laptop wordt wel erg traag

[wakkie]

Bij grafische toepassingen wordt dit bakje wel erg traag de laatste maanden

(Zware?) facebookgames (angry birds etc.) lopen schokkend.

Een oud online game geeft frequent een kleine hapering van pakweg een halve seconden terwijl ik loop/schiet.

Ik vraag me af of mijn grafische kaart niet ten dode opgeschreven is, of of dit eerder ligt aan de internetverbinding waar een foutje is ingeslopen.

Wat ik ook regelmatig voor heb is dat wanneer ik dagdagelijkse dingen doe op de laptop hij plots begint vast te hangen, vervolgens het scherm roze/geel/wit/...wordt met daarin een vierkantje van ong. 1,5 op 1,5 cm waar voorheen mijn muiscursor stond. (grafische kaart?)

Ik run wekelijks CCleaner en Malwarebytes.

In elk geval wigi al laten draaien en RSIT; hier de log:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Maarten at 2014-03-21 10:43:05

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 311 GB (65%) free of 477 GB

Total RAM: 4095 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:43:11, on 21/03/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16521)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\Maarten.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')

O4 - Global Startup: SRS Premium Sound.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Maarten\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9F9CA43A-8B25-4A40-AB76-3E9FAF817F4D}: NameServer = 217.74.208.66

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11304 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

winlogon.exe

"C:\Windows\system32\nvvsvc.exe"

"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"

C:\Windows\system32\nvvsvc.exe -session -first

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"

"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"

taskeng.exe {AFDC929A-EFF4-44D3-AF59-96E2F160630E}

"C:\Program Files\P4G\BatteryLife.exe"

"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 2276

"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"

C:\Windows\system32\wbem\wmiprvse.exe

ATKOSD.exe

WDC.exe

"C:\Program Files\Elantech\ETDCtrl.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip

KHALMNPR.EXE /API

"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"

"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"

"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"

"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe"

"C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1120.0.551996572\1646256692" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,14,27,33 --gpu-vendor-id=0x10de --gpu-device-id=0x0654 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.1090 --ignored=" --type=renderer " /prefetch:822062411

"C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --enable-software-compositing --channel="1120.1.1498133861\684845545" /prefetch:673131151

"C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --enable-software-compositing --channel="1120.5.612107100\362916683" /prefetch:673131151

"C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="1120.6.1661548652\582301491" --ppapi-flash-args --lang=nl --ignored=" --type=renderer " /prefetch:-632637702

"C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --enable-software-compositing --channel="1120.11.2061810644\1904455590" /prefetch:673131151

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528

"C:\Users\Maarten\Downloads\RSITx64 (1).exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001Core.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001UA.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Maarten\AppData\Roaming\Mozilla\Firefox\Profiles\ul4v8o7j.default

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "browser.startup.homepage" - "about:home"

prefs.js - "keyword.URL" - "http://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 12.0.0.77 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]

"Description"=Garmin GPS Control for Firefox

"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]

"Description"=Picasa3 plugin

"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ngm.nexoneu.com/NxGame]

"Description"=Nexon Game Controller

"Path"=C:\ProgramData\NexonEU\NGM\npNxGameEU.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]

"Description"=NVIDIA stereo images plugin for Mozilla browsers

"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]

"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers

"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 12.0.0.77 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]

"Description"=Garmin GPS Control for Firefox

"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\

{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\

np-mswmp.dll

nppdf32.dll

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

bing.xml

google.xml

C:\Users\Maarten\AppData\Roaming\Mozilla\Firefox\Profiles\ul4v8o7j.default\extensions\

staged

{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

C:\Users\Maarten\AppData\Roaming\Mozilla\Firefox\Profiles\ul4v8o7j.default\searchplugins\

Google.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-08-30 245592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]

Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-02-21 436464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]

Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-02-21 367344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-08-30 245592]

{ae07101b-46d4-4a98-af68-0333ea26e113}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

{ae07101b-46d4-4a98-af68-0333ea26e113}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-07-30 617856]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-09-29 8123936]

"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2013-02-21 2991856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"=C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11 138096]

"GarminExpressTrayApp"=C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [2014-03-04 115544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2726728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Driver Pro]

C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Users\Maarten\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]

C:\Program Files (x86)\Garmin\Training Center\gStart.exe [2008-08-13 1891416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]

C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru]

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]

C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14 20584608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhatPulse]

C:\Program Files (x86)\WhatPulse\WhatPulse.exe [2011-11-15 3990528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Maarten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

C:\Users\Maarten\AppData\Roaming\Dropbox\bin\Dropbox.exe [2014-01-03 30714328]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]

"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-10-09 6937216]

"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-19 170624]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-08-30 4858968]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-02-08 68848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-03-21 10:41:28 ----A---- C:\Windows\SYSWOW64\javaws.exe

2014-03-21 10:41:23 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

2014-03-21 10:41:23 ----A---- C:\Windows\SYSWOW64\javaw.exe

2014-03-21 10:41:23 ----A---- C:\Windows\SYSWOW64\java.exe

2014-03-21 10:34:11 ----D---- C:\rsit

2014-03-14 07:01:14 ----A---- C:\Windows\system32\wwansvc.dll

2014-03-14 07:01:13 ----A---- C:\Windows\SYSWOW64\wer.dll

2014-03-14 07:01:13 ----A---- C:\Windows\system32\wer.dll

2014-03-14 07:01:12 ----A---- C:\Windows\system32\win32k.sys

2014-03-14 07:01:09 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2014-03-14 07:01:08 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2014-03-14 07:01:08 ----A---- C:\Windows\system32\iertutil.dll

2014-03-14 07:01:08 ----A---- C:\Windows\system32\ieetwcollectorres.dll

2014-03-14 07:01:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2014-03-14 07:01:07 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2014-03-14 07:01:07 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll

2014-03-14 07:01:06 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2014-03-14 07:01:05 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2014-03-14 07:01:05 ----A---- C:\Windows\system32\iernonce.dll

2014-03-14 07:01:04 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2014-03-14 07:01:04 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll

