Ga naar inhoud

PC hangt vast en kan niets doen


perezlol

Aanbevolen berichten

Hallo,

Sinds kort heb ik problemen met mijn PC. Op het moment dat ik iets intensief doe o.a gamen heeft deze kans om vast te lopen. Het rare is dat deze gewoon vast blijft hangen en ik kan niets doen, mijn scherm ''freezed'' en alles word inactief. ik kan geen ctrl+ alt + del gebruiken mijn numlock activeert ook niet. Ik meot een forced shutdown doen . Het rare is dat het tijdens het opstarten geen piep signalen geeft, ik krijg ook geen bluescreen en de temperatuur van mijn cpu core is +- 30graden, enige feedback of iemand anders die hier een oplossing voor weet.

Link naar reactie
Delen op andere sites

Download en installeer Speccy.

Speccy is er ook in Nederlandstalige versie, bij de installatie (of update) kan je de taal wijzigen van Engels naar Nederlands ... als je op het driehoekje klikt, krijg je een uitrolmenu waarin je Nederlands kan selecteren.

Wanneer, tijdens het installeren van Speccy, de optie aangeboden wordt om Google Chrome of Google Toolbar "gratis" mee te installeren dien je de vinkjes weg te halen, tenzij dit een bewuste keuze is.

525a111b37ea3-Speccy.PNG

Start nu het programma en er zal een overzicht gemaakt worden van je hardware.

Als dit gereed is selecteer je bovenaan "Bestand - Publiceer Snapshot" en vervolgens bevestig je die keuze met " Ja ".

In het venster dat nu opent krijg je een link te zien, kopieer nu die link en plak die in je volgende bericht. Zo krijgen we een gedetailleerd overzicht van je hardware.

Meer info over deze procedure lees je HIER.

We gaan ook een controle doen op eventuele besmettingen.

Download 51a5f5d096dae-icon_RSIT.pngRSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

Dubbelklik op RSIT.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  • Plaats de inhoud hiervan in het volgende bericht.

Bekijk ook de instructievideo.

Link naar reactie
Delen op andere sites

Hier is de link van Speccy :http://speccy.piriform.com/results/FfnU8eEmhJXDmJGsFyxKr0n

Inhoud van RSITlog :info.txt logfile of random's system information tool 1.09 2014-01-16 15:49:11

======Uninstall list======

-->C:\PROGRA~3\INSTAL~1\{6F970~1\Setup.exe /remove /q0

-->MsiExec /X{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}

-->MsiExec.exe /I{27735B09-9EFE-419F-A377-10AA8111C30A}

Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -maintain plugin

Adobe Reader X (10.1.8) - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AA1000000001}

Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Asmedia ASM104x USB 3.0 Host Controller Driver-->MsiExec.exe /X{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}

Asmedia ASM106x SATA Host Controller Driver-->MsiExec.exe /X{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}

AVG 2013-->"C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe" /AppMode=SETUP /Uninstall

AVG 2013-->MsiExec.exe /I{A3EF11F1-4282-4D15-B9CE-DD41848FA847}

AVG 2013-->MsiExec.exe /I{AB3AFCA5-A2BB-4F31-8FEC-0295DB7BF928}

Battle.net-->"C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang= --uid=battle.net --displayname="Battle.net"

Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{81FB7C60-565A-4869-9D90-3BE1D270E8B7}" "1033" "0"

Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Hearthstone-->"C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enGB --uid=hs_beta --displayname="Hearthstone"

Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall

Intel® Network Connections 16.5.2.0-->MsiExec.exe /i{90899269-554B-4672-9F8D-4A2A0D0AF5B5} ARPREMOVE=1

Intel® Network Connections 16.5.2.0-->MsiExec.exe /i{90899269-554B-4672-9F8D-4A2A0D0AF5B5} ARPREMOVE=1

Intel® Rapid Storage Technology enterprise-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\Uninstall\setup.exe -uninstall

iTunes-->MsiExec.exe /I{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}

Java 7 Update 45-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217045FF}

JavaFX 2.1.1-->MsiExec.exe /X{1111706F-666A-4037-7777-211328764D10}

League of Legends-->msiexec.exe /x {79BF4901-1EC4-4726-B3C2-A7859706C6E7}

League of Legends-->MsiExec.exe /X{79BF4901-1EC4-4726-B3C2-A7859706C6E7}

Logitech GamePanel Software 3.03.133-->MsiExec.exe /X{6CC95B76-D380-46B2-9022-9353938E48BA}

Magicka-->"D:\Steam\steam.exe" steam://uninstall/42910

Microsoft .NET Framework 4 Client Profile NLD Language Pack-->MsiExec.exe /X{4567EA14-6BCA-3EF9-859B-92CE48B1D704}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft .NET Framework 4 Extended NLD Language Pack-->MsiExec.exe /X{021B6358-4373-3FC0-A0B4-4709B7E0D3E5}

Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended

Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}

Microsoft Antimalware Service NL-NL Language Pack-->MsiExec.exe /X{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}

Microsoft Corporation-->MsiExec.exe /I{9C5A08BF-BB99-4998-81BD-F6CC32483B34}

Microsoft Corporation-->MsiExec.exe /I{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}

Microsoft LifeCam-->MsiExec.exe /X{5CE7E3F5-9803-4F32-AA89-2D8848A80109}

Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}

Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}

Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared 64-bit MUI (English) 2010-->MsiExec.exe /X{90140000-002A-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0116-0409-1000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}

Microsoft Security Client NL-NL Language Pack-->MsiExec.exe /I{DC911ADF-7B60-40F2-A112-FB1EB6402D07}

Microsoft Security Client-->MsiExec.exe /X{E102B843-786A-4F58-AF75-6504570E207B}

Microsoft Security Essentials-->"C:\Program Files\Microsoft Security Client\Setup.exe" /x

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}

Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}

Microsoft XNA Framework Redistributable 4.0 Refresh-->MsiExec.exe /I{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}

Mumble 1.2.3-->MsiExec.exe /I{25A18E40-3263-416E-B672-BE85DA47BBFD}

Naga Firmware Updater 1.13-->MsiExec.exe /I{5A336D74-E680-4986-96F4-E9CEBC784F56}

NVIDIA GeForce Experience 1.8.1-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{38AF45FE-8EF8-4050-89BB-B8B715A39F75}\NVI2.DLL",UninstallPackage Display.GFExperience

NVIDIA Grafisch stuurprogramma 332.21-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{903317F3-B05C-4DB2-B7A1-BBCA91CFA907}\NVI2.DLL",UninstallPackage Display.Driver

NVIDIA HD Audio-stuurprogramma 1.3.30.1-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{903317F3-B05C-4DB2-B7A1-BBCA91CFA907}\NVI2.DLL",UninstallPackage HDAudio.Driver

