froesjel

# AdwCleaner v4.201 - Logbestand aangemaakt 21/04/2015 op 09:50:17 # Laatste update 08/04/2015 door Xplode # Database : 2015-04-20.1 [server] # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64) # Gebruikersnaam : alain - ALAIN-PC # Gestart vanuit : C:\Users\alain\Desktop\adwcleaner_4.201.exe # Optie : Verwijderen ***** [ Services ] ***** ***** [ Bestanden / Mappen ] ***** ***** [ Geplande taken ] ***** Taak Verwijderd : PC Performer Logon Scan Taak Verwijderd : PC Performer Scheduled Scan ***** [ Snelkoppelingen ] ***** ***** [ Register ] ***** Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07} Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{CA021789-C8CD-4676-BC40-90077A19D5CD} Sleutel Verwijderd : HKCU\Software\Squeaky Sleutel Verwijderd : HKCU\Software\Local AppWizard-Generated Applications Sleutel Verwijderd : HKU\.DEFAULT\Software\AVG Secure Search Sleutel Verwijderd : HKU\.DEFAULT\Software\Local AppWizard-Generated Applications ***** [ Webbrowsers ] ***** -\\ Internet Explorer v11.0.9600.17728 -\\ Mozilla Firefox v -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [1692 bytes] - [21/04/2015 09:43:46] AdwCleaner[R1].txt - [1751 bytes] - [21/04/2015 09:47:48] AdwCleaner[s0].txt - [1565 bytes] - [21/04/2015 09:50:17] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1624 bytes] ##########

Zoek.exe v5.0.0.0 Updated 08-April-2015 Tool run by alain on ma 20/04/2015 at 9:55:08,80. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\alain\Documents\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-04-19-153626.log 70215 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "MSC"=- ==== Deleting Files \ Folders ====================== c:\\Program Files\\Microsoft Security Client not found C:\Windows\SysNative\config\systemprofile\Searches deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\i4emk1mu.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Undetermined - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== Profilepath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\2ts6yhzr.default FF0D6F82A0EC13952E83B9439100E45D - C:\Users\alain\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 506C758195FD6F4F1594C0F1B1E32A15 - C:\ProgramData\Kortingzoeker\FFExtension20131010193222\plugins\npdf.dll - MoneyMillionaire plugin 4F26678A032868EA584431944FB2E6C7 - C:\Users\alain\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll - Microsoft Office 2013 Profilepath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\i4emk1mu.default 506C758195FD6F4F1594C0F1B1E32A15 - C:\ProgramData\Kortingzoeker\FFExtension20131010193222\plugins\npdf.dll - MoneyMillionaire plugin 4F26678A032868EA584431944FB2E6C7 - C:\Users\alain\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll - Microsoft Office 2013 FF0D6F82A0EC13952E83B9439100E45D - C:\Users\alain\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Chromium Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://bing.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://bing.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{20711F84-BDC0-4ABF-84DA-B974A90FDD74}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {20711F84-BDC0-4ABF-84DA-B974A90FDD74} Bing Url="http://www.bing.com/search?FORM=AARBDF&PC=MAAR&q={searchTerms}&src=IE-SearchBox" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Cody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Cody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\alain\AppData\Local\Mozilla\Firefox\Profiles\i4emk1mu.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\alain\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=21 folders=21 14107506 bytes) ==== Empty Temp Folders ====================== C:\Users\alain\AppData\Local\Temp will be emptied at reboot C:\Users\Cody\AppData\Local\Temp emptied successfully C:\Users\Gast\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\alain\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 20/04/2015 at 10:35:55,17 ======================

Zoek.exe v5.0.0.0 Updated 08-April-2015 Tool run by alain on zo 19/04/2015 at 15:55:02,82. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\alain\Documents\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 19/04/2015 15:57:55 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Freemake deleted successfully C:\Users\alain\AppData\Roaming\Performersoft deleted successfully C:\Users\alain\AppData\Roaming\QuickScan deleted successfully C:\Users\Gast\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C39B6F51-4B86-4F26-89FE-106F0E58B0CD} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ???? ???? ????? ???? Windows Live ????? Windows Live ?????? ??????? ???????? ?????????? Windows Live ?????????? ?????????? (????????????? ??????) ??????????? ABBYY FineReader 6.0 Sprint Acer Backup Manager Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer Registration Acer ScreenSaver Acrobat.com Adobe AIR Adobe Flash Player 17 ActiveX Adobe Reader XI (11.0.10) - Nederlands Adobe Refresh Manager AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Control Center AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Steady Video Plug-In AMD Wireless Display v3.0 Argazki Galeria Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver AVG 2015 Backup Manager V3 Bing Bar Browserinvoegtoepassingen voor Microsoft Office op aanvraag Canon Easy-WebPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon IJ Scan Utility Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MG5500 series MP Drivers Canon MG5500 series On-screen Manual Canon My Image Garden Canon My Image Garden Design Files Canon My Printer Canon Quick Menu Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner clear.fi clear.fi Client Compatibiliteitspakket voor het 2007 Microsoft Office system D3DX10 Dropbox Facebook Video Calling 2.0.0.447 File Shredder 2.5 Fotogal‚ria Fotogalerie Fotogalerija Fotogalleri Fotogalleriet Fotograf Galerisi Fot¢t r Free YouTube Download version 3.2.20.1230 Free YouTube to MP3 Converter version 3.12.20.1230 Galeria de Fotografias Galeria de Fotos Galer¡a de fotos Galeria fotogr…fica Galeria fotografii Galerie de photos Galerie foto Galerija fotografija Gebruikersregistratie voor Canon MG5500 series Google Toolbar for Internet Explorer Google Update Helper iWisoft Free Video Converter 1.2 Java 8 Update 45 Java Auto Updater Junk Mail filter update MediaEspresso Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft .NET Framework 4.5.2 (NLD) Microsoft Application Error Reporting Microsoft Camera Codec Pack Microsoft Office 2010 Microsoft Office Klik-en-Klaar 2010 Microsoft Office Starter 2010 - Nederlands Microsoft PowerPoint Viewer Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Mobistar Internet Everywhere Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MyWinLocker MyWinLocker 4 MyWinLocker Suite NTI Media Maker 9 Photo Common Photo Gallery Poczta uslugi Windows Live Podstawowe programy Windows Live Posta Windows Live Raccolta foto Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader S?????? f?t???af??? Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Shredder SkypeT 7.0 Stuurprogrammapakket voor Windows - Fedict SmartCard (03/25/2014 4.0.7.4) Valokuvavalikoima Visual Studio 2010 x64 Redistributables Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables Windows Live ??? Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalleri Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Par‡alar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven peruspaketti Windows Liven s„hk”posti ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2015\avgfws.exe C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Users\alain\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\SysWOW64\ctfmon.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe C:\Users\alain\Documents\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Freemake not found C:\Users\alain\AppData\Roaming\DriverFinder deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\Package Cache deleted C:\Users\alain\AppData\Local\simedit.log deleted C:\Windows\wininit.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\sho20CA.tmp deleted C:\Windows\Syswow64\sho903D.tmp deleted C:\Windows\Syswow64\shoFD44.tmp deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3563 MB CPU Info: AMD A4-3300M APU with Radeon HD Graphics CPU Speed: 1935,7 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: AMD Radeon HD 6480G | AMD Radeon HD 6480G | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR5B97 Wireless Network Adapter | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW TS-L633F Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 581,1GB | Q: 0,0MB Hard Disks - Free: C: 462,5GB | Q: 0,0MB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 05/04/11 | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer JE70-SB Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: AVG Internet Security 2015 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG Internet Security 2015 disabled (Outdated) Firewall: AVG Internet Security 2015 disabled Internet Explorer Version: 11.0.9600.17728 Sun Java version: 1.8.0_45 (32-bit) Sun Java version: 1.8.0_45 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\alain\AppData\Local\Temp ==== 2015-04-19 13:51:39 CC02C8B8EF80A4F9C34B08B2E33005AC 1095472 -c--a-w- C:\Users\alain\AppData\Local\Temp\{10851C95-0A38-40F3-ABE1-734EFB00DB26}\Setup.exe 2015-04-19 13:51:39 93812FDC01AA864195816CD814445F95 241984 -c--a-w- C:\Users\alain\AppData\Local\Temp\{10851C95-0A38-40F3-ABE1-734EFB00DB26}\SqmApi.dll 2015-04-19 13:51:39 856E41303DB61794937703AC60FA31F4 8864 -c--a-w- C:\Users\alain\AppData\Local\Temp\{10851C95-0A38-40F3-ABE1-734EFB00DB26}\SetupRes.dll 2015-04-19 13:51:39 1A524714927D62ACCCC2651C8C42DD31 186656 -c--a-w- C:\Users\alain\AppData\Local\Temp\{10851C95-0A38-40F3-ABE1-734EFB00DB26}\EppManifest.dll 2015-04-19 13:37:26 EB3F8534322D883F4A61274210551662 43008 -c--a-w- C:\Users\alain\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphl6ioa.dll 2015-04-16 18:46:48 22385EE33688B10B61DA1D8CA9549E4B 120192 -c--a-w- C:\Users\alain\AppData\Local\Temp\clear.fiClient\cabarc.exe ====== Java Cache ===== 2015-04-19 13:48:28 C1BBA7F1278F193AB584FFF460DB5E2A 17878 -c--a-w- C:\Users\alain\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-1f8bf06c 2015-04-19 13:47:59 415FC9732A3F4D89A0E01251CD66E136 646 -c--a-w- C:\Users\alain\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-2f9a6085 2015-04-19 13:47:59 47F1A58AA69E38DCD5B50B13C25A8430 425 -c--a-w- C:\Users\alain\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2015-04-19 13:47:58 415FC9732A3F4D89A0E01251CD66E136 646 -c--a-w- C:\Users\alain\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-732f828f 2015-04-19 13:47:59 34FA8033B50A3F99D3AB8209C72C0ABA 6860 -c--a-w- C:\Users\alain\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-4143aa84 ====== C:\Windows\SysWOW64 ===== 2015-04-19 13:44:16 4E6A6CCB4A46F25CDAE35BA60B7934C2 98216 -c--a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-04-16 07:45:22 E981C27FA6C2F45C135DB4AF78D6FE1F 92672 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2015-04-16 07:45:22 751C4859FD46A1461B3FB57252F541D8 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2015-04-16 07:45:21 C7E498E41D92CF8C2EAED9995781A7F7 29696 ----a-w- C:\Windows\SysWOW64\wups.dll 2015-04-16 07:45:21 9D68CE45935C439D5082ECB56902124D 566784 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2015-04-16 07:45:21 031C03C9639CE0D294695968C68A5775 173056 ----a-w- C:\Windows\SysWOW64\wuwebv.dll 2015-04-16 07:44:20 2B381229CCACA02AFF9D27B09073E523 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2015-04-16 07:44:10 DA5B856A037872BE089CA6967C7050C5 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2015-04-16 07:44:07 78492CF3C3697FB5AF4EAABB2BAF8595 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2015-04-16 07:43:43 32B9FEE479FF55234ED6BCF1D7976189 1309696 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2015-04-16 07:43:41 11896E75E1A118ABFAD126BEB650A189 3920824 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-04-16 07:43:36 A6A644BFAE31F111F35F8C3C7BA2A8A0 3976632 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-04-16 07:43:34 99DE8BADC0E85C9AB4A8301A3723FFEA 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2015-04-16 07:43:31 BC09159AFF6639DB2CB28058731199F0 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-04-16 07:43:29 DB7CFA08957C94F6CFAA0DBB8BE4B906 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-04-16 07:43:26 56977F27A96383E2A6C8BACEFC17E9CA 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-04-16 07:43:24 2DE438AE95C59FB33B3E4E34827C1100 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-04-16 07:43:23 A057B61F8A553F6DA38563597FA3676B 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-04-16 07:43:22 E6A73ED322D8D0E85589894157F81940 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-04-16 07:43:22 655C88135254C78E6FB66B6C2F6AC5DA 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-04-16 07:43:20 6F8CEB8115737D2E049804B191AE41A9 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-04-16 07:43:19 A169307F0105183092F2AEDA9A8BD15D 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-04-16 07:43:18 06C69684C3730E1A31DF06D4DD4042BC 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2015-04-16 07:43:17 6A9FFEF19C4F8F2E9082A50BB07ECDF1 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-04-16 07:43:17 52C84F726B8B84634F2E666C49076CDE 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2015-04-16 07:43:17 47A1F23EE40C2389FCD53E9D5CEA3430 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-04-16 07:43:16 C2A7AEA0A0FF0E7284632902FF9BD73A 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-04-16 07:43:16 0FF9EEFF3EFC725FD90AD2CDA5A96776 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2015-04-16 07:43:07 FC898E44379D877DE92D869E713528CD 