2014-03-14 07:01:04 ----A---- C:\Windows\system32\urlmon.dll

2014-03-14 07:01:04 ----A---- C:\Windows\system32\ieetwproxystub.dll

2014-03-14 07:01:03 ----A---- C:\Windows\SYSWOW64\ieui.dll

2014-03-14 07:01:03 ----A---- C:\Windows\system32\msfeeds.dll

2014-03-14 07:01:02 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2014-03-14 07:01:01 ----A---- C:\Windows\system32\iesetup.dll

2014-03-14 07:01:01 ----A---- C:\Windows\system32\ie4uinit.exe

2014-03-14 07:01:00 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2014-03-14 07:01:00 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2014-03-14 07:00:59 ----A---- C:\Windows\SYSWOW64\wininet.dll

2014-03-14 07:00:59 ----A---- C:\Windows\SYSWOW64\msrating.dll

2014-03-14 07:00:59 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll

2014-03-14 07:00:59 ----A---- C:\Windows\system32\jsproxy.dll

2014-03-14 07:00:58 ----A---- C:\Windows\system32\ieui.dll

2014-03-14 07:00:58 ----A---- C:\Windows\system32\ieetwcollector.exe

2014-03-14 07:00:57 ----A---- C:\Windows\system32\ieUnatt.exe

2014-03-14 07:00:57 ----A---- C:\Windows\system32\ieframe.dll

2014-03-14 07:00:56 ----A---- C:\Windows\system32\jscript9diag.dll

2014-03-14 07:00:56 ----A---- C:\Windows\system32\jscript9.dll

2014-03-14 07:00:56 ----A---- C:\Windows\system32\ieapfltr.dll

2014-03-14 07:00:55 ----A---- C:\Windows\system32\wininet.dll

2014-03-14 07:00:54 ----A---- C:\Windows\system32\msrating.dll

2014-03-14 07:00:53 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-14 07:00:53 ----A---- C:\Windows\system32\mshtml.dll

2014-03-14 07:00:30 ----A---- C:\Windows\system32\qedit.dll

2014-03-14 07:00:29 ----A---- C:\Windows\SYSWOW64\qedit.dll

2014-03-14 07:00:28 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll

2014-03-14 07:00:28 ----A---- C:\Windows\system32\WindowsCodecs.dll

2014-02-26 00:23:36 ----D---- C:\Windows\Migration

2014-02-22 23:26:02 ----D---- C:\ProgramData\Package Cache

======List of files/folders modified in the last 1 month======

2014-03-21 10:43:10 ----D---- C:\Program Files\trend micro

2014-03-21 10:42:15 ----D---- C:\ProgramData\Oracle

2014-03-21 10:41:35 ----SHD---- C:\Windows\Installer

2014-03-21 10:41:28 ----D---- C:\Windows\SysWOW64

2014-03-21 10:41:23 ----D---- C:\Program Files (x86)\Java

2014-03-21 10:40:12 ----SHD---- C:\System Volume Information

2014-03-21 10:39:29 ----D---- C:\Windows\Prefetch

2014-03-21 10:22:09 ----D---- C:\Program Files (x86)\SOF2 v1.00

2014-03-21 10:02:57 ----D---- C:\Windows\system32\config

2014-03-21 09:49:54 ----D---- C:\Windows\Temp

2014-03-21 09:48:25 ----D---- C:\Windows\system32\Tasks

2014-03-21 09:48:16 ----D---- C:\ProgramData\NVIDIA

2014-03-20 20:03:27 ----D---- C:\Users\Maarten\AppData\Roaming\TS3Client

2014-03-19 18:50:58 ----D---- C:\Windows\System32

2014-03-19 18:50:58 ----D---- C:\Windows\inf

2014-03-19 18:50:58 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-03-19 00:03:47 ----D---- C:\Windows\system32\MRT

2014-03-19 00:01:59 ----D---- C:\Windows\debug

2014-03-19 00:01:54 ----A---- C:\Windows\system32\MRT.exe

2014-03-15 07:26:37 ----D---- C:\Windows\winsxs

2014-03-15 07:26:08 ----D---- C:\Windows

2014-03-15 07:25:13 ----D---- C:\Program Files\Internet Explorer

2014-03-15 07:25:13 ----D---- C:\Program Files (x86)\Internet Explorer

2014-03-15 07:25:05 ----D---- C:\Program Files\Microsoft Silverlight

2014-03-15 07:25:04 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2014-03-14 07:13:27 ----RD---- C:\Program Files (x86)

2014-03-14 07:00:19 ----D---- C:\Windows\system32\catroot

2014-03-14 07:00:10 ----D---- C:\Windows\system32\catroot2

2014-03-12 09:19:09 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2014-03-11 20:26:59 ----D---- C:\Users\Maarten\AppData\Roaming\Skype

2014-03-08 07:17:01 ----D---- C:\ProgramData\Garmin

2014-03-08 07:16:54 ----D---- C:\Program Files (x86)\Garmin

2014-03-06 17:33:53 ----D---- C:\Users\Maarten\AppData\Roaming\Dropbox

2014-03-06 09:10:42 ----D---- C:\ProgramData\Skype

2014-03-06 09:10:37 ----RD---- C:\Program Files (x86)\Skype

2014-03-03 22:47:59 ----D---- C:\Users\Maarten\AppData\Roaming\BitTorrent

2014-03-03 22:45:54 ----D---- C:\Program Files\CCleaner

2014-03-03 09:59:43 ----D---- C:\ProgramData\CanonIJPLM

2014-02-27 09:59:34 ----D---- C:\Windows\Microsoft.NET

2014-02-27 08:46:06 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

2014-02-26 00:31:10 ----RSD---- C:\Windows\assembly

2014-02-26 00:24:18 ----D---- C:\Windows\SYSWOW64\en-US

2014-02-26 00:24:17 ----D---- C:\Windows\system32\en-US

2014-02-26 00:23:36 ----SD---- C:\ProgramData\Microsoft

2014-02-24 08:51:22 ----D---- C:\Users\Maarten\AppData\Roaming\Garmin

2014-02-22 23:27:38 ----D---- C:\Windows\system32\DriverStore

2014-02-22 23:27:35 ----D---- C:\Program Files\DIFX

2014-02-22 23:26:02 ----D---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-08-30 65336]

R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-08-30 204880]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-08-30 72016]

R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-08-30 1030952]