NVIDIA PhysX systeemsoftware 9.13.0725-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{9CBC1995-9F64-46B8-B618-BA4564CAB999}\NVI2.DLL",UninstallPackage Display.PhysX

NVIDIA PhysX-->MsiExec.exe /I{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}

NVIDIA Virtual Audio 1.2.19-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{38AF45FE-8EF8-4050-89BB-B8B715A39F75}\NVI2.DLL",UninstallPackage VirtualAudio.Driver

Orcs Must Die! 2-->"D:\Steam\steam.exe" steam://uninstall/201790

Origin-->D:\Origin\OriginUninstall.exe

PowerISO-->"D:\PowerISO\uninstall.exe"

Razer Synapse 2.0-->MsiExec.exe /I{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E7F6B64E-E11F-3D1C-868D-3F1443DA5A15} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {08BB8EA1-3BA7-3AD5-8A07-22A5EC1F704E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {880A0A36-244B-3C7A-8D6B-56E694CE7883} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9D8496AE-4030-3E92-B44E-4F81051E6C85} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {43B6E5D3-56A9-36C1-BD8B-9E1D6920FF11} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {43B6E5D3-56A9-36C1-BD8B-9E1D6920FF11} /parameterfolder Extended

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP

Skype™ 6.11-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1043 /parameterfolder ClientLP

Taalpakket voor Microsoft .NET Framework 4 Extended - NLD-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /x64 /lcid 1043 /parameterfolder ExtendedLP

TeamSpeak 3 Client-->"D:\TeamSpeak 3 Client\uninstall.exe"

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8C286FD4-AB38-37A6-BC8A-6F16AFE9AB1F} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {EFD73366-C059-3D04-9848-59072A15DB53} /parameterfolder Client

Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended

Update for Microsoft .NET Framework 4 Extended (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended

Update for Microsoft .NET Framework 4 Extended (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended

Update for Microsoft .NET Framework 4 Extended (KB2836939)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {8C286FD4-AB38-37A6-BC8A-6F16AFE9AB1F} /parameterfolder Extended

Update for Microsoft .NET Framework 4 Extended (KB2836939v3)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {EFD73366-C059-3D04-9848-59072A15DB53} /parameterfolder Extended

Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1033" "0"

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{35698CB7-AAA2-4577-B505-DBFF504AEF23}" "1033" "0"

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{BA610006-2C39-4419-9834-CF61AB24810A}" "1033" "0"

Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}

Visual Studio 2010 x64 Redistributables-->MsiExec.exe /I{21B133D6-5979-47F0-BE1C-F6A6B304693F}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinRAR 4.11 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe

World of Warcraft-->"C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enGB --uid=wow_engb --displayname="World of Warcraft"

XSplit-->MsiExec.exe /X{8BD89760-6B5D-4A3C-8B0D-CDB93BEFC0F6}

======System event log======

Computer Name: Gebruiker-PC

Event Code: 7036

Message: De Adobe Flash Player Update Service-service heeft nu de status gestopt.

Record Number: 171530

Source Name: Service Control Manager

Time Written: 20130709174400.139193-000

Event Type: Informatie

User:

Computer Name: Gebruiker-PC

Event Code: 7036

Message: De Adobe Flash Player Update Service-service heeft nu de status wordt uitgevoerd.

Record Number: 171529

Source Name: Service Control Manager

Time Written: 20130709174400.139193-000

Event Type: Informatie

User:

Computer Name: Gebruiker-PC

Event Code: 33

Message: De oudste schaduwkopie van volume C: is verwijderd om het gebruik van schijfruimte voor schaduwkopieën van volume C: beneden de door de gebruiker opgegeven limiet te houden.

Record Number: 171528

Source Name: volsnap

Time Written: 20130709173059.441540-000

Event Type: Informatie

User:

Computer Name: Gebruiker-PC

Event Code: 7036

Message: De WinHTTP Web Proxy Auto-Discovery Service-service heeft nu de status gestopt.

Record Number: 171527

Source Name: Service Control Manager

Time Written: 20130709173018.807216-000

Event Type: Informatie

User:

Computer Name: Gebruiker-PC

Event Code: 7036

Message: De Diagnostic System Host-service heeft nu de status gestopt.

Record Number: 171526

Source Name: Service Control Manager

Time Written: 20130709165934.659737-000

Event Type: Informatie

User:

=====Application event log=====

Computer Name: Gebruiker-PC

Event Code: 1003

Message: The Software Protection service has completed licensing status check.

Application Id=59a52881-a989-479d-af46-f275c6370663

Licensing Status=

1: 191301d3-a579-428c-b0c7-d7988500f9e3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]

2: 6f327760-8c5c-417c-9b61-836a98287e0c, 1, 1 [(0 [0xC004E003, 0, 0], [( 1 0xC004F056 30 0 msft:rm/algorithm/volume/1.0 0x00000000 0)(?)( 1 0xC004F056 30 0 msft:rm/algorithm/volume/1.0 0x00000000 0)(?)(?)(?)])(1 )(2 [0x00000000, 0, 0], [( 5 0xC004F009 30 0)( 5 0xC004F009 30 0)( 1 0x00000000 0 0 msft:rm/algorithm/flags/1.0 0x00000000 0)(?)(?)( 9 0x00000000 0xC004F056)])]

3: fdf3ecb9-b56f-43b2-a9b8-1b48b6bae1a7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]

Record Number: 43007

Source Name: Office Software Protection Platform Service

Time Written: 20130923042501.000000-000

Event Type: Informatie

User:

Computer Name: Gebruiker-PC

Event Code: 902

Message: The Software Protection service has started.

14.0.370.400

Record Number: 43006

Source Name: Office Software Protection Platform Service

Time Written: 20130923042501.000000-000

Event Type: Informatie

User:

Computer Name: Gebruiker-PC

Event Code: 1066

Message: Initialization status for service objects.

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL, msft:rm/algorithm/pkey/2005, 0x00000000, 0x00000000

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000

Record Number: 43005

Source Name: Office Software Protection Platform Service

Time Written: 20130923042501.000000-000

Event Type: Informatie

User:

Computer Name: Gebruiker-PC

Event Code: 900

Message: The Software Protection service is starting.