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-04-16 07:43:07 C557EB6CD735B4EE5076EA289B02CEAC 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2015-04-16 07:43:07 53C485BC8BBD41877F58AEB89412F5D7 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-04-16 07:43:05 2E0F849B7BF17969E45881FA4EB9B487 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-04-16 07:43:03 C0693456929F40833B9CC36C9CF7E3A8 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-04-16 07:43:03 4B21D227B191A6305087BDD6BB19220F 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-04-16 07:40:38 D730BA653F9F95EC044F6636E6E45905 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-04-16 07:40:38 BA897AB3BC3DBC25829946EBA487496C 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-04-16 07:40:38 8CD57250F538CFFA0D5DCA9773AEDCAB 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-04-16 07:40:38 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\SysWOW64\ieuinit.inf 2015-04-16 07:40:37 DC155C2C14DC69EA400020CF92895873 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-04-16 07:40:36 89CACDF654626F1948BF6C19A6D610BE 342704 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-04-16 07:40:35 92CF8BC1B198C01CDC55A1A91E510700 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-04-16 07:40:35 8127C2EE2E287BB3AB7843F9923B62BD 1311232 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-04-16 07:40:33 EC442CB6F2D08F4FAA6BA68A23B82383 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-04-16 07:40:33 CD91FE4F2718A88FC1C9C9C2E73EABB2 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-04-16 07:40:33 2F42037DD6F2831332653EB7F35D7E9A 19695616 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-04-16 07:40:32 CA4F96D21BEF43DE9407210CFF76FCEA 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-04-16 07:40:31 8E30C9B4E16C23211F1DD02B517E4FA8 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-04-16 07:40:31 01C2BB4C13E6E0AF50867BCE8EE8A03E 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-04-16 07:40:30 8A083313C1F7F50098D1D4F2FC092BD1 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-04-16 07:40:29 A305BEDA0CD8304102BFBBA0EB2A48CA 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-04-16 07:40:29 77104FDBBD821F2D73338D9370675EF3 2278400 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-04-16 07:40:28 B7BFB7C2970DF5E779FF729C037BD8E4 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-04-16 07:40:28 1DFA1B4968C4E9E23CD6E68AF9CC063F 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-04-16 07:40:27 94D64C343FE6341430A4C61BC490FEBF 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-04-16 07:40:27 2B5DD86A4B6E92E5A79C479C0652E727 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-04-16 07:40:26 AE8A9FCDC135F681EFE9135929CF4A7B 12825600 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-04-16 07:40:22 BDE9AA78B575CDA7C946A725926021F7 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-04-16 07:40:21 7776F3DA2B1AEDC2DA226F726B1E9A01 503296 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-04-16 07:40:21 43A5A38E45F0D4FA02A0CCD51244AA17 4305408 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-04-16 07:40:20 C46904F2E9E121A91DDDABB48D7648C3 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-04-16 07:40:18 B55293D48979DADE6049944C252A3BDB 340992 ----a-w- C:\Windows\SysWOW64\html.iec 2015-04-16 07:40:18 2396395B6F563158BEC2E0526D7F6CD2 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-04-16 07:38:15 D824C1C235349B67E652A5CA70D1AA49 58880 ----a-w- C:\Windows\SysWOW64\clfsw32.dll ====== C:\Windows\SysWOW64\drivers ===== 2015-04-07 11:45:18 C067D1989D3CED638C3821CF866AA848 19968 -c--a-r- C:\Windows\SysWOW64\drivers\RtsUIr.sys 2015-04-07 11:45:18 5C62508A344A2A13F6A7A85286AE8F62 50176 -c--a-r- C:\Windows\SysWOW64\drivers\RtsUCcid.sys ====== C:\Windows\Sysnative ===== 2015-04-16 07:45:21 C5D90D20035928387FE27E4485EE463F 36864 ----a-w- C:\Windows\Sysnative\wuapp.exe 2015-04-16 07:45:21 AEA602B4036CF95522818E911654F52E 135168 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2015-04-16 07:45:21 95A9A336CFF6AC51B33BBFDBEA6D848B 60416 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll 2015-04-16 07:45:21 6C21C983C1F83900DBEDE51DCA247B72 696320 ----a-w- C:\Windows\Sysnative\wuapi.dll 2015-04-16 07:45:20 AECC03D0A794619E15FF1CB92D65EF9E 191488 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2015-04-16 07:45:20 6BAC8DCC6C58755A1B9E6D3B04C28FC5 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll 2015-04-16 07:45:20 2ADEA6F221BBF0992FDF9A3E25BA9F59 98304 ----a-w- C:\Windows\Sysnative\wudriver.dll 2015-04-16 07:45:20 2A77BD58F0A8D3743D4299434390922E 35328 ----a-w- C:\Windows\Sysnative\wups.dll 2015-04-16 07:45:20 21DF773EF8EFEF531E7E0BF477E03047 3298816 ----a-w- C:\Windows\Sysnative\wucltux.dll 2015-04-16 07:45:20 21CA4277E6918B019525ECCD748EF401 37376 ----a-w- C:\Windows\Sysnative\wups2.dll 2015-04-16 07:45:20 0814A74C853F50B354F08F83DDA9F7FB 2553856 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2015-04-16 07:44:34 E72C92A252EC4B230287BC6E06F24296 957952 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-04-16 07:44:34 5D0A492C42A43DCF73284F2865519712 30720 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-04-16 07:44:33 826A7F422014E4762C700B4254F5C588 1111552 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-04-16 07:44:33 3FCD3FE7F58935A85ACC33019129358E 419840 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-04-16 07:44:33 0E0723E6D064ACD3D603BEF93EE0B950 769536 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-04-16 07:44:33 05ED759DD0821294F05A41F6A8F1E18F 726528 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-04-16 07:44:28 3F0FFBA1765470F979D57F88248070CA 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2015-04-16 07:44:28 205EE22E14A9848FB2266FF035BE0C9C 192000 ----a-w- C:\Windows\Sysnative\aepic.dll 2015-04-16 07:44:22 72098048AB8AE2CAFA4ECE35D5051D62 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll 2015-04-16 07:44:10 0B85F3551337FE233477DA31545DC45C 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll 2015-04-16 07:44:07 2AA1704C1475AD9D18560AD07BDA66DF 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2015-04-16 07:43:45 DCB7D8034C773ADB660FA8F1139AC0A0 5557696 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-04-16 07:43:44 96C2380819EBAC0BF592A7E8977E9E8A 1727904 ----a-w- C:\Windows\Sysnative\ntdll.dll 2015-04-16 07:43:43 E75074EFBE3C24FBC95C7C1985E08FDE 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2015-04-16 07:43:43 B47C4E8E9AF9044F9D59443196D54608 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2015-04-16 07:43:35 5EA8A53A243ED52DA1F705D000854B2A 341504 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-04-16 07:43:34 CBEFBE487F0C09EE0F8AC5299447450E 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2015-04-16 07:43:32 6DEDB5E0258998C01C26280DBDB2A4B9 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-04-16 