R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-08-30 378944]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-08-30 64288]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-08-30 33400]

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-08-30 80816]

R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2012-03-09 3580928]

R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-07-09 140800]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-09-29 2005024]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2013-01-03 77192]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2013-01-03 61832]

R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2013-01-03 43400]

R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]

R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]

S3 cleanhlp;cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys []

S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]

S3 usbser;Nokia USB Serial Port Driver ; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

S4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys []

S4 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-05-16 65536]

S4 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2005-05-16 7168]

S4 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2005-05-16 92160]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]

R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-08-30 46808]

R2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-03-04 424280]

R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2010-04-05 116104]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-12-29 884152]

R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-02-27 75064]

R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2013-06-26 202008]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 257928]

S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]

S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-01 111616]

S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2013-02-08 359664]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-27 114144]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-17 1255736]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[kweezie wabbit]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

chromelook; 
firefoxlook; 
emptyfolderscheck;delete 
emptyclsid;
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Deep Scan
  
  
• Installed Programs
  
  
• HijackThis Log
  
  
• System Specs
  
• Running Processes
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[wakkie]

Voila:

Zoek.exe v5.0.0.0 Updated 07-March-2014

Tool run by Maarten on vr 21/03/2014 at 13:51:18,17.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Maarten\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\winlogon.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe

C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maarten\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maarten\Downloads\zoek.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

==== System Restore Info ======================

21/03/2014 13:53:04 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\Eraser deleted successfully

C:\PROGRA~3\dbg deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\Users\Maarten\AppData\Local\NVIDIA deleted successfully

C:\Users\Maarten\AppData\Local\WarThunder deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Adobe Reader XI (11.0.06)

Adobe Shockwave Player 11.6

ANT Drivers Installer x64

ASUS LifeFrame3

ASUS Power4Gear Hybrid

ATK Hotkey

ATK Media

ATKOSD2

avast Free Antivirus

BitTorrent

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MG5100 series MP Drivers

Canon MP Navigator EX 4.0

Canon My Printer

Canon Solution Menu EX

CCleaner

Click to Call with Skype

Core Temp 1.0 RC3

D3DX10

Dropbox

Elevated Installer

eReg

ETDWare PS/2-x64 7.0.5.7_WHQL

Facebook Video Calling 2.0.0.447

Free YouTube to MP3 Converter version 3.11.34.1017

Garmin Communicator Plugin

Garmin Communicator Plugin x64

Garmin Express

Garmin Express Tray

Garmin Training Center

Garmin USB Drivers

Garmin WebUpdater

Gebruikersregistratie voor Canon MG5100 series

Google Chrome

Google Drive

Google Earth

Google Update Helper

Guitar Pro 5.0

HiJackThis

Java 7 Update 51

Java Auto Updater

Java 6 Update 31

JavaFX 2.1.1

Junk Mail filter update

Logitech SetPoint 6.52

Malwarebytes Anti-Malware versie 1.75.0.1300

Microsoft .NET Framework 4.5.1

Microsoft .NET Framework 4.5.1 (Nederlands)

Microsoft .NET Framework 4.5.1 (NLD)

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (Dutch) 2007

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Word MUI (Dutch) 2007

Microsoft Silverlight

Microsoft SkyDrive

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 15.0.1 (x86 nl)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

NVIDIA-configuratiescherm 310.90

NVIDIA 3D Vision stuurprogramma 310.90

NVIDIA Grafisch stuurprogramma 310.90

NVIDIA HD Audio-stuurprogramma 1.3.18.0

NVIDIA Install Application

NVIDIA Stereoscopic 3D Driver

Picasa 3

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition

SkypeT 6.11

Soldier of Fortune II - Double Helix

SRS Premium Sound Control Panel

Stuurprogrammapakket voor Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)

Stuurprogrammapakket voor Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)

swMSM

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update voor Microsoft Office Excel 2007 Help (KB963678)

Update voor Microsoft Office Powerpoint 2007 Help (KB963669)

Update voor Microsoft Office Word 2007 Help (KB963665)

USB 2.0 1.3M UVC WebCam

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinRAR 4.10 beta 1 (64-bit)

Wireless Console 3

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Maarten\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted

C:\Users\Maarten\Downloads\FreeYouTubeToMP3Converter.exe deleted

C:\Windows\reimage.ini deleted

C:\Users\Maarten\AppData\Roaming\Mozilla\Firefox\Profiles\ul4v8o7j.default\extensions\staged deleted

C:\Users\Maarten\pbsetup.exe deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 4096 MB

CPU Info: Intel® Core2 Duo CPU T6600 @ 2.20GHz

CPU Speed: 2199,7 MHz

Sound Card: Luidsprekers (Realtek High Defi |

Realtek Digital Output (Realtek |

Display Adapters: NVIDIA GeForce GT 220M | NVIDIA GeForce GT 220M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Algemeen PnP-beeldscherm |

Screen Resolution: 1366 X 768 - 32 bit

Network: Network Present

Network Adapters: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) #350 | Qualcomm Atheros AR9285 Wireless Network Adapter

CD / DVD Drives: 1x (D: | ) D: Optiarc DVD RW AD-7580S

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 8 Button Wheel Mouse Present

Hard Disks: C: 465,7GB

Hard Disks - Free: C: 303,1GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 09/11/09 | _ASUS_ - 20090831

Time Zone: Romance (standaardtijd)

Motherboard *: ASUSTeK Computer Inc. N61Vg

Country: Belgi‰

Language: NLB

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)

Anti-Spyware: avast! Antivirus disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Default Browser: Google Chrome 33.0.1750.154

Internet Explorer Version: 11.0.9600.16521

Mozilla Firefox version: 15.0.1 (x86 nl)

Google Chrome version: 33.0.1750.154

Adobe Reader version: 11.0.06.70

Sun Java version: 1.7.0_51 (32-bit)

Flash Player version: 12.0.0.77

Shockwave Player version: 11.6.8r638

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Maarten\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2014-03-21 09:41:28 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe

2014-03-21 09:41:23 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe

2014-03-21 09:41:23 A7871E39687EC6EE9712209DAE248B3A 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-03-21 09:41:23 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Windows\SysWOW64\java.exe

2014-03-14 06:01:13 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 ----a-w- C:\Windows\SysWOW64\wer.dll