Record Number: 43004

Source Name: Office Software Protection Platform Service

Time Written: 20130923042500.000000-000

Event Type: Informatie

User:

Computer Name: Gebruiker-PC

Event Code: 1001

Message: Foutbucket , type 0

Naam van gebeurtenis: LiveKernelEvent

Antwoord: Niet beschikbaar

Id van CAB-bestand: 0

Handtekening van probleem:

P1:

P2:

P3:

P4:

P5:

P6:

P7:

P8:

P9:

P10:

Bijgevoegde bestanden:

C:\Windows\LiveKernelReports\WATCHDOG\WD-20130116-2014.dmp

C:\Windows\Temp\WER-36242027-0.sysdata.xml

C:\Windows\Temp\WER8D1.tmp.WERInternalMetadata.xml

Deze bestanden zijn mogelijk hier beschikbaar:

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_0_0_cab_11850900

Analysesymbool:

Opnieuw zoeken naar oplossing: 0nRapport-id: fe05205a-6010-11e2-9ebd-c8600001e22b

Rapportstatus: 0

Record Number: 43003

Source Name: Windows Error Reporting

Time Written: 20130923041907.000000-000

Event Type: Informatie

User:

=====Security event log=====

Computer Name: Gebruiker-PC

Event Code: 4624

Message: Er is een account aangemeld.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: GEBRUIKER-PC$

Accountdomein: WORKGROUP

Aanmeldings-id: 0x3e7

Aanmeldingstype: 5

Nieuwe aanmelding:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Procesgegevens:

Proces-id: 0x2f4

Naam proces: C:\Windows\System32\services.exe

Netwerkgegevens:

Naam van werkstation:

Netwerkadres van bron: -

Poort van bron: -

Gedetailleerde verificatiegegevens:

Aanmeldingsproces: Advapi

Verificatiepakket: Negotiate

Doorgezette services: -

Pakketnaam (alleen NTLM): -

Sleutellengte: 0

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

Record Number: 18126

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20121222154945.469633-000

Event Type: Controle geslaagd

User:

Computer Name: Gebruiker-PC

Event Code: 4672

Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Bevoegdheden: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 18125

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20121222154945.469633-000

Event Type: Controle geslaagd

User:

Computer Name: Gebruiker-PC

Event Code: 4624

Message: Er is een account aangemeld.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: GEBRUIKER-PC$

Accountdomein: WORKGROUP

Aanmeldings-id: 0x3e7

Aanmeldingstype: 5

Nieuwe aanmelding:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Procesgegevens:

Proces-id: 0x2f4

Naam proces: C:\Windows\System32\services.exe

Netwerkgegevens:

Naam van werkstation:

Netwerkadres van bron: -

Poort van bron: -

Gedetailleerde verificatiegegevens:

Aanmeldingsproces: Advapi

Verificatiepakket: Negotiate

Doorgezette services: -

Pakketnaam (alleen NTLM): -

Sleutellengte: 0

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

Record Number: 18124

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20121222154945.469633-000

Event Type: Controle geslaagd

User:

Computer Name: Gebruiker-PC

Event Code: 4672

Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

Onderwerp:

Beveiligings-id: S-1-5-19

Accountnaam: LOCAL SERVICE

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e5

Bevoegdheden: SeAssignPrimaryTokenPrivilege

SeAuditPrivilege

SeImpersonatePrivilege

Record Number: 18123

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20121222154945.454033-000

Event Type: Controle geslaagd

User:

Computer Name: Gebruiker-PC

Event Code: 4624

Message: Er is een account aangemeld.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: GEBRUIKER-PC$

Accountdomein: WORKGROUP

Aanmeldings-id: 0x3e7

Aanmeldingstype: 5

Nieuwe aanmelding:

Beveiligings-id: S-1-5-19

Accountnaam: LOCAL SERVICE

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e5

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Procesgegevens:

Proces-id: 0x2f4

Naam proces: C:\Windows\System32\services.exe

Netwerkgegevens:

Naam van werkstation:

Netwerkadres van bron: -

Poort van bron: -

Gedetailleerde verificatiegegevens:

Aanmeldingsproces: Advapi

Verificatiepakket: Negotiate

Doorgezette services: -

Pakketnaam (alleen NTLM): -

Sleutellengte: 0

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

Record Number: 18122

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20121222154945.454033-000

Event Type: Controle geslaagd

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=8

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 45 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=2d07

"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log

"windows_tracing_flags"=3

-----------------EOF-----------------

Link naar reactie
Delen op andere sites

Je hebt het verkeerde RSIT bestand geplaatst :sad

We hebben het bestand log.txt nodig en niet deze info.txt

Ik zie ook dat je 2 actieve virusscanners hebt: AVG Free 2013 en Microsoft Security Essentials.

Nu is het zo dat 2 actieve virusscanners elkaar in de weg kunnen zitten en zo je systeem vertragen of zelfs doen vastlopen.

Je moet 1 van de 2 verwijderen en aangezien AVG beter presteert dan Microsoft Security Essentials, zou ik deze laatste verwijderen.

Je kan AVG ook gelijk updaten naar de nieuwste versie (AVG 2014)

Link naar reactie
Delen op andere sites

MSE virusscanner is verwijderd.

hier is het juiste RSIT bestand :

Logfile of random's system information tool 1.09 (written by random/random)

Run by Gebruiker at 2014-01-17 08:58:04

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 203 GB (66%) free of 307 GB

Total RAM: 16361 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:58:06, on 17/01/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\Gebruiker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~2\contin~1\sprote~1.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7287 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /boot

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe /pipeName=89683e07-92fe-414a-8bb1-c706d9ddab21 /coreSdkOptions=4382 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\temp\2f1faa6f-074d-4a49-a866-ed2a20952774-258-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2013\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2013" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\temp\"

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

"C:\Program Files\Microsoft Security Client\MsMpEng.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe"

"C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe"

"C:\Program Files\Microsoft LifeCam\MSCamS64.exe"

"C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe"

"C:\Program Files (x86)\AVG\AVG2013\avgemca.exe"

"C:\Program Files\Microsoft Security Client\NisSrv.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\servicing\TrustedInstaller.exe

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Gebruiker\Desktop\Samenvatting zelfstudiecursus.docx"

"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

C:\Windows\splwow64.exe 8192

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4688.0.1635121877\1164850714" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,13,23,28 --gpu-vendor-id=0x10de --gpu-device-id=0x1200 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3221 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group8 pct:10h stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_39/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --instant-process --disable-html-notifications --enable-software-compositing --channel="4688.1.2072438628\900373200" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group8 pct:10h stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_39/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4688.3.154075068\1022998229" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group8 pct:10h stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_39/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4688.5.724301977\1359998102" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4688.6.1277395392\594239847" --ppapi-flash-args --lang=nl --ignored=" --type=renderer " /prefetch:-632637702

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group8 pct:10h stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_39/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4688.8.1636067335\454741692" /prefetch:673131151

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

"C:\Users\Gebruiker\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-01-16 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-23 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-23 171944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]

C:\Program Files (x86)\AVG\AVG2013\avgui.exe [2013-11-20 4411952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [2011-09-14 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-06-07 421776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2009-08-13 4195848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDeviceAgent]

C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2009-08-13 415752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [2010-12-13 135536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2013-12-10 2279712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

D:\PowerISO\PWRISOVM.EXE [2012-02-09 312376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Razer Synapse]

C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [2012-10-11 336304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg_DTS]

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-09-19 2278504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2011-09-26 7466600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]

C:\Windows\system32\nvspcap64.dll [2013-12-10 1100248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