07:43:30 F87B5878D7621A16A0A5CF1D94BE5A53 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-04-16 07:43:30 B00F1AC213172C557EF84F71E4DF5EA3 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2015-04-16 07:43:30 A32CA33E8692DA882133341AF31A4C36 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2015-04-16 07:43:29 EA32F4EA3AE06EDD122FBCD5A489E457 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2015-04-16 07:43:28 8E615D40A652999B224EDBBFA7B4035B 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-04-16 07:43:28 5E9E31A2F213E757184EB2CA4B562E6C 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-04-16 07:43:25 F36EF8DBE5CE842B8F04515BF422DFB4 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-04-16 07:43:25 7220246418A40D3BF7470058A2DB939A 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-04-16 07:43:24 CB33B9F21F06764DCA561FC194823199 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-04-16 07:43:23 799E731B83F911A6220E678722A73DDF 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-04-16 07:43:23 234529666FB5BBE12343FF58380E8234 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-04-16 07:43:23 0B6514A14631E41DE4D6D40D1C80BE68 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2015-04-16 07:43:22 CACB6D061EAAE5CEB9203A26127843AF 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-04-16 07:43:22 CA4FC33FB22D92368A0B221092B46374 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-04-16 07:43:20 2ABF1BA930E5CE0017D6197A06B03E07 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-04-16 07:43:19 CFDA43CD05B94C4853042E4A9561B156 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2015-04-16 07:43:19 1150C2D3C72887571581DF6D0E58540D 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2015-04-16 07:43:18 C631969919195C040E135CC380018A65 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-04-16 07:43:18 978BC01DD41125DED32AC03925A16578 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-04-16 07:43:18 5905040249D279F61AE988A7F5F0D241 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-04-16 07:43:17 DE328CD9E0678A55880C2189EE5BDBDC 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2015-04-16 07:43:07 39D0217773202CF09F13C1E420CBA6CA 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2015-04-16 07:43:05 3474740668B86841E999893D9314193E 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-04-16 07:43:03 88B6EDA230EFEFC780AF717AA9640CAD 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-04-16 07:43:03 55BF60184106FCF60B999CDEB4EACB2E 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-04-16 07:40:38 3B69EBB762C52E8EFC127857C93CAC4F 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-04-16 07:40:38 3278499EBA0DAA54EB4B68F695F0FB43 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-04-16 07:40:37 B664D90F9BFCFBBCF520C63B17736880 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-04-16 07:40:36 9D3E174BD20A383523D5551A46C24BF6 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-04-16 07:40:36 7571102ACD8A82A55D1657CDF96A1A0E 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-04-16 07:40:35 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\Sysnative\ieuinit.inf 2015-04-16 07:40:33 0B077004AE4C2F7DE630445391360262 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-04-16 07:40:30 F36C78BC3D456BFB42A606A6B723F6DC 389808 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-04-16 07:40:30 3C9D34F1F5A2C6867ECC60026F1F6CB7 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-04-16 07:40:29 68996E442920AD397279C3CD2AC37551 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-04-16 07:40:27 B137E42258BCE4D1DA6D7F11C084983A 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-04-16 07:40:27 630FB85EF5FFB7441A7AFB4CC9FC9DB6 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-04-16 07:40:26 9171D1A18B1185A78BA33FEE884B8912 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-04-16 07:40:25 3408F27ABC8B2426481306336F747949 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-04-16 07:40:25 0E98ED153699741D42472B0B429B3434 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-04-16 07:40:23 706A56A863BD5F24FC98EF5E2D0582AD 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-04-16 07:40:23 50B2A19B2FBFEFE0FFC537C1BA6C5DD9 2886144 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-04-16 07:40:20 35B570D079F77FDE5D816CCB2FCE9C98 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-04-16 07:40:19 E935163C8AFFEB519572CEB8AA10E8E1 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-04-16 07:40:17 0DD9381BE8609D889F01812B7EFB1693 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-04-16 07:40:16 8E9A5B0DA4B6DFCD3CB13A69E89417D6 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-04-16 07:40:14 FA10EC0F44A75511D13F9D93184CFC90 14397440 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-04-16 07:40:13 AA0640B3252BB6E9F90715F79EE77399 6025216 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-04-16 07:40:13 93B4EB4C7FF742BB834607B24EEF9F8F 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-04-16 07:40:13 3C9C1ADE982DB6FD77AD19FFE252B80A 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-04-16 07:40:13 3457A873B2246B36F1FF58876841D7FE 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-04-16 07:40:12 E593E891B374088572AD021431EBC38B 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-04-16 07:40:12 77B35D0FC22A2D2EAC8D07C3F9784DBF 2358784 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-04-16 07:40:10 E0B5729CDAD0701839569A16DE68D311 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-04-16 07:40:10 899C731AF8C5FF826DFA6C19D725A355 417280 ----a-w- C:\Windows\Sysnative\html.iec 2015-04-16 07:40:10 58DF183B856803E74BED39550FED0BCE 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-04-16 07:40:09 DBC0C4554A8B2A81F68690D30F12C99E 24980480 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-04-16 07:38:17 404B7DF9CA4D1CB675045AF220FF3285 367552 ----a-w- C:\Windows\Sysnative\clfs.sys 2015-04-16 07:38:16 745DE455E02693423B1B78F448D52961 79360 ----a-w- C:\Windows\Sysnative\clfsw32.dll ====== C:\Windows\Sysnative\drivers ===== 2015-04-16 07:43:25 063C09DB965E3DFD6F4F08416F6DB8F5 95672 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-04-16 07:43:24 1FA627E63195BF3BF636BFEF0D7190D4 155576 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-04-16 07:40:45 F61634BEC53F73702A10DE69F6DCAF57 754688 ----a-w- C:\Windows\Sysnative\drivers\http.sys 2015-04-15 11:06:02 4FB010DEA1028ED0A26F20D2F404210F 256992 -c--a-w- C:\Windows\Sysnative\drivers\avgldx64.sys 2015-04-09 12:11:14 CF87A58828B5709C7D01CEADD7B7CAF6 284128 -c--a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys 2015-04-07 10:39:26 8841668E8396ED578CA283EF2F1D8383 291296 -c--a-w- C:\Windows\Sysnative\drivers\avgtdia.sys 2015-04-03 07:34:12 AE66FB6321D9DEF03B8389214B2AB8D1 137184 -c--a-w- C:\Windows\Sysnative\drivers\avgmfx64.sys ====== C:\Windows\Tasks ====== 2015-04-14 07:56:28 0B42E6B8475421A4EB91CE02142F766F 