2014-03-14 06:01:09 8B521873651E62EF5868DC7B339959DB 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2014-03-14 06:01:08 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2014-03-14 06:01:07 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2014-03-14 06:01:07 7EDA015D4E74177A1B187326EDB14670 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-14 06:01:07 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2014-03-14 06:01:06 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2014-03-14 06:01:05 E23497E11866154A97BA9877656113FE 1964032 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl

2014-03-14 06:01:05 B0CBC5A7D9278DCD5B230E1E50CCA5F6 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2014-03-14 06:01:04 2CF6CF90BF7FE0E616C363343FFA686B 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll

2014-03-14 06:01:04 1CEE521E90703BB8A01211C77747E727 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2014-03-14 06:01:03 E84073A2F2D3A9448CA02F48B0360490 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll

2014-03-14 06:01:02 5C207FABA707CE496E1E0A304925D1E5 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2014-03-14 06:01:02 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2014-03-14 06:01:00 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2014-03-14 06:01:00 C8DBE0B5297FD85D7311E4791103517B 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2014-03-14 06:00:59 B61F47EB8CACBE09C8117E4FF7D9656D 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll

2014-03-14 06:00:59 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll

2014-03-14 06:00:59 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll

2014-03-14 06:00:29 B0BE998802DEDEE1FD8F5E5F9F207A30 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll

2014-03-14 06:00:28 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-03-14 06:01:14 04F82965C09CBDF646B487E145060301 228864 ----a-w- C:\Windows\Sysnative\wwansvc.dll

2014-03-14 06:01:13 1075AB2C077B415760C0E948856B5126 484864 ----a-w- C:\Windows\Sysnative\wer.dll

2014-03-14 06:01:12 E918C0DE5CF2AE6BEDBF387C09627D93 3156480 ----a-w- C:\Windows\Sysnative\win32k.sys

2014-03-14 06:01:08 76862AAF77C049EC20217FDC209F7F13 2765824 ----a-w- C:\Windows\Sysnative\iertutil.dll

2014-03-14 06:01:08 10B2786774CC43D835FE8303D1970874 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll

2014-03-14 06:01:05 F6BA9A0266DA93AFB8EA9BA12BF81367 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll

2014-03-14 06:01:05 0A5996995F33967A46E3D5A3D9F1433D 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2014-03-14 06:01:04 BA0A21F761CE5001DF712C51BF11F953 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll

2014-03-14 06:01:04 8BA97E7747A53F80873431178889911A 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll

2014-03-14 06:01:03 E6ACA421DA3E50D7F0A31228F0C547B0 627200 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2014-03-14 06:01:01 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2014-03-14 06:01:01 8EA01E83528503D312224FC63D40BC2B 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll

2014-03-14 06:01:00 B3DFA392735A5FBE2896BAB67950123A 2041856 ----a-w- C:\Windows\Sysnative\inetcpl.cpl

2014-03-14 06:00:59 4F131DB206096854505AFEDD2153FD83 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2014-03-14 06:00:58 A0B690402E33DC9C78F22CB41F4FDC09 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe

2014-03-14 06:00:58 422106B7565350885D0930DFA5BA21A1 574976 ----a-w- C:\Windows\Sysnative\ieui.dll

2014-03-14 06:00:57 D3CAA61DE060BC74B4EFC638679DFE7A 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe

2014-03-14 06:00:57 9C5ADB26632D46919ABB231CF7DE98B9 13051904 ----a-w- C:\Windows\Sysnative\ieframe.dll

2014-03-14 06:00:56 CF1C73DE1FADE3D3C44FCAF254F57DB2 5768704 ----a-w- C:\Windows\Sysnative\jscript9.dll

2014-03-14 06:00:56 8D46ACDFA065C423BED405702F075B54 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll

2014-03-14 06:00:56 48ED94DA88F65684B28FCD87C01288A7 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll

2014-03-14 06:00:55 DF79CE9B950C62677D232154E93A81C7 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll

2014-03-14 06:00:54 262B8883ECFD0C7CB303B56F9D9F210E 195584 ----a-w- C:\Windows\Sysnative\msrating.dll

2014-03-14 06:00:53 E97FFE2D37F01DD8B52BE81E1B91A7C0 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe

2014-03-14 06:00:53 4E0709D9BB951AD1C22E4FF519B90839 23133696 ----a-w- C:\Windows\Sysnative\mshtml.dll

2014-03-14 06:00:30 2C619F6023E3F7A3ABF3475ED2223359 624128 ----a-w- C:\Windows\Sysnative\qedit.dll

2014-03-14 06:00:28 AFCA5C1ECEAF948FC815178BC077680E 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll

====== C:\Windows\Sysnative\drivers =====

====== C:\Windows\Tasks ======

2014-02-22 22:26:25 6EE73A3B031758E5FD6A997DE60DB274 3556 ----a-w- C:\Windows\Sysnative\Tasks\GarminUpdaterTask

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Maarten\AppData\Roaming ======

2014-03-02 12:54:43 -------- d-----w- C:\Users\Default\AppData\Roaming\Garmin

2014-03-02 12:54:43 -------- d-----w- C:\Users\Default User\AppData\Roaming\Garmin

2014-02-22 22:26:55 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Garmin

====== C:\Users\Maarten ======

2014-03-21 09:39:01 5C68A2107DBD9B08CACE3130FE55B062 921000 ----a-w- C:\Users\Maarten\Downloads\chromeinstall-7u51.exe

2014-03-21 09:33:26 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Maarten\Downloads\RSITx64 (1).exe

2014-03-21 09:32:02 EA638FACA7F0B38ADA71EBFF94273B98 1202 ----a-w- C:\Users\Maarten\WIGIReport[0].txt

2014-03-21 09:31:32 C78EEFBC22F5507BFF4A0CF83567DB22 980480 ----a-w- C:\Users\Maarten\Downloads\WIGI.exe

2014-03-21 09:30:24 F4BC9F24AB2389F0D18812865157E97A 549426 ----a-w- C:\Users\Maarten\Downloads\WhyIGotInfected.exe