D:\Steam\steam.exe [2013-12-04 1823656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]

C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

""= []

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave5"=wdmaud.drv

"midi5"=wdmaud.drv

"mixer5"=wdmaud.drv

"aux"=wdmaud.drv

"wave6"=wdmaud.drv

"midi6"=wdmaud.drv

"mixer6"=wdmaud.drv

"aux2"=wdmaud.drv

"MSVideo8"=VfWWDM32.dll

"wave7"=wdmaud.drv

"mixer7"=wdmaud.drv

"wave8"=wdmaud.drv

"mixer8"=wdmaud.drv

"wave9"=wdmaud.drv

"mixer9"=wdmaud.drv

"midi7"=wdmaud.drv

"aux3"=wdmaud.drv

"midi8"=wdmaud.drv

"aux4"=wdmaud.drv

"aux5"=wdmaud.drv

"midi9"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-16 15:55:17 ----D---- C:\Program Files\Speccy

2014-01-16 15:49:06 ----D---- C:\rsit

2014-01-16 15:49:06 ----D---- C:\Program Files\trend micro

2014-01-15 10:52:45 ----A---- C:\Windows\system32\drivers\usbuhci.sys

2014-01-15 10:52:45 ----A---- C:\Windows\system32\drivers\usbport.sys

2014-01-15 10:52:45 ----A---- C:\Windows\system32\drivers\usbohci.sys

2014-01-15 10:52:45 ----A---- C:\Windows\system32\drivers\usbhub.sys

2014-01-15 10:52:45 ----A---- C:\Windows\system32\drivers\usbehci.sys

2014-01-15 10:52:45 ----A---- C:\Windows\system32\drivers\usbd.sys

2014-01-15 10:52:45 ----A---- C:\Windows\system32\drivers\usbccgp.sys

2014-01-15 10:52:44 ----A---- C:\Windows\system32\win32k.sys

2014-01-15 10:52:43 ----A---- C:\Windows\system32\drivers\netio.sys

2014-01-15 10:34:42 ----D---- C:\Windows\pss

2014-01-12 20:36:51 ----D---- C:\Users\Gebruiker\AppData\Roaming\Awesomium

2014-01-12 18:10:22 ----D---- C:\Program Files (x86)\League

2014-01-10 15:41:52 ----D---- C:\Program Files\Core Temp

2014-01-09 14:48:43 ----D---- C:\ProgramData\Elder Scrolls Online

2014-01-08 13:30:02 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll

2014-01-08 13:30:02 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll

2014-01-08 13:30:02 ----A---- C:\Windows\system32\XAudio2_7.dll

2014-01-08 13:30:02 ----A---- C:\Windows\system32\XAPOFX1_5.dll

2014-01-08 13:30:01 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll

2014-01-08 13:30:01 ----A---- C:\Windows\system32\xactengine3_7.dll

2014-01-08 13:29:59 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll

2014-01-08 13:29:59 ----A---- C:\Windows\system32\D3DCompiler_43.dll

2014-01-08 13:29:57 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll

2014-01-08 13:29:57 ----A---- C:\Windows\system32\d3dcsx_43.dll

2014-01-08 12:55:04 ----A---- C:\Windows\system32\nvhdap64.dll

2014-01-08 12:55:04 ----A---- C:\Windows\system32\nvhdagenco6420103.dll

2014-01-08 12:55:04 ----A---- C:\Windows\system32\drivers\nvhda64v.sys

2014-01-08 12:55:02 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll

2014-01-08 12:55:02 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll

2014-01-08 12:55:02 ----A---- C:\Windows\SYSWOW64\nvopencl.dll

2014-01-08 12:55:02 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll

2014-01-08 12:55:02 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll

2014-01-08 12:55:02 ----A---- C:\Windows\SYSWOW64\nvinit.dll

2014-01-08 12:55:02 ----A---- C:\Windows\SYSWOW64\NvIFR.dll

2014-01-08 12:55:02 ----A---- C:\Windows\SYSWOW64\NvFBC.dll

2014-01-08 12:55:02 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll

2014-01-08 12:55:02 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll

2014-01-08 12:55:02 ----A---- C:\Windows\SYSWOW64\nvcuda.dll

2014-01-08 12:55:02 ----A---- C:\Windows\system32\nvopencl.dll

2014-01-08 12:55:02 ----A---- C:\Windows\system32\nvoglv64.dll

2014-01-08 12:55:02 ----A---- C:\Windows\system32\nvoglshim64.dll

2014-01-08 12:55:02 ----A---- C:\Windows\system32\nvinitx.dll

2014-01-08 12:55:02 ----A---- C:\Windows\system32\NvIFR64.dll

2014-01-08 12:55:02 ----A---- C:\Windows\system32\NvFBC64.dll

2014-01-08 12:55:02 ----A---- C:\Windows\system32\nvdispgenco6433221.dll

2014-01-08 12:55:02 ----A---- C:\Windows\system32\nvdispco6433221.dll

2014-01-08 12:55:02 ----A---- C:\Windows\system32\nvd3dumx.dll

2014-01-08 12:55:02 ----A---- C:\Windows\system32\nvcuvid.dll

2014-01-08 12:55:02 ----A---- C:\Windows\system32\nvcuvenc.dll

2014-01-08 12:55:02 ----A---- C:\Windows\system32\nvcuda.dll

2014-01-08 12:55:02 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys

2014-01-08 12:55:01 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll

2014-01-08 12:55:01 ----A---- C:\Windows\system32\nvcompiler.dll

2014-01-08 12:44:59 ----A---- C:\Windows\system32\nvspcap64.dll

2014-01-08 12:44:58 ----A---- C:\Windows\SYSWOW64\nvspcap.dll

2014-01-08 12:43:28 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll

2014-01-08 12:43:28 ----A---- C:\Windows\system32\nvaudcap64v.dll

2014-01-08 12:43:28 ----A---- C:\Windows\system32\drivers\nvvad64v.sys

2013-12-20 14:38:50 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll

2013-12-20 14:38:50 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll

2013-12-20 14:38:49 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll

2013-12-18 17:51:01 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll

2013-12-18 17:51:01 ----A---- C:\Windows\system32\d3dx11_43.dll

2013-12-18 17:50:59 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll

2013-12-18 17:50:59 ----A---- C:\Windows\system32\d3dx10_43.dll

2013-12-18 17:50:55 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll

2013-12-18 17:50:55 ----A---- C:\Windows\system32\D3DX9_43.dll

======List of files/folders modified in the last 1 month======

2014-01-17 08:58:06 ----D---- C:\Windows\Prefetch

2014-01-17 08:54:12 ----D---- C:\Windows\Temp

2014-01-17 08:51:14 ----D---- C:\ProgramData\MFAData

2014-01-17 08:48:58 ----D---- C:\Windows\system32\config

2014-01-16 21:17:27 ----D---- C:\Program Files (x86)\World of Warcraft

2014-01-16 21:16:37 ----SHD---- C:\Windows\Installer

2014-01-16 21:16:08 ----D---- C:\Windows\SysWOW64

2014-01-16 20:40:22 ----SHD---- C:\System Volume Information

2014-01-16 16:10:07 ----D---- C:\Program Files (x86)\Hearthstone

2014-01-16 15:55:23 ----D---- C:\Windows\inf

2014-01-16 15:55:17 ----RD---- C:\Program Files

2014-01-16 15:38:01 ----D---- C:\Windows\system32\Tasks

2014-01-16 00:43:47 ----D---- C:\Users\Gebruiker\AppData\Roaming\Skype

2014-01-15 17:45:00 ----D---- C:\Windows\winsxs

2014-01-15 17:41:55 ----D---- C:\Windows\System32

2014-01-15 17:41:53 ----D---- C:\Windows\system32\drivers

2014-01-15 17:41:52 ----D---- C:\Windows\system32\DriverStore

2014-01-15 13:10:08 ----D---- C:\Windows\system32\MRT

