01-26 22:26:13 BFBA3103D1B3539164B50FD8D257BC1D 11154256 ----a-w- C:\Users\Pierre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPARRA7H\mseinstall (1).exe

2014-01-26 22:21:31 BFBA3103D1B3539164B50FD8D257BC1D 11154256 ----a-w- C:\Users\Pierre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPARRA7H\mseinstall.exe

2014-01-21 14:52:51 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Pierre\Dropbox\.dropbox.cache\dropbox-upgrade-2.4.11-2.exe

=== C: other files ==

2014-01-27 23:12:10 096F7CA79898DC4CCE320B8397030596 31740054 ----a-w- C:\Users\Public\Desktop\sample_28-01-2014_0011.zip

2014-01-27 20:44:45 D2F6A1B11344D9AC7BCFB75900D4ADE1 23668 ----a-w- C:\Program Files\Google\Chrome\Temp\source1196_18643\Chrome-bin\32.0.1700.102\default_apps\youtube.crx

2014-01-27 20:44:45 8AD223868AB9974F7746D0227730A0CC 26392 ----a-w- C:\Program Files\Google\Chrome\Temp\source1196_18643\Chrome-bin\32.0.1700.102\default_apps\search.crx

2014-01-27 20:44:45 71E1283B8440F6264CEC99DF9AD81F5B 25561 ----a-w- C:\Program Files\Google\Chrome\Temp\source1196_18643\Chrome-bin\32.0.1700.102\default_apps\drive.crx

2014-01-27 20:44:45 2E2E328E5BF6BE61203164B3E9EA8094 24040 ----a-w- C:\Program Files\Google\Chrome\Temp\source1196_18643\Chrome-bin\32.0.1700.102\default_apps\gmail.crx

2014-01-27 20:44:45 2C71C49F991095A1848624907BACBB08 4578 ----a-w- C:\Program Files\Google\Chrome\Temp\source1196_18643\Chrome-bin\32.0.1700.102\default_apps\docs.crx

2014-01-26 22:34:36 A6E18756EA7B6E971184B57B86251FC5 2050560 ----a-w- C:\Windows\System32\win32k.sys

2014-01-26 22:34:33 6DBA75306DD9B242B6F1C343179AD201 167936 ----a-w- C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_d2056fa8\portcls.sys

2014-01-26 22:34:33 6DBA75306DD9B242B6F1C343179AD201 167936 ----a-w- C:\Windows\System32\drivers\portcls.sys

2014-01-26 22:34:33 2A63675F6FA8EF0FF9F5C72695584CAA 130048 ----a-w- C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_d2056fa8\drmk.sys

2014-01-26 22:34:33 2A63675F6FA8EF0FF9F5C72695584CAA 130048 ----a-w- C:\Windows\System32\drivers\drmk.sys

2014-01-21 11:45:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-01-21 11:15:38 AB51E1F08C8E789D6C9E8B94D15BE9A9 340432 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys

2014-01-21 11:15:38 000D82CC258E2D341605A6F350C4D1E6 606672 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe"

"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

"conhost"="C:\Users\Pierre\AppData\Roaming\Microsoft\conhost.exe"

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

"Amazon Cloud Player"="C:\Users\Pierre\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart"

"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"

"NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe"

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe"

"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe"

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"

"RtHDVCpl"="RtHDVCpl.exe"

"Skytel"="Skytel.exe"

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE"

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe"

"PLFSetI"="C:\Windows\PLFSetI.exe"

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot"

"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

"CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"

"ApnUpdater"="C:\Program Files\Ask.com\Updater\Updater.exe"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"KPN Assistent"="C:\Program Files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe /auto"

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe -osboot"

"F-Secure Manager"="C:\Program Files\PC Veilig\Common\FSM32.EXE /splash"

"F-Secure TNB"="C:\Program Files\PC Veilig\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW"

"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe"

"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

"conhost"="C:\Users\Pierre\AppData\Roaming\Microsoft\conhost.exe"

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

"Amazon Cloud Player"="C:\Users\Pierre\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\F-Secure Gatekeeper Handler Starter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FSDFWD]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FSMA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FSORSPClient]

==== Startup Folders ======================

2010-01-19 20:24:48 1119 ----a-w- C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

2011-12-08 19:20:07 1119 ----a-w- C:\Users\Wieneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

2008-04-16 06:33:42 1493 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

2008-10-04 18:59:31 1884 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

2008-09-25 07:35:20 20480 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE

2008-09-25 07:35:19 20480 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26-01-2014 23:44]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [12-04-2013 09:52]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [12-04-2013 09:52]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-198152872-3049808660-2793780389-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]