2014-02-26 09:29:42 A9994081D6FDAE5653C1E1687945238B 96992 ----a-w- C:\Users\Maarten\1426570_10153541713415720_2115168190_n.jpg

====== C: exe-files ==

2014-03-21 09:42:59 000A77F3D0C697508C3CD46D81F3969C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2010452883-1327875629-3410155731-1001\$ITIH47U.exe

2014-03-21 09:42:39 5C68A2107DBD9B08CACE3130FE55B062 921000 ----a-w- C:\$Recycle.Bin\S-1-5-21-2010452883-1327875629-3410155731-1001\$RTIH47U.exe

2014-03-21 09:41:28 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe

2014-03-21 09:41:23 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe

2014-03-21 09:41:23 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Windows\SysWOW64\java.exe

2014-03-21 09:39:24 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Maarten\AppData\LocalLow\Sun\Java\jre1.7.0_51\lzma.exe

2014-03-21 09:39:01 5C68A2107DBD9B08CACE3130FE55B062 921000 ----a-w- C:\Users\Maarten\Downloads\chromeinstall-7u51.exe

2014-03-21 09:33:26 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Maarten\Downloads\RSITx64 (1).exe

2014-03-21 09:31:32 C78EEFBC22F5507BFF4A0CF83567DB22 980480 ----a-w- C:\Users\Maarten\Downloads\WIGI.exe

2014-03-21 09:30:24 F4BC9F24AB2389F0D18812865157E97A 549426 ----a-w- C:\Users\Maarten\Downloads\WhyIGotInfected.exe

2014-03-18 19:06:08 DF21ED1E4F176EDEA1B010F5FFC8E7C1 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2010452883-1327875629-3410155731-1001\$IT0FKDV.exe

2014-03-18 19:06:06 4AB254CFFAC104A1283ECDCEA25F5AD8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2010452883-1327875629-3410155731-1001\$IVA3IYU.exe

2014-03-18 19:06:05 92D436A1EF40360A8D52339B5B708F41 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2010452883-1327875629-3410155731-1001\$IMZ8KFJ.exe

2014-03-18 19:05:55 0AD043D820E7CD8B154E8259F454C5ED 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2010452883-1327875629-3410155731-1001\$IU8K6P8.exe

2014-03-18 19:05:53 C53B9925EDB9254856376E5C09FA1439 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2010452883-1327875629-3410155731-1001\$I0DXTT6.exe

2014-03-15 17:13:10 E677174AA15D1B9D9E0B0F1C8DB8CC56 892120 ----a-w- C:\Users\Maarten\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_33.0.1750.146_chrome_updater.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2010452883-1327875629-3410155731-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControlUser"="C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"

"ATKOSD2"="C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"

"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CanonMyPrinter"

"hkey"="HKLM"

"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenuEx]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CanonSolutionMenuEx"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Canon\\Solution Menu EX\\CNSEMAIN.EXE /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easy Driver Pro]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Easy Driver Pro"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Probit Software\\Easy Driver Pro\\DPLauncher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Google Update"

"hkey"="HKCU"

"command"="\"C:\\Users\\Maarten\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gStart]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="gStart"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Garmin\\Training Center\\gStart.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KPeerNexonEU]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="KPeerNexonEU"

"hkey"="HKCU"

"command"="C:\\Nexon\\NEXON_EU_Downloader\\nxEULauncher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nvtmru]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Nvtmru"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\NVIDIA Update Core\\nvtmru.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ShadowPlay"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\system32\\nvspcap64.dll,ShadowPlayOnSystemStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhatPulse]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WhatPulse"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\WhatPulse\\WhatPulse.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Maarten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

"path"="C:\\Users\\Maarten\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"

"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\Users\\Maarten\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup"

"item"="Dropbox"

==== Startup Folders ======================

2011-11-20 20:24:46 2855 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/03/2014 09:19]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001Core.job --a------ C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/07/2012 21:41]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001UA.job --a------ C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/07/2012 21:41]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/09/2011 13:15]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/09/2011 13:15]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001Core.job --a------ C:\Users\Maarten\AppData\LoC:al\Google\Update\GoogleUpdate.exe []

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001UA.job --a------ C:\Users\Maarten\AppData\LoC:al\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001Core" [C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001UA" [C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001Core" [C:\Users\Maarten\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001UA" [C:\Users\Maarten\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\P4G Sidebar" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\P4GIntlCtrl" [C:\Program Files\P4G\IntlCtrl.exe]

"C:\Windows\SysNative\tasks\WC3" [C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe]

"C:\Windows\SysNative\tasks\{5A12AA0C-9570-4889-B417-AD7F576F13E0}" [C:\Program Files (x86)\Skype\Phone\Skype.exe]

"C:\Windows\SysNative\tasks\{604B667F-63DD-4B42-8850-37790D7E4D1E}" ["c:\users\maarten\appdata\local\google\chrome\application\chrome.exe"]

"C:\Windows\SysNative\tasks\{F17C61FF-61CB-4A85-9B5C-407E7E940F81}" ["c:\users\maarten\appdata\local\google\chrome\application\chrome.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29/09/2013 11:35]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Maarten\AppData\Roaming\Mozilla\Firefox\Profiles\ul4v8o7j.default

- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

- ReloadEvery - %ProfilePath%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi

- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Click to call with Skype - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Maarten\AppData\Roaming\Mozilla\Firefox\Profiles\ul4v8o7j.default

FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Maarten\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

99E2145307150EB8AB78F4F888F97DBE - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll - Nexon Game Controller

6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

edaibbiobngpbmeonadpbfafbkimjbdd - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[21/02/2013 02:59]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

apdfllckaahabafndbhieahigkjlhalf - C:\Users\Maarten\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[04/05/2013 20:25]

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\Maarten\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx[18/10/2012 07:17]

Angry Birds - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj

Google Drive - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Facebook - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm

Logitech SetPoint - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd

Gmail Offline - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk

AdBlock - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Pin It Button - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic

Cycling the Alps - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihklobncbkangkiiamccfgnlihbmjhlh

Dropbox - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl

Google Maps - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh

Note Easy - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfdpakabndfaaggapcljpikbjgbmebff

Google Wallet - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Auto Refresh Plus - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih

Gmail - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Search Page"="http://www.bing.com/search?q={searchTerms}"