3006 -c--a-w- C:\Windows\Sysnative\Tasks\{BA89BC60-96E1-439E-95E8-2EEFFCA34B1C} 2015-04-07 12:12:52 0B42E6B8475421A4EB91CE02142F766F 3006 -c--a-w- C:\Windows\Sysnative\Tasks\{1BBE832C-9071-4055-82AA-D43B639AD1BF} 2015-04-07 12:10:45 A8F100E6C2913BF08A9610046E021C44 3062 -c--a-w- C:\Windows\Sysnative\Tasks\{8A43596E-D3C4-4461-B11D-82C707D90BEB} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-04-19 13:44:27 -------- dc----w- C:\PROGRA~2\COMMON~1\Java 2015-04-19 13:43:13 -------- dc----w- C:\PROGRA~2\Java 2015-04-07 13:19:00 -------- dc----w- C:\PROGRA~2\Belgium Identity Card 2015-03-27 09:39:39 -------- dc----w- C:\PROGRA~2\COMMON~1\Skype ======= C: ===== 2015-04-16 18:35:32 49A9C84A5AF88291E953EF98427AA0B7 3624 ------w- C:\bootsqm.dat ====== C:\Users\alain\AppData\Roaming ====== 2015-04-17 10:59:19 -------- dc----w- C:\Users\alain\AppData\Local\ElevatedDiagnostics 2015-04-16 09:20:42 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg ====== C:\Users\alain ====== 2015-04-19 13:43:55 -------- dc----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-04-19 13:26:25 CA8718EB1BB4E8C960253EC10559634F 561576 -c--a-w- C:\Users\alain\Documents\JavaSetup8u45.exe 2015-04-18 07:57:30 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 -c--a-w- C:\Users\alain\Documents\RSITx64.exe 2015-04-06 11:17:20 D41D8CD98F00B204E9800998ECF8427E 0 -c-ha-w- C:\ProgramData\DP45977C.lfl 2015-03-27 09:39:39 -------- dc----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ====== C: exe-files == 2015-04-19 13:51:39 CC02C8B8EF80A4F9C34B08B2E33005AC 1095472 -c--a-w- C:\Users\alain\AppData\Local\Temp\{10851C95-0A38-40F3-ABE1-734EFB00DB26}\Setup.exe 2015-04-19 13:43:55 B175AD07294EB83FD12947B47B009D66 0 -c--a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-04-19 13:43:55 6045943DD4B9731735DB0774B25AE114 0 -c--a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-04-19 13:43:55 12F3D9FC2D1D68BB1C9AF782F94E4CF8 0 -c--a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-04-19 13:43:45 F65FA872AB42C3F0DBDDE26DF9609F5C 159656 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\unpack200.exe 2015-04-19 13:43:45 D7168BCC2877E533EB32E0E00DCEEAE6 51112 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssvagent.exe 2015-04-19 13:43:45 B406B32BDFDE96384C5F0A93D0090403 16296 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\tnameserv.exe 2015-04-19 13:43:44 EEF1E60EE8CD91EB27B465DF7D97D747 16296 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\rmiregistry.exe 2015-04-19 13:43:44 E830232219E9156AF3E7F0ACB1B85FC8 15784 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\ktab.exe 2015-04-19 13:43:44 BDFE80354D388518D8C4E71F2734796D 15784 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\pack200.exe 2015-04-19 13:43:44 B2ED82B1A6ACCED29498BB9BA43D430F 16296 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\servertool.exe 2015-04-19 13:43:44 9A78F5C33E24C55B7025416C79658759 16296 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\orbd.exe 2015-04-19 13:43:44 6EE11615820FCCBC8879FD86DD033515 15784 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\rmid.exe 2015-04-19 13:43:44 57631CADE6FE87A131913D6241A5343A 15784 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\kinit.exe 2015-04-19 13:43:44 33EF14CDCDD35CB53D3C3FCB3C2819CC 15784 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\keytool.exe 2015-04-19 13:43:44 11EEA5DB4A0B073867E3DCBCDBF12118 15784 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\klist.exe 2015-04-19 13:43:44 01E2DB324E5D3C31D1C31D7E3B9748CF 16296 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\policytool.exe 2015-04-19 13:43:43 B175AD07294EB83FD12947B47B009D66 190888 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe 2015-04-19 13:43:43 90D8F0F8665DFE0F5616902F8A0E8561 76712 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe 2015-04-19 13:43:43 7AEB4F5D482E1167E1FE9A726584BCD6 68520 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe 2015-04-19 13:43:43 6045943DD4B9731735DB0774B25AE114 191400 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe 2015-04-19 13:43:43 3C07B66A8BB9F028DC8EB87F84915DF0 15784 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\jjs.exe 2015-04-19 13:43:43 12F3D9FC2D1D68BB1C9AF782F94E4CF8 272296 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaws.exe 2015-04-19 13:43:42 EECA4389069973E098AC4A167D58DC47 30632 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\jabswitch.exe 2015-04-19 13:43:42 C885370364208460FD31001113F2B2A2 15784 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\java-rmi.exe 2015-04-19 13:26:25 CA8718EB1BB4E8C960253EC10559634F 561576 -c--a-w- C:\Users\alain\Documents\JavaSetup8u45.exe 2015-04-19 13:26:09 CA8718EB1BB4E8C960253EC10559634F 561576 -c--a-w- C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JXF4NEG1\JavaSetup8u45[1].exe 2015-04-18 07:57:30 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 -c--a-w- C:\Users\alain\Documents\RSITx64.exe 2015-04-17 08:56:12 6245D6A33D885FBF5C3CFC1EDE8016CC 327632 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgndisa.exe 2015-04-17 08:53:57 A72B5DEFB7B3180F9BA495ED446E4C85 22992 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtestx.exe 2015-04-17 08:53:57 907630704D5D11F0048D1F3F980B57B1 24016 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtesta.exe 2015-04-17 08:53:57 1D055447F781F89576B5587195C333C7 70096 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avguirux.exe 2015-04-17 08:53:57 1B8DB7B913D7EBC6CCB3284D5C197CA0 6472584 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe 2015-04-16 18:46:48 22385EE33688B10B61DA1D8CA9549E4B 120192 -c--a-w- C:\Users\alain\AppData\Local\Temp\clear.fiClient\cabarc.exe 2015-04-16 07:45:22 751C4859FD46A1461B3FB57252F541D8 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2015-04-16 07:45:21 C5D90D20035928387FE27E4485EE463F 36864 ----a-w- C:\Windows\System32\wuapp.exe 2015-04-16 07:45:21 AEA602B4036CF95522818E911654F52E 135168 ----a-w- C:\Windows\System32\wuauclt.exe 2015-04-16 07:44:32 17D815AD21D4325CD589E57A9582E311 70840 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe 2015-04-16 07:43:45 DCB7D8034C773ADB660FA8F1139AC0A0 5557696 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-04-16 07:43:41 11896E75E1A118ABFAD126BEB650A189 3920824 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-04-16 07:43:36 A6A644BFAE31F111F35F8C3C7BA2A8A0 3976632 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-04-16 07:43:30 A32CA33E8692DA882133341AF31A4C36 338432 ----a-w- C:\Windows\System32\conhost.exe 2015-04-16 07:43:28 5E9E31A2F213E757184EB2CA4B562E6C 296960 ----a-w- C:\Windows\System32\rstrui.exe 2015-04-16 07:43:23 0B6514A14631E41DE4D6D40D1C80BE68 112640 ----a-w- C:\Windows\System32\smss.exe 2015-04-16 07:43:22 E6A73ED322D8D0E85589894157F81940 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-04-16 07:43:22 CACB6D061EAAE5CEB9203A26127843AF 64000 ----a-w- C:\Windows\System32\auditpol.exe 2015-04-16 