2014-01-15 13:09:28 ----D---- C:\Windows\debug

2014-01-15 13:09:24 ----A---- C:\Windows\system32\MRT.exe

2014-01-15 10:52:40 ----D---- C:\Windows\system32\catroot2

2014-01-15 10:52:40 ----D---- C:\Windows\system32\catroot

2014-01-15 10:34:42 ----D---- C:\Windows

2014-01-13 18:38:55 ----D---- C:\Windows\system32\LogFiles

2014-01-13 13:24:12 ----D---- C:\Windows\Panther

2014-01-13 13:24:12 ----D---- C:\Windows\Logs

2014-01-13 13:24:11 ----D---- C:\Windows\Minidump

2014-01-13 13:17:35 ----HD---- C:\ProgramData

2014-01-13 13:17:03 ----D---- C:\ProgramData\TuneUp Software

2014-01-12 18:10:26 ----D---- C:\Windows\Tasks

2014-01-12 18:10:25 ----SHD---- C:\Windows\SYSWOW64\AI_RecycleBin

2014-01-12 18:10:22 ----RD---- C:\Program Files (x86)

2014-01-10 15:49:43 ----D---- C:\ProgramData\PMB Files

2014-01-08 13:03:55 ----D---- C:\ProgramData\NVIDIA

2014-01-08 12:47:22 ----D---- C:\ProgramData\NVIDIA Corporation

2014-01-08 12:44:58 ----D---- C:\Program Files\NVIDIA Corporation

2014-01-08 12:44:50 ----D---- C:\Program Files (x86)\NVIDIA Corporation

2014-01-08 12:44:42 ----RSD---- C:\Windows\assembly

2013-12-19 21:33:31 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll

2013-12-19 21:33:31 ----A---- C:\Windows\SYSWOW64\nvapi.dll

2013-12-19 21:33:31 ----A---- C:\Windows\system32\nvwgf2umx.dll

2013-12-19 21:33:31 ----A---- C:\Windows\system32\nvumdshimx.dll

2013-12-19 21:33:31 ----A---- C:\Windows\system32\nvapi64.dll

2013-12-19 19:53:46 ----A---- C:\Windows\system32\nvsvc64.dll

2013-12-19 19:53:46 ----A---- C:\Windows\system32\nvcpl.dll

2013-12-19 19:53:44 ----A---- C:\Windows\system32\nvvsvc.exe

2013-12-19 19:53:44 ----A---- C:\Windows\system32\nvsvcr.dll

2013-12-19 19:53:44 ----A---- C:\Windows\system32\nvshext.dll

2013-12-19 19:53:44 ----A---- C:\Windows\system32\nvmctray.dll

2013-12-18 18:34:23 ----D---- C:\Program Files (x86)\Common Files

2013-12-18 18:05:51 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2013-12-18 17:58:21 ----D---- C:\Program Files\Common Files

2013-12-18 17:46:44 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 asahci64;asahci64; C:\Windows\system32\DRIVERS\asahci64.sys [2011-03-23 36448]

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2013-07-20 71480]

R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2013-07-20 311608]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2013-07-01 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2013-10-23 45880]

R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2011-09-14 562456]

R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2011-09-14 23832]

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]

R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2013-11-25 246072]

R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2013-07-20 206648]

R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2013-03-21 240952]

R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2012-02-09 125376]

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944]

R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]

R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-09-27 3081320]

R3 MEIx64;Intel® Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2011-08-15 56600]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-12-05 39200]

R3 rzudd;Razer Keyboard Driver; C:\Windows\system32\DRIVERS\rzudd.sys [2012-09-18 112640]

S3 ALSysIO;ALSysIO; \??\C:\Users\GEBRUI~1\AppData\Local\Temp\ALSysIO64.sys []

S3 HPFXBULKLEDM;HPFXBULKLEDM; C:\Windows\system32\drivers\hppdbulkio.sys [2011-03-09 22328]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver; C:\Windows\System32\Drivers\nx6000.sys [2010-12-13 36720]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 SSMO3v2Filter;MMO3v2 Mouse; C:\Windows\system32\drivers\MO3v2Driver.sys [2010-11-22 23040]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys []

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-02-15 52736]

S3 WinUSB;WinUSB FSL; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]

R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]

R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS64.exe [2010-12-13 194416]

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]

R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-08 1255736]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]

S4 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

S4 DTSAudioSvc;DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2011-08-05 225280]

S4 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]

S4 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]

S4 IAStorDataMgrSvc;Intel® Rapid Storage Technologie; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2011-09-14 7168]

S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2011-06-29 171688]

S4 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-10 1494304]

S4 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-10 15129376]

S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-12-19 922912]

S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]

S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-07-15 563112]

-----------------EOF-----------------

Link naar reactie
Delen op andere sites

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download 51a612a8b27e2-Zoek.pngZoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

chromelook; 
firefoxlook; 
emptyfolderscheck;delete 
emptyclsid;
startupall; 
filesrcm;

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.
  • Do a Deep Scan

  • Installed Programs

  • HijackThis Log

  • Running Processes
  • Auto Clean
  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Sorry voor de late reactie, hier is het logfile:

Zoek.exe v5.0.0.0 Updated 25-January-2014

Tool run by Gebruiker on zo 26/01/2014 at 20:34:28,45.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Gebruiker\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\avgwdsvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\AVG\avgui.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Gebruiker\Desktop\zoek.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

==== System Restore Info ======================

26/01/2014 20:35:54 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\ProgramData\Oracle deleted successfully

C:\Users\Gebruiker\AppData\Roaming\Hewlett-Packard deleted successfully

C:\Users\Gebruiker\AppData\Local\WOP deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3613446015-1807610986-2510348138-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.9) - Nederlands