"Search Bar"="http://www.bing.com/search?q={searchTerms}"

"Use Search Asst"="yes"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=BE&userid=7428a3c0-c9e0-d169-f8de-d387b3125c1d&searchtype=ds&q={searchTerms}&installDate=28/01/2014"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=BE&userid=7428a3c0-c9e0-d169-f8de-d387b3125c1d&searchtype=ds&q={searchTerms}&installDate=28/01/2014"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://www.bing.com/search?q={searchTerms}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://www.bing.com/search?q={searchTerms}"

"SearchAssistant"="http://www.bing.com/search?q={searchTerms}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Use Search Asst"="no"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"

{006ee092-9658-4fd6-bd8e-a21a348e59f5} Bing Url="http://www.bing.com/search?q={searchTerms}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Driver Pro deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')

O4 - Global Startup: SRS Premium Sound.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Maarten\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9F9CA43A-8B25-4A40-AB76-3E9FAF817F4D}: NameServer = 217.74.208.66

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Maarten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Maarten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Maarten\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=98 folders=24 65604220 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Maarten\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Maarten\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on vr 21/03/2014 at 14:17:02,79 ======================

[kweezie wabbit]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Start Zoek.exe nogmaals met het onderstaande script.

• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  Java(TM) 6 Update 31;u
  DVDVideoSoft YouTube MP3 and Video Download;ff
  {ACAA314B-EEBA-48e4-AD47-84E31C44796C};c
  nikpibnbobmbdbheedjfogjlikpgpnhp;chr
  C:\Users\Maarten\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx;f
  Standardsearch; 
  autoclean; 
  

  
  

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[wakkie]

Is het normaal dat je een melding krijgt dat zoek.exe malware is?

[wakkie]

Ziezo:

Zoek.exe v5.0.0.0 Updated 07-March-2014

Tool run by Maarten on vr 21/03/2014 at 16:12:44,00.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Maarten\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-21-131702.log 49152 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Users\Maarten\Downloads\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Maarten\AppData\Roaming\Mozilla\Firefox\Profiles\ul4v8o7j.default

user.js not found

---- Lines {ACAA314B-EEBA-48e4-AD47-84E31C44796C} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{F003DA68-8256-4b37-A6C4-350FA04494DF}\":{\"descriptor\":\"C:\\\\

---- FireFox user.js and prefs.js backups ----

prefs_20142103_1622_.backup

==== Deleting Files \ Folders ======================

"C:\Users\Maarten\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx" deleted

"C:\Windows\Installer\240f883.msi" deleted

"C:\Users\Maarten\AppData\Roaming\Mozilla\Firefox\Profiles\ul4v8o7j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 4096 MB

CPU Info: Intel® Core2 Duo CPU T6600 @ 2.20GHz

CPU Speed: 2207,6 MHz

Sound Card: Luidsprekers (Realtek High Defi |

Realtek Digital Output (Realtek |

Display Adapters: NVIDIA GeForce GT 220M | NVIDIA GeForce GT 220M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Algemeen PnP-beeldscherm |

Screen Resolution: 1366 X 768 - 32 bit

Network: Network Present

Network Adapters: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) #951 | Qualcomm Atheros AR9285 Wireless Network Adapter

CD / DVD Drives: 1x (D: | ) D: Optiarc DVD RW AD-7580S

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 8 Button Wheel Mouse Present

Hard Disks: C: 465,7GB

Hard Disks - Free: C: 302,9GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 09/11/09 | _ASUS_ - 20090831

Time Zone: Romance (standaardtijd)

Motherboard *: ASUSTeK Computer Inc. N61Vg

Country: Belgi‰

Language: NLB

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: avast! Antivirus disabled (Outdated)

Default Browser: Google Chrome 33.0.1750.154

Internet Explorer Version: 11.0.9600.16521

Mozilla Firefox version: 15.0.1 (x86 nl)

Google Chrome version: 33.0.1750.154

Adobe Reader version: 11.0.06.70

Sun Java version: 1.7.0_51 (32-bit)

Flash Player version: 12.0.0.77

Shockwave Player version: 11.6.8r638

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2014-03-21 13:24:28 E1CBFDE5CAD6C373946A0D2C238E6522 43152 ----a-w- C:\Windows\avastSS.scr

====== C:\Users\Maarten\AppData\Local\Temp ====

====== Java Cache =====

2014-03-21 13:34:21 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Maarten\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-30c94755

====== C:\Windows\SysWOW64 =====

2014-03-21 09:41:28 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe

2014-03-21 09:41:23 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe

2014-03-21 09:41:23 A7871E39687EC6EE9712209DAE248B3A 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-03-21 09:41:23 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Windows\SysWOW64\java.exe

2014-03-14 06:01:13 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 ----a-w- C:\Windows\SysWOW64\wer.dll

2014-03-14 06:01:09 8B521873651E62EF5868DC7B339959DB 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2014-03-14 06:01:08 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2014-03-14 06:01:07 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2014-03-14 06:01:07 7EDA015D4E74177A1B187326EDB14670 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-14 06:01:07 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2014-03-14 06:01:06 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2014-03-14 06:01:05 E23497E11866154A97BA9877656113FE 1964032 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl

2014-03-14 06:01:05 B0CBC5A7D9278DCD5B230E1E50CCA5F6 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2014-03-14 06:01:04 2CF6CF90BF7FE0E616C363343FFA686B 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll

2014-03-14 06:01:04 1CEE521E90703BB8A01211C77747E727 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2014-03-14 06:01:03 E84073A2F2D3A9448CA02F48B0360490 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll

2014-03-14 06:01:02 5C207FABA707CE496E1E0A304925D1E5 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2014-03-14 06:01:02 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2014-03-14 06:01:00 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2014-03-14 06:01:00 C8DBE0B5297FD85D7311E4791103517B 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2014-03-14 06:00:59 B61F47EB8CACBE09C8117E4FF7D9656D 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll

2014-03-14 06:00:59 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll

2014-03-14 06:00:59 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll

2014-03-14 06:00:29 B0BE998802DEDEE1FD8F5E5F9F207A30 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll

2014-03-14 06:00:28 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-03-14 06:01:14 04F82965C09CBDF646B487E145060301 228864 ----a-w- C:\Windows\Sysnative\wwansvc.dll