07:43:22 CA4FC33FB22D92368A0B221092B46374 31232 ----a-w- C:\Windows\System32\lsass.exe 2015-04-16 07:43:20 6F8CEB8115737D2E049804B191AE41A9 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-04-16 07:43:07 FC898E44379D877DE92D869E713528CD 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-04-16 07:43:07 53C485BC8BBD41877F58AEB89412F5D7 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-04-16 07:40:38 3278499EBA0DAA54EB4B68F695F0FB43 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2015-04-16 07:40:36 9A9F2AC89AAE40A49D8D474FAD932C37 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2015-04-16 07:40:36 7571102ACD8A82A55D1657CDF96A1A0E 720384 ----a-w- C:\Windows\System32\ie4uinit.exe 2015-04-16 07:40:31 B91D35BF855852C997D8DD5FA4C586A9 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2015-04-16 07:40:30 DACC3142BF6317B7250F319AB435D128 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2015-04-16 07:40:29 B3581F426DC500A51091CDD5BACF0454 815288 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2015-04-16 07:40:28 B7BFB7C2970DF5E779FF729C037BD8E4 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-04-16 07:40:27 630FB85EF5FFB7441A7AFB4CC9FC9DB6 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2015-04-16 07:40:24 F452A51F4004606F714EEB5C278CD376 484864 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2015-04-16 07:40:23 7FBBF54DDE37D80777D8A42F75501B8F 813744 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2015-04-16 07:40:19 E935163C8AFFEB519572CEB8AA10E8E1 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-04-15 11:21:40 ADDD8FF660E3758A4D3C6B47EE71356E 3438032 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe 2015-04-15 11:18:20 1346C4C87969DE076DEB2E0CC551C31B 3029968 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe 2015-04-15 11:17:20 BEE793728636C7E729937D317B5D1F6D 3745232 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgui.exe 2015-04-15 11:16:38 ABCDD4260B6AF7631322ED71D6379779 1517480 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgfws.exe 2015-04-15 11:14:32 A71589CC47234B183EEB55B3D28BD465 702928 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgcsrvx.exe 2015-04-15 11:14:18 A481716402D5F8472DD842AC57657EDF 719312 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgntdumpx.exe 2015-04-15 11:14:12 DC8C94F6A31BDCAEDE40879FACF68674 403224 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe 2015-04-15 11:13:52 358C952EE69196B0E2E8AC4454483BDE 252368 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgcmgr.exe 2015-04-15 11:13:08 936F9BEC51B1E918E54D762FBE5B9281 1312208 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe 2015-04-15 11:11:36 C9CD8B9D6565F825F889813D61DC2A02 340432 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe 2015-04-15 11:11:12 C6EF449BE0765A464F12F4CCC3F6069A 322512 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\fixcfg.exe 2015-04-15 11:10:56 95A260961EB2401BE0FAB69B7A8A049C 311792 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe 2015-04-15 11:10:54 9797E6A49B81ECFE2F3BE9AC9C387718 736152 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgdumpx.exe 2015-04-15 11:10:24 3A3AF3CD916D008D768442B00011D59F 883664 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgntdumpa.exe 2015-04-15 11:10:18 8F2203F525793A7DC8F31067C23C00A1 408528 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgscanx.exe 2015-04-15 11:09:52 79B89F5F284D7CA17FB43C43AC3C222B 1105360 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe 2015-04-15 11:08:36 28FE50D6A8FA1ED5EB99674D63F52561 864208 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe 2015-04-15 11:08:14 76F3C796D8FC92D59852E51D98DEC276 790992 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgemca.exe 2015-04-15 11:07:52 8E1D35F6400562B16EBE0CD5945D322A 906096 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgdumpa.exe 2015-04-15 11:06:22 93A64DFC95315B8D2B51D01BFD501EA9 475600 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgscana.exe 2015-04-15 11:06:18 6A1741BB48E65D46D8D38DC7E7367682 371152 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\avgcomdlga.exe === C: other files == 2015-04-19 13:43:45 34AD992DE8D6023490DB5C9017FAE6E8 14130 -c--a-w- C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\ffjcext.zip 2015-04-18 07:52:35 2518783D12BFBD7535BF3756C30521B3 29184 -c--a-w- C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5R0BV19W\beelden[1].zip 2015-04-16 07:43:25 063C09DB965E3DFD6F4F08416F6DB8F5 95672 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-04-16 07:43:24 1FA627E63195BF3BF636BFEF0D7190D4 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-04-16 07:40:45 F61634BEC53F73702A10DE69F6DCAF57 754688 ----a-w- C:\Windows\System32\drivers\http.sys 2015-04-16 07:38:17 404B7DF9CA4D1CB675045AF220FF3285 367552 ----a-w- C:\Windows\System32\clfs.sys 2015-04-15 11:22:48 86DCA4F5FF18E173B098D66512D23916 1205445 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\banners\banners.zip 2015-04-15 11:06:02 4FB010DEA1028ED0A26F20D2F404210F 256992 -c--a-w- C:\Windows\System32\drivers\avgldx64.sys 2015-04-15 11:06:02 4FB010DEA1028ED0A26F20D2F404210F 256992 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\Drivers\avgldx64.sys 2015-04-15 11:05:06 5897D0F8F83A9FD81F48F64324221EC9 206816 -c--a-w- C:\Program Files (x86)\AVG\AVG2015\Drivers\avgldx86.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "SkyDrive"="\"C:\\Users\\alain\\AppData\\Local\\Microsoft\\SkyDrive\\SkyDrive.exe\" /background" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeMovieService" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer\\clear.fi\\Movie\\clear.fiMovieService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonQuickMenu] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonQuickMenu" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\Quick Menu\\CNQMMAIN.EXE /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Advanced Audio v2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dolby Advanced Audio v2" "hkey"="HKLM" "command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecPMMUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX210 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EPSON SX210 Series" "hkey"="HKCU" "command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIFDE.EXE /FU \"C:\\Users\\alain\\AppData\\Local\\Temp\\E_S145B.tmp\" /EF \"HKCU\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\alain\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IJNetworkScannerSelectorEX] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IJNetworkScannerSelectorEX" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\IJ Network Scanner Selector EX\\CNMNSST.exe /FORCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LManager" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Management] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Power