Adobe Shockwave Player 11.6

Asmedia ASM104x USB 3.0 Host Controller Driver

Asmedia ASM106x SATA Host Controller Driver

AVG 2014

Battle.net

Bonjour

Curse Client

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

GeForce Experience NvStream Client Components

Google Chrome

Google Update Helper

Hearthstone

Intel® Management Engine Components

Intel® Network Connections 16.5.2.0

Intel® Rapid Storage Technology enterprise

iTunes

Java 7 Update 45

Java Auto Updater

JavaFX 2.1.1

League of Legends

Logitech GamePanel Software 3.03.133

Magicka

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile NLD Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended NLD Language Pack

Microsoft Antimalware Service NL-NL Language Pack

Microsoft Corporation

Microsoft LifeCam

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client NL-NL Language Pack

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0 Refresh

Mumble 1.2.3

Naga Firmware Updater 1.13

NVIDIA-configuratiescherm 332.21

NVIDIA GeForce Experience 1.8.1

NVIDIA Grafisch stuurprogramma 332.21

NVIDIA HD Audio-stuurprogramma 1.3.30.1

NVIDIA Install Application

NVIDIA LED Visualizer 1.0

NVIDIA Network Service

NVIDIA PhysX

NVIDIA PhysX systeemsoftware 9.13.0725

NVIDIA ShadowPlay 10.11.15

NVIDIA Update 10.11.15

NVIDIA Update Core

NVIDIA Virtual Audio 1.2.19

Orcs Must Die 2

Origin

PowerISO

Razer Synapse 2.0

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)

SHIELD Streaming

SkypeT 6.11

Speccy

Steam

swMSM

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

Taalpakket voor Microsoft .NET Framework 4 Extended - NLD

TeamSpeak 3 Client

TuneUp Utilities 2013

TuneUp Utilities Language Pack (nl-NL)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Ventrilo Client

Visual Studio 2010 x64 Redistributables

Visual Studio 2012 x64 Redistributables

Visual Studio 2012 x86 Redistributables

Windows Media Player Firefox Plugin

WinRAR 4.11 (32-bit)

World of Warcraft

XSplit

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\geo9ea4c.default

user.js not found

---- Lines WebSearch removed from prefs.js ----

user_pref("browser.search.defaultenginename", "WebSearch");

user_pref("browser.search.defaultenginename,S", "WebSearch");

user_pref("browser.search.defaulturl", "http://websearch.lookforithere.info/?pid=878&r=2013/05/18&hid=368193838&lg=EN&cc=BE&unqvl=14&l=1&q=");

user_pref("browser.search.order.1", "WebSearch");

user_pref("browser.search.order.1,S", "WebSearch");

user_pref("browser.search.selectedEngine,S", "WebSearch");

user_pref("keyword.URL", "http://websearch.lookforithere.info/?pid=878&r=2013/05/18&hid=368193838&lg=EN&cc=BE&unqvl=14&l=1&q=");

user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");

user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");

user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://websearch.lookforithere.info/?pid=878&r=2013/05/18&hid=368193838&lg=EN&cc=BE&un

user_pref("sweetim.toolbar.previous.keyword.URL", "http://websearch.lookforithere.info/?pid=878&r=2013/05/18&hid=368193838&lg=EN&cc=BE&unqvl=14&l=1&q=

---- Lines babylon removed from prefs.js ----

user_pref("extensions.BabylonToolbar.prtkDS", 0);

user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

---- Lines Sweet removed from prefs.js ----

user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

user_pref("sweetim.toolbar.searchguard.enable", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

---- Lines extensions.51978635763cc removed from prefs.js ----

user_pref("extensions.51978635763cc.epoch", "1371713566");

user_pref("extensions.51978635763cc.url", "http://extsync.info/sync/?ext=ctos&pid=878&country=BE&regd=130518134629&lsd=130619070343&ind=2789128001&ssd

---- Lines extensions.5197864a727b1 removed from prefs.js ----

user_pref("extensions.5197864a727b1.epoch", "1371713565");

user_pref("extensions.5197864a727b1.scode", "(function(){try{if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(

user_pref("extensions.5197864a727b1.url", "http://getfetch.info/sync/?ext=wbn&pid=878&country=BE&regd=130518134650&lsd=130619072838&ind=2789128001&ssd

---- FireFox user.js and prefs.js backups ----

prefs_20142601_2040_.backup

==== Deleting Files \ Folders ======================

C:\Users\Gebruiker\AppData\Roaming\NCdownloader deleted

C:\Users\Gebruiker\AppData\Roaming\OpenCandy deleted

C:\Users\Gebruiker\AppData\LocalLow\SearchNewTab deleted

C:\Users\Gebruiker\AppData\LocalLow\coNtinuuetosave deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted

C:\Windows\SysWow64\AI_RecycleBin deleted

C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\geo9ea4c.default\extensions\bvgp0uoo.ya@fs-yizbgxetui.edu deleted

C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\geo9ea4c.default\extensions\ps9aayy@mthxtplsthayu.org deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 16362 MB

CPU Info: Intel® Core i7-3820 CPU @ 3.60GHz

CPU Speed: 3603,5 MHz

Sound Card: Luidsprekers (Realtek High Defi |

Display Adapters: NVIDIA GeForce GTX 560 Ti | NVIDIA GeForce GTX 560 Ti | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 2x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm |

Screen Resolution: 1920 X 1080 - 32 bit

Network: Network Present

Network Adapters: Intel® 82579V Gigabit Network Connection

CD / DVD Drives: 2x (E: | F: | ) E: ATAPI iHAS122 | F:

Ports: COM1 LPT Port NOT Present.

Mouse: 7 Button Wheel Mouse Present

Hard Disks: C: 300,1GB | D: 1562,8GB

Hard Disks - Free: C: 197,5GB | D: 1376,8GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 11/16/11 | ALASKA - 1072009

Time Zone: Romance (standaardtijd)

Motherboard *: ASUSTeK COMPUTER INC. P9X79

Country: Belgi‰

Language: NLB

==== System Specs (Software) ======================

Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated)

Default Browser: Google Chrome 32.0.1700.76

Internet Explorer Version: 11.0.9600.16476

Google Chrome version: 32.0.1700.76

Adobe Reader version: 10.1.9.22

Flash Player version: 11.9.900.170

Shockwave Player version: 11.6.4r634

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\GEBRUI~1\AppData\Local\Temp ====

====== Java Cache =====

2014-01-13 12:01:36 4A5B449512D104B89F3C9FD763711C55 112 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\6e7bb4dd-6.0.lap

2014-01-13 12:00:58 896B0EAC2BA2F036E242697CA7DA9666 112 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\16554e20-6.0.lap

2014-01-13 12:01:00 39CB5790C3F0451A89BFDF28C9EC91B6 24806 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2fb889a6-54bc599d