2014-03-14 06:01:13 1075AB2C077B415760C0E948856B5126 484864 ----a-w- C:\Windows\Sysnative\wer.dll

2014-03-14 06:01:12 E918C0DE5CF2AE6BEDBF387C09627D93 3156480 ----a-w- C:\Windows\Sysnative\win32k.sys

2014-03-14 06:01:08 76862AAF77C049EC20217FDC209F7F13 2765824 ----a-w- C:\Windows\Sysnative\iertutil.dll

2014-03-14 06:01:08 10B2786774CC43D835FE8303D1970874 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll

2014-03-14 06:01:05 F6BA9A0266DA93AFB8EA9BA12BF81367 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll

2014-03-14 06:01:05 0A5996995F33967A46E3D5A3D9F1433D 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2014-03-14 06:01:04 BA0A21F761CE5001DF712C51BF11F953 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll

2014-03-14 06:01:04 8BA97E7747A53F80873431178889911A 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll

2014-03-14 06:01:03 E6ACA421DA3E50D7F0A31228F0C547B0 627200 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2014-03-14 06:01:01 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2014-03-14 06:01:01 8EA01E83528503D312224FC63D40BC2B 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll

2014-03-14 06:01:00 B3DFA392735A5FBE2896BAB67950123A 2041856 ----a-w- C:\Windows\Sysnative\inetcpl.cpl

2014-03-14 06:00:59 4F131DB206096854505AFEDD2153FD83 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2014-03-14 06:00:58 A0B690402E33DC9C78F22CB41F4FDC09 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe

2014-03-14 06:00:58 422106B7565350885D0930DFA5BA21A1 574976 ----a-w- C:\Windows\Sysnative\ieui.dll

2014-03-14 06:00:57 D3CAA61DE060BC74B4EFC638679DFE7A 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe

2014-03-14 06:00:57 9C5ADB26632D46919ABB231CF7DE98B9 13051904 ----a-w- C:\Windows\Sysnative\ieframe.dll

2014-03-14 06:00:56 CF1C73DE1FADE3D3C44FCAF254F57DB2 5768704 ----a-w- C:\Windows\Sysnative\jscript9.dll

2014-03-14 06:00:56 8D46ACDFA065C423BED405702F075B54 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll

2014-03-14 06:00:56 48ED94DA88F65684B28FCD87C01288A7 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll

2014-03-14 06:00:55 DF79CE9B950C62677D232154E93A81C7 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll

2014-03-14 06:00:54 262B8883ECFD0C7CB303B56F9D9F210E 195584 ----a-w- C:\Windows\Sysnative\msrating.dll

2014-03-14 06:00:53 E97FFE2D37F01DD8B52BE81E1B91A7C0 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe

2014-03-14 06:00:53 4E0709D9BB951AD1C22E4FF519B90839 23133696 ----a-w- C:\Windows\Sysnative\mshtml.dll

2014-03-14 06:00:30 2C619F6023E3F7A3ABF3475ED2223359 624128 ----a-w- C:\Windows\Sysnative\qedit.dll

2014-03-14 06:00:28 AFCA5C1ECEAF948FC815178BC077680E 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll

====== C:\Windows\Sysnative\drivers =====

2014-03-21 13:24:45 81FA56F29440406A7264CBD7B1C7CB29 84816 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys

====== C:\Windows\Tasks ======

2014-03-21 13:28:57 D71C5287995BE2EA6572C01F8CBD3173 3176 ----a-w- C:\Windows\Sysnative\Tasks\P4GIntlCtrl

2014-02-22 22:26:25 6EE73A3B031758E5FD6A997DE60DB274 3556 ----a-w- C:\Windows\Sysnative\Tasks\GarminUpdaterTask

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Maarten\AppData\Roaming ======

2014-03-21 13:12:07 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp

2014-03-21 13:12:07 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp

2014-03-21 13:12:06 -------- d-----w- C:\Users\Maarten\AppData\Local\Temp

2014-03-21 13:12:06 -------- d-----w- C:\Users\Default\AppData\Local\Temp

2014-03-21 13:12:06 -------- d-----w- C:\Users\Default User\AppData\Local\Temp

2014-03-02 12:54:43 -------- d-----w- C:\Users\Default\AppData\Roaming\Garmin

2014-03-02 12:54:43 -------- d-----w- C:\Users\Default User\AppData\Roaming\Garmin

2014-02-22 22:26:55 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Garmin

====== C:\Users\Maarten ======

2014-03-21 09:39:01 5C68A2107DBD9B08CACE3130FE55B062 921000 ----a-w- C:\Users\Maarten\Downloads\chromeinstall-7u51.exe

2014-03-21 09:33:26 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Maarten\Downloads\RSITx64 (1).exe

2014-03-21 09:32:02 EA638FACA7F0B38ADA71EBFF94273B98 1202 ----a-w- C:\Users\Maarten\WIGIReport[0].txt

2014-03-21 09:31:32 C78EEFBC22F5507BFF4A0CF83567DB22 980480 ----a-w- C:\Users\Maarten\Downloads\WIGI.exe

2014-03-21 09:30:24 F4BC9F24AB2389F0D18812865157E97A 549426 ----a-w- C:\Users\Maarten\Downloads\WhyIGotInfected.exe

2014-02-26 09:29:42 A9994081D6FDAE5653C1E1687945238B 96992 ----a-w- C:\Users\Maarten\1426570_10153541713415720_2115168190_n.jpg

====== C: exe-files ==

2014-03-21 09:41:28 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe

2014-03-21 09:41:23 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe

2014-03-21 09:41:23 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Windows\SysWOW64\java.exe

2014-03-21 09:39:24 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Maarten\AppData\LocalLow\Sun\Java\jre1.7.0_51\lzma.exe

2014-03-21 09:39:01 5C68A2107DBD9B08CACE3130FE55B062 921000 ----a-w- C:\Users\Maarten\Downloads\chromeinstall-7u51.exe

2014-03-21 09:33:26 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Maarten\Downloads\RSITx64 (1).exe

2014-03-21 09:31:32 C78EEFBC22F5507BFF4A0CF83567DB22 980480 ----a-w- C:\Users\Maarten\Downloads\WIGI.exe