"C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-198152872-3049808660-2793780389-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]

"C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-198152872-3049808660-2793780389-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]

"C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-198152872-3049808660-2793780389-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]

"C:\Windows\system32\tasks\User_Feed_Synchronization-{7FF9B0CA-5095-40C5-B228-ED42E65A77C9}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\system32\tasks\{91EFFABE-270A-4473-BDE3-E50B133C1966}" [C:\Program Files\Skype\\Phone\Skype.exe]

"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"litmus-ff@f-secure.com"="C:\Program Files\PC Veilig\NRS\litmus-ff@f-secure.com" [18-01-2014 20:25]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14-08-2013 14:24]

Google Docs - Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

SiteAdvisor - Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho

RealDownloader - Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji

Gmail - Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="KPN Vandaag"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Yahoo UK"

"Default_Page_URL"="Yahoo UK"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="KPN Vandaag"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

"Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{DECA3892-BA8F-44b8-A993-A466AD694AE4}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"

{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{88AA4A6D-FB3D-459C-B284-38A064FD727A} Google Url="{searchTerms} - Google Search="

{DECA3892-BA8F-44b8-A993-A466AD694AE4} Bing Url="{searchTerms} - Bing"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully

==== HijackThis Entries ======================

O1 - Hosts: ::1 localhost

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120628112459.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\PC Veilig\NRS\iescript\baselitmus.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [KPN Assistent] C:\Program Files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe /auto

O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Veilig\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [conhost] C:\Users\Pierre\AppData\Roaming\Microsoft\conhost.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Amazon Cloud Player] C:\Users\Pierre\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: SETAUDIO.EXE

O4 - Global Startup: SETRES.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.mcafee.com

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Marcha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Marcha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Pierre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Pierre\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Pierre\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Wieneke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Wieneke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Pierre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J58CXRM3 will be deleted at reboot

C:\Users\Pierre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRYU7SFB will be deleted at reboot

C:\Users\Pierre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=36 folders=16 41387313 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Marcha\AppData\Local\Temp emptied successfully

C:\Users\Wieneke\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Pierre\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Pierre\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Pierre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Users\Pierre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J58CXRM3" not found

"C:\Users\Pierre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRYU7SFB" not found

==== EOF on di 28-01-2014 at 8:42:44,96 ======================

kweezie wabbit · 29 januari 2014

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Start Zoek.exe nogmaals met het onderstaande script.

Dubbelklik op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

C:\Program Files\Ask.com;fs
Ask Toolbar;u
Ask Toolbar Updater;u
C:\Users\Pierre\AppData\Roaming\Microsoft\conhost.exe;f
[HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Windows\CurrentVersion\Run];r
"conhost"=-;r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
"ApnUpdater"=-;r
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"conhost"=-;r
ApnUpdater;s
C:\Program Files\Ask.com\Updater\Updater.exe;f
conhost;s
startupall; 
filesrcm;
process;
hijackthis;
autoclean;

Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht.

pierrewien · 29 januari 2014

Bedankt kweezie wabbit voor de verdere instructies. Je pakt het grondig aan! Ik heb zoek.exe opnieuw met het nieuwe script laten werken. Onderstaand is de log die eruit kwam.

Vriendelijke groeten, pierrewien

Zoek.exe v5.0.0.0 Updated 25-January-2014

Tool run by Pierre on wo 29-01-2014 at 22:10:02,70.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Normal Mode No Internet Access Detected

Launched: C:\Users\Pierre\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-01-28-074244.log 58493 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Running Processes ======================

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\spoolsv.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\mfevtps.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Users\Pierre\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\PC Veilig\Common\FSM32.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Users\Pierre\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe

C:\Users\Pierre\Downloads\zoek.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-198152872-3049808660-2793780389-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"conhost"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ApnUpdater"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"conhost"=-

==== Deleting Files \ Folders ======================

C:\Program Files\Ask.com not found

"C:\Users\Pierre\AppData\Roaming\Microsoft\conhost.exe" not found

"C:\Program Files\Ask.com\Updater\Updater.exe" not found

"C:\Windows\Installer\1242e90.msi" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Pierre\AppData\Local\Temp ====

2014-01-28 07:42:59 5EF87457AB8A58694EBE35E55D093D04 208896 ----a-w- C:\Users\Pierre\AppData\Local\Temp\RtkBtMnt.exe