2014-01-13 12:01:37 676ED7ABD4EAF43F0294E2EB3F35DBA9 207897 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\1f8ad835-606a77be

2014-01-13 12:00:59 3E14EC76EE4DF0BEACA2D74401D30568 6740 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2b136cbb-10ef0d1a

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-01-15 09:52:44 F2BF71FCEAB8FB8A691408C478E2FF4C 3156480 ----a-w- C:\Windows\Sysnative\win32k.sys

====== C:\Windows\Sysnative\drivers =====

2014-01-15 09:52:45 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys

2014-01-15 09:52:45 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys

2014-01-15 09:52:45 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys

2014-01-15 09:52:45 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys

2014-01-15 09:52:45 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys

2014-01-15 09:52:45 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys

2014-01-15 09:52:45 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys

2014-01-15 09:52:43 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys

2014-01-08 11:55:04 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\Windows\Sysnative\drivers\nvhda64v.sys

2014-01-08 11:55:02 0218E1CE8F7B5D404980192B9112D03A 12645664 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys

2014-01-08 11:43:28 09216A70CC364D0974F606F6F2109210 39200 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-01-16 14:55:17 -------- d-----w- C:\Program Files\Speccy

2014-01-16 14:49:06 -------- d-----w- C:\Program Files\trend micro

2014-01-10 14:41:52 -------- d-----w- C:\Program Files\Core Temp

======= C:\PROGRA~2 =====

2014-01-12 17:10:22 -------- d-----w- C:\PROGRA~2\League

======= C: =====

====== C:\Users\Gebruiker\AppData\Roaming ======

2014-01-17 08:06:58 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\AVG2014

2014-01-17 08:06:19 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014

2014-01-17 08:04:47 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014

2014-01-17 08:03:39 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2014

2014-01-17 08:00:35 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Avg2014

2014-01-12 19:36:51 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Awesomium

2014-01-08 11:44:24 -------- d-----w- C:\Users\Gebruiker\AppData\Local\NVIDIA

====== C:\Users\Gebruiker ======

2014-01-17 08:03:48 -------- d-----w- C:\ProgramData\AVG2014

2014-01-16 14:54:53 8141DC2382882BD14BE556D7CA8650C3 4779896 ----a-w- C:\Users\Gebruiker\Downloads\spsetup124.exe

2014-01-09 13:48:43 -------- d-----w- C:\ProgramData\Elder Scrolls Online

2014-01-08 11:44:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

====== C: exe-files ==

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"AVG_UI"="C:\Program Files (x86)\AVG\avgui.exe /TRAYONLY"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\\progra~2\\contin~1\\sprote~1.dll "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]

"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

"hkey"="HKLM"

"item"="APSDaemon"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AVG_UI"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\AVG\\AVG2013\\avgui.exe\" /TRAYONLY"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]

"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

"hkey"="HKLM"

"item"="BCSSync"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IAStorIcon"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Intel\\Intel® Rapid Storage Technology enterprise\\IAStorIcon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

"hkey"="HKLM"

"item"="iTunesHelper"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Launch LGDCore]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Launch LGDCore"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Logitech\\GamePanel Software\\G-series Software\\LGDCore.exe\" /SHOWHIDE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Launch LgDeviceAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Launch LgDeviceAgent"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Logitech\\GamePanel Software\\LgDevAgt.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LifeCam]

"command"="\"C:\\Program Files (x86)\\Microsoft LifeCam\\LifeExp.exe\""

"hkey"="HKLM"

"item"="LifeCam"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MSC"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvBackend]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NvBackend"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE]

"command"="D:\\PowerISO\\PWRISOVM.EXE -startup"

"hkey"="HKLM"

"item"="PWRISOVM.EXE"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Razer Synapse]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Razer Synapse"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Razer\\Synapse\\RzSynapse.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg_DTS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RtHDVBg_DTS"

"hkey"="HKLM"

"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /DTSU2P "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RTHDVCPL"

"hkey"="HKLM"

"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ShadowPlay"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\system32\\nvspcap64.dll,ShadowPlayOnSystemStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Steam"

"hkey"="HKCU"

"command"="\"D:\\Steam\\steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]

"path"="C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\CurseClientStartup.ccip"

"backup"="C:\\Windows\\pss\\CurseClientStartup.ccip.Startup"

"backupExtension"=".Startup"

"command"="C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\CurseClientStartup.ccip"

"item"="CurseClientStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]

"path"="C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Screen Clipper and Launcher.lnk"

"backup"="C:\\Windows\\pss\\OneNote 2010 Screen Clipper and Launcher.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONENOTEM.EXE /tsr"

"item"="OneNote 2010 Screen Clipper and Launcher"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DTSAudioSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAStorDataMgrSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel® PROSet Monitoring Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvNetworkService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvStreamSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service]

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/12/2013 13:44]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\{FB0F095E-5147-44A2-8CF5-32840F195E70}" ["c:\program files\internet explorer\iexplore.exe" ]Download Skype op uw computer ? Mac, Windows, Linux ? Skype

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\geo9ea4c.default

- BlockSite - %ProfilePath%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\geo9ea4c.default

4676A8E1EE37E71486717ECD1E61C17B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

==== Chrome Look ======================

YouTube - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

AdBlock - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Google Wallet - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DEDAFEF0-BD67-7DA8-C7D5-9B9A1B457BF1} deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\avgui.exe" /TRAYONLY

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~2\contin~1\sprote~1.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=47 folders=32 29347623 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on zo 26/01/2014 at 20:45:57,82 ======================

Link naar reactie
Delen op andere sites

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Ga naar Java en download daar de correcte Java versie.

  • Klik op "Gratis Java-download".
  • Ga akkoord met de licentiebepalingen en klik op de button voor de gratis download.
  • Het bestand JavaSetup wordt aangeboden - kies hier voor "bestand opslaan".
  • Sluit alle programma's die eventueel open zijn - zeker je web browser!
  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE of JAVA) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Klik vervolgens op JavaSetup om de nieuwste versie van Java te installeren.
  • Vink de installatie van de Ask toolbar uit en ga dan verder met de installatie.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Start 51a612a8b27e2-Zoek.pngZoek.exe nogmaals met het onderstaande script.

  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
     [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
    "AppInit_DLLs"=-;r
    chromelook; 
    firefoxlook; 
    emptyfolderscheck;delete 
    emptyclsid;
    startupall; 
    filesrcm;
    process;
    hijackthis;
    autoclean; 
    


  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Zoek.exe v5.0.0.0 Updated 25-January-2014

Tool run by Gebruiker on ma 27/01/2014 at 15:17:04,99.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Gebruiker\Desktop\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-01-26-194557.log 37650 bytes

==== Empty Folders Check ======================

C:\ProgramData\Oracle deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\avgidsagent.exe

C:\Program Files (x86)\AVG\avgwdsvc.exe

C:\Program Files (x86)\AVG\avgui.exe

C:\Users\Gebruiker\Desktop\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\GEBRUI~1\AppData\Local\Temp ====

====== Java Cache =====

2014-01-27 14:16:44 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-7894de4f

2014-01-27 14:16:40 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-2a59e371

2014-01-27 14:16:40 3E959302AACF9645E79C13B3271DC4C7 99 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap

2014-01-27 14:16:39 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-7cd44aca

2014-01-27 14:16:40 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-76bb80fb

====== C:\Windows\SysWOW64 =====

2014-01-27 14:16:10 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe

2014-01-27 14:16:06 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe

2014-01-27 14:16:06 A7871E39687EC6EE9712209DAE248B3A 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-01-27 14:16:06 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Windows\SysWOW64\java.exe

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-01-15 09:52:44 F2BF71FCEAB8FB8A691408C478E2FF4C 3156480 ----a-w- C:\Windows\Sysnative\win32k.sys

====== C:\Windows\Sysnative\drivers =====

2014-01-15 09:52:45 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys

2014-01-15 09:52:45 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys

2014-01-15 09:52:45 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys

2014-01-15 09:52:45 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys

2014-01-15 09:52:45 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys

2014-01-15 09:52:45 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys

2014-01-15 09:52:45 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys

2014-01-15 09:52:43 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys

2014-01-08 11:55:04 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\Windows\Sysnative\drivers\nvhda64v.sys

2014-01-08 11:55:02 0218E1CE8F7B5D404980192B9112D03A 12645664 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys

2014-01-08 11:43:28 09216A70CC364D0974F606F6F2109210 39200 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-01-16 14:55:17 -------- d-----w- C:\Program Files\Speccy

2014-01-16 14:49:06 -------- d-----w- C:\Program Files\trend micro

2014-01-10 14:41:52 -------- d-----w- C:\Program Files\Core Temp

======= C:\PROGRA~2 =====

2014-01-12 17:10:22 -------- d-----w- C:\PROGRA~2\League

======= C: =====

====== C:\Users\Gebruiker\AppData\Roaming ======

2014-01-26 19:43:41 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp

2014-01-26 19:43:41 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp

2014-01-26 19:43:41 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Temp

2014-01-26 19:43:41 -------- d-----w- C:\Users\Default\AppData\Local\Temp

2014-01-26 19:43:41 -------- d-----w- C:\Users\Default User\AppData\Local\Temp

2014-01-17 08:06:58 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\AVG2014

2014-01-17 08:06:19 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014

2014-01-17 08:04:47 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014

2014-01-17 08:03:39 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2014

2014-01-17 08:00:35 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Avg2014

2014-01-12 19:36:51 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Awesomium

2014-01-08 11:44:24 -------- d-----w- C:\Users\Gebruiker\AppData\Local\NVIDIA

====== C:\Users\Gebruiker ======

2014-01-27 14:16:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-01-27 14:13:39 5C68A2107DBD9B08CACE3130FE55B062 921000 ----a-w- C:\Users\Gebruiker\Downloads\chromeinstall-7u51.exe

2014-01-17 08:03:48 -------- d-----w- C:\ProgramData\AVG2014

2014-01-16 14:54:53 8141DC2382882BD14BE556D7CA8650C3 4779896 ----a-w- C:\Users\Gebruiker\Downloads\spsetup124.exe

2014-01-09 13:48:43 -------- d-----w- C:\ProgramData\Elder Scrolls Online

2014-01-08 11:44:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

====== C: exe-files ==

2014-01-27 14:16:10 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe

2014-01-27 14:16:06 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe

2014-01-27 14:16:06 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Windows\SysWOW64\java.exe

2014-01-27 14:13:51 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\jre1.7.0_51\lzma.exe

2014-01-27 14:13:39 5C68A2107DBD9B08CACE3130FE55B062 921000 ----a-w- C:\Users\Gebruiker\Downloads\chromeinstall-7u51.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"AVG_UI"="C:\Program Files (x86)\AVG\avgui.exe /TRAYONLY"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]

"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

"hkey"="HKLM"

"item"="BCSSync"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IAStorIcon"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Intel\\Intel® Rapid Storage Technology enterprise\\IAStorIcon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

"hkey"="HKLM"

"item"="iTunesHelper"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Launch LGDCore]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Launch LGDCore"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Logitech\\GamePanel Software\\G-series Software\\LGDCore.exe\" /SHOWHIDE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Launch LgDeviceAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Launch LgDeviceAgent"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Logitech\\GamePanel Software\\LgDevAgt.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LifeCam]

"command"="\"C:\\Program Files (x86)\\Microsoft LifeCam\\LifeExp.exe\""

"hkey"="HKLM"

"item"="LifeCam"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvBackend]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NvBackend"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE]

"command"="D:\\PowerISO\\PWRISOVM.EXE -startup"

"hkey"="HKLM"

"item"="PWRISOVM.EXE"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Razer Synapse]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Razer Synapse"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Razer\\Synapse\\RzSynapse.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg_DTS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RtHDVBg_DTS"

"hkey"="HKLM"

"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /DTSU2P "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RTHDVCPL"

"hkey"="HKLM"

"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ShadowPlay"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\system32\\nvspcap64.dll,ShadowPlayOnSystemStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Steam"

"hkey"="HKCU"

"command"="\"D:\\Steam\\steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]

"path"="C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\CurseClientStartup.ccip"

"backup"="C:\\Windows\\pss\\CurseClientStartup.ccip.Startup"

"backupExtension"=".Startup"

"command"="C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\CurseClientStartup.ccip"

"item"="CurseClientStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]

"path"="C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Screen Clipper and Launcher.lnk"

"backup"="C:\\Windows\\pss\\OneNote 2010 Screen Clipper and Launcher.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONENOTEM.EXE /tsr"

"item"="OneNote 2010 Screen Clipper and Launcher"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DTSAudioSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAStorDataMgrSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel® PROSet Monitoring Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvNetworkService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvStreamSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service]

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\{FB0F095E-5147-44A2-8CF5-32840F195E70}" ["c:\program files\internet explorer\iexplore.exe" ]Download Skype op uw computer ? Mac, Windows, Linux ? Skype

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\geo9ea4c.default

- BlockSite - %ProfilePath%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\geo9ea4c.default

4676A8E1EE37E71486717ECD1E61C17B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

==== Chrome Look ======================

YouTube - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

AdBlock - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Google Wallet - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=47 folders=32 29347623 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ma 27/01/2014 at 15:26:14,16 ======================

Link naar reactie
Delen op andere sites

Download 52147fb3b2536-AdwCleaner_99_3_16x16x32.pngAdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik vervolgens op de knop Scan.
  • Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  • Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  • Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  • Plaats dit logbestand in het volgende bericht.

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.