2014-03-21 09:30:24 F4BC9F24AB2389F0D18812865157E97A 549426 ----a-w- C:\Users\Maarten\Downloads\WhyIGotInfected.exe

2014-03-15 17:13:10 E677174AA15D1B9D9E0B0F1C8DB8CC56 892120 ----a-w- C:\Users\Maarten\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_33.0.1750.146_chrome_updater.exe

=== C: other files ==

2014-03-21 13:24:45 81FA56F29440406A7264CBD7B1C7CB29 84816 ----a-w- C:\Windows\System32\drivers\aswStm.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2010452883-1327875629-3410155731-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControlUser"="C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"

"ATKOSD2"="C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"

"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CanonMyPrinter"

"hkey"="HKLM"

"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenuEx]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CanonSolutionMenuEx"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Canon\\Solution Menu EX\\CNSEMAIN.EXE /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Google Update"

"hkey"="HKCU"

"command"="\"C:\\Users\\Maarten\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gStart]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="gStart"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Garmin\\Training Center\\gStart.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ShadowPlay"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\system32\\nvspcap64.dll,ShadowPlayOnSystemStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhatPulse]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WhatPulse"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\WhatPulse\\WhatPulse.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Maarten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

"path"="C:\\Users\\Maarten\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"

"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\Users\\Maarten\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup"

"item"="Dropbox"

==== Startup Folders ======================

2011-11-20 20:24:46 2855 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/03/2014 09:19]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001Core.job --a------ C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/07/2012 21:41]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001UA.job --a------ C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/07/2012 21:41]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/09/2011 13:15]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/09/2011 13:15]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001Core.job --a------ C:\Users\Maarten\AppData\LoC:al\Google\Update\GoogleUpdate.exe []

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001UA.job --a------ C:\Users\Maarten\AppData\LoC:al\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001Core" [C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001UA" [C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001Core" [C:\Users\Maarten\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2010452883-1327875629-3410155731-1001UA" [C:\Users\Maarten\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\P4G Sidebar" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\P4GIntlCtrl" [C:\Program Files\P4G\IntlCtrl.exe]

"C:\Windows\SysNative\tasks\WC3" [C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe]

"C:\Windows\SysNative\tasks\{5A12AA0C-9570-4889-B417-AD7F576F13E0}" [C:\Program Files (x86)\Skype\Phone\Skype.exe]

"C:\Windows\SysNative\tasks\{604B667F-63DD-4B42-8850-37790D7E4D1E}" ["c:\users\maarten\appdata\local\google\chrome\application\chrome.exe"]

"C:\Windows\SysNative\tasks\{F17C61FF-61CB-4A85-9B5C-407E7E940F81}" ["c:\users\maarten\appdata\local\google\chrome\application\chrome.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [21/03/2014 14:24]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Maarten\AppData\Roaming\Mozilla\Firefox\Profiles\ul4v8o7j.default

- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

- ReloadEvery - %ProfilePath%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Click to call with Skype - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Maarten\AppData\Roaming\Mozilla\Firefox\Profiles\ul4v8o7j.default

FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Maarten\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

99E2145307150EB8AB78F4F888F97DBE - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll - Nexon Game Controller

6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

edaibbiobngpbmeonadpbfafbkimjbdd - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[21/02/2013 02:59]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

apdfllckaahabafndbhieahigkjlhalf - C:\Users\Maarten\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[04/05/2013 20:25]

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\Maarten\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx[]

Angry Birds - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj

Google Drive - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Facebook - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm

Logitech SetPoint - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd

Gmail Offline - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk

AdBlock - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Pin It Button - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic

Cycling the Alps - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihklobncbkangkiiamccfgnlihbmjhlh

Dropbox - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl

Google Maps - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh

Note Easy - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfdpakabndfaaggapcljpikbjgbmebff

Google Wallet - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Auto Refresh Plus - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih

Gmail - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"

{006ee092-9658-4fd6-bd8e-a21a348e59f5} Bing Url="http://www.bing.com/search?q={searchTerms}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF238120613FF deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216031FF} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF238120613FF deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Maarten\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')

O4 - Global Startup: SRS Premium Sound.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Maarten\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9F9CA43A-8B25-4A40-AB76-3E9FAF817F4D}: NameServer = 217.74.208.66

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Maarten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Maarten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Maarten\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=102 folders=24 79027236 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Maarten\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Maarten\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on vr 21/03/2014 at 16:33:15,47 ======================

[kweezie wabbit]

Is het normaal dat je een melding krijgt dat zoek.exe malware is?

Als je de virus- en malware scanners niet uitschakeld kan dat gebeuren ja.

Maar Zoek.exe is volledig veilig zolang je het gebruikt onder deskundige begeleiding.

Download AdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op de knop Scan.
  
• Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  
• Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  
• Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  
• Plaats dit logbestand in het volgende bericht.
  

[wakkie]

Logje:

# AdwCleaner v3.022 - Report created 22/03/2014 at 13:51:23

# Updated 13/03/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Maarten - WOUTER-PC

# Running from : C:\Users\Maarten\Downloads\adwcleaner (1).exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKCU\Software\SmartBar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v15.0.1 (nl)

[ File : C:\Users\Maarten\AppData\Roaming\Mozilla\Firefox\Profiles\ul4v8o7j.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Maarten\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3962 octets] - [25/10/2013 11:13:50]

AdwCleaner[R1].txt - [1017 octets] - [24/01/2014 20:03:44]

AdwCleaner[R2].txt - [1666 octets] - [22/03/2014 09:24:54]

AdwCleaner[R3].txt - [1726 octets] - [22/03/2014 09:49:27]

AdwCleaner[s0].txt - [4014 octets] - [25/10/2013 11:33:09]

AdwCleaner[s1].txt - [1078 octets] - [24/01/2014 20:09:08]

AdwCleaner[s2].txt - [1502 octets] - [22/03/2014 13:51:23]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1562 octets] ##########

[kweezie wabbit]

En hoe staat het nu met de snelheid van de laptop?

[wakkie]

Valt wel best goed mee. Maar of de grafische rotzooi opgelost is betwijfel ik. Dat ligt waarschijnlijk aan een halfdode videokaart?