Management" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE4" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SuiteTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^alain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "item"="Dropbox" "path"="C:\\Users\\alain\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\alain\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_EB_RPCV4_01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_PM_RPCV4_01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VmbService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "MSC"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" ==== Startup Folders ====================== 2015-04-14 06:32:56 1139 -c--a-w- C:\Users\alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a--c--- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2015 15:48] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core.job --a--c--- C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/02/2013 14:13] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA.job --a--c--- C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/02/2013 14:13] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a--c--- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/10/2012 07:53] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a--c--- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/10/2012 07:53] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"] "C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core" [C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA" [C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\alain\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{97AA51C9-AC69-4524-B564-DB6C5E236309}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{0D8EF99F-AF1D-4A05-8A55-978FB2AE2594}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\{1137D312-D604-40E6-80D4-64945D0C9DCB}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{1BBE832C-9071-4055-82AA-D43B639AD1BF}" [C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\SimEdit.exe] "C:\Windows\SysNative\tasks\{1E86B152-0279-4C4A-B3F7-BF4C47CCD9C2}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{37415A4E-3F55-412F-A600-E2EE497A832D}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{831227B2-235C-419D-A532-F99F94993806}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{8E2D9D37-81B1-438C-93A9-B73D30E01F35}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{AF454F46-4C32-4E2E-BCF4-563D25CB09BC}" [C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE] "C:\Windows\SysNative\tasks\{BA89BC60-96E1-439E-95E8-2EEFFCA34B1C}" [C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\SimEdit.exe] "C:\Windows\SysNative\tasks\{BAF2D979-D8DC-47F1-A257-4EAB52E461BF}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{CA4BF9A3-5B8D-473D-8610-5639D3C97E87}" [C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE] "C:\Windows\SysNative\tasks\{CADF8D62-B9C9-4A4D-A65D-35A3A9705C6E}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{CDDEFDED-A3AD-41AD-B8CC-3802F4328783}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{E7E3EE23-A1FA-496C-B7CF-DC47F484AFB9}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{E9764320-6B91-4284-B9B7-3184EBBE7639}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{EA946BB5-03C2-4352-8CD3-C37E263CBB05}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\i4emk1mu.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Undetermined - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== Profilepath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\2ts6yhzr.default FF0D6F82A0EC13952E83B9439100E45D - C:\Users\alain\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 506C758195FD6F4F1594C0F1B1E32A15 - C:\ProgramData\Kortingzoeker\FFExtension20131010193222\plugins\npdf.dll - MoneyMillionaire plugin 4F26678A032868EA584431944FB2E6C7 - C:\Users\alain\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll - Microsoft Office 2013 Profilepath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\i4emk1mu.default 506C758195FD6F4F1594C0F1B1E32A15 - C:\ProgramData\Kortingzoeker\FFExtension20131010193222\plugins\npdf.dll - MoneyMillionaire plugin 4F26678A032868EA584431944FB2E6C7 - C:\Users\alain\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll - Microsoft Office 2013 FF0D6F82A0EC13952E83B9439100E45D - C:\Users\alain\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Chromium Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://bing.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://bing.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {20711F84-BDC0-4ABF-84DA-B974A90FDD74} Bing Url="http://www.bing.com/search?FORM=AARBDF&PC=MAAR&q={searchTerms}&src=IE-SearchBox" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iWisoft Free Video Converter_is1 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dolby Advanced Audio v2 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Startup: Dropbox.lnk = alain\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Cody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Cody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\alain\AppData\Local\Mozilla\Firefox\Profiles\i4emk1mu.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\alain\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=21 folders=21 14107503 bytes) ==== Empty Temp Folders ====================== C:\Users\alain\AppData\Local\Temp will be emptied at reboot C:\Users\Cody\AppData\Local\Temp emptied successfully C:\Users\Gast\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\alain\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 19/04/2015 at 17:36:26,86 ======================

Logfile of random's system information tool 1.10 (written by random/random) Run by alain at 2015-04-18 09:58:20 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 472 GB (79%) free of 595 GB Total RAM: 3563 MB (56% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:58:33, on 18/04/2015 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17728) Boot mode: Normal Running processes: C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Users\alain\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingBar.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe C:\Program Files\trend micro\alain.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Startup: Dropbox.lnk = alain\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11302 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe c:\PROGRA~2\AVG\AVG2015\avgrsa.exe /boot C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe /pipeName=c2feea3f-0200-0000-9580-2a45f179e663 /binaryPath="C:\Program Files (x86)\AVG\AVG2015\" %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe winlogon.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "c:\Program Files\Microsoft Security Client\MsMpEng.exe" C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService atieclxx C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService "C:\Program Files (x86)\AVG\AVG2015\avgfws.exe" "C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe" "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" "C:\Program Files (x86)\Launch Manager\dsiwmis.exe" "C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE" "C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window "C:\Program Files\Acer\Acer Updater\UpdaterService.exe" "C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe" "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "taskhost.exe" "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" WLIDSvcM.exe 2916 "C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe" "C:\Program Files (x86)\AVG\AVG2015\avgemca.exe" C:\Windows\system32\PrintIsolationHost.exe -Embedding taskeng.exe {395CF8A7-E5F6-4729-B945-EC3A903D5C7B} "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe" "C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" C:\Windows\System32\alg.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-2c92f586-d8d4-49b1-8cd4-e4db6a383ce6 -SystemEventPortName:HostProcess-c79a17f5-6372-4050-9c7f-ebe29c5decbf -IoCancelEventPortName:HostProcess-563b4ca9-e714-4d38-9356-1084813e2e79 -NonStateChangingEventPortName:HostProcess-f8de426d-6465-4870-bb30-f98097c79119 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ef134607-f329-487e-bc85-1b7384df98b7 -DeviceGroupId:WpdFsGroup "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Users\alain\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files\Windows Media Player\wmpnetwk.exe" "c:\Program Files\Microsoft Security Client\NisSrv.exe" ctfmon.exe "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5812 CREDAT:267521 /prefetch:2 "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe" -Embedding "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingBar.exe" -Embedding C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe" -Embedding "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe" -Embedding "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe" -Embedding "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe" -Embedding "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0 C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe -Embedding C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\system32\svchost.exe -k SDRSVC "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe" "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5812 CREDAT:3937564 /prefetch:2 "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe" -Embedding "C:\Users\alain\Documents\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core.job - C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA.job - C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24 209504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}] SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14 81024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-06 256456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12 1154720] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24 176736] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}] SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14 69760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23 460712] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-06 194504] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12 1431712] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23 172968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12 1154720] {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24 6126680] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-06 256456] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12 1431712] {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24 4438104] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-06 194504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30 1332296] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-11 13776088] "RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-11 1391472] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-03-05 39408] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [2011-02-18 177448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2013-05-02 1282120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe -autostart [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-09-18 407920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-09-18 201584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE [2008-11-06 223232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-12 138096] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2013-02-19 453736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [2011-03-31 1092688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-11 1391472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-11 13776088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2010-09-28 340336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-03-05 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^alain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] C:\Users\alain\AppData\Roaming\Dropbox\bin\Dropbox.exe [2015-04-02 43382072] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"=C:\Program Files (x86)\AVG\AVG2015\avgui.exe [2015-04-15 3745232] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-09-15 767200] C:\Users\alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\alain\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2015-04-18 09:58:20 ----DC---- C:\rsit 2015-04-18 09:48:30 ----AC---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe 2015-04-16 20:48:27 ----AC---- C:\Windows\SYSWOW64\sho903D.tmp 2015-04-16 20:35:32 ----N---- C:\bootsqm.dat 2015-04-16 09:45:22 ----A---- C:\Windows\SYSWOW64\wudriver.dll 2015-04-16 09:45:22 ----A---- C:\Windows\SYSWOW64\wuapp.exe 2015-04-16 09:45:21 ----A---- C:\Windows\SYSWOW64\wuwebv.dll 2015-04-16 09:45:21 ----A---- C:\Windows\SYSWOW64\wups.dll 2015-04-16 09:45:21 ----A---- C:\Windows\SYSWOW64\wuapi.dll 2015-04-16 09:45:21 ----A---- C:\Windows\system32\wuauclt.exe 2015-04-16 09:45:21 ----A---- C:\Windows\system32\wuapp.exe 2015-04-16 09:45:21 ----A---- C:\Windows\system32\wuapi.dll 2015-04-16 09:45:21 ----A---- C:\Windows\system32\WinSetupUI.dll 2015-04-16 09:45:20 ----A---- C:\Windows\system32\wuwebv.dll 2015-04-16 09:45:20 ----A---- C:\Windows\system32\wups2.dll 2015-04-16 09:45:20 ----A---- C:\Windows\system32\wups.dll 2015-04-16 09:45:20 ----A---- C:\Windows\system32\wudriver.dll 2015-04-16 09:45:20 ----A---- C:\Windows\system32\wucltux.dll 2015-04-16 09:45:20 ----A---- C:\Windows\system32\wuaueng.dll 2015-04-16 09:45:20 ----A---- C:\Windows\system32\wu.upgrade.ps.dll 2015-04-16 09:44:34 ----A---- C:\Windows\system32\appraiser.dll 2015-04-16 09:44:34 ----A---- C:\Windows\system32\acmigration.dll 2015-04-16 09:44:33 ----A---- C:\Windows\system32\invagent.dll 2015-04-16 09:44:33 ----A---- C:\Windows\system32\generaltel.dll 2015-04-16 09:44:33 ----A---- C:\Windows\system32\devinv.dll 2015-04-16 09:44:33 ----A---- C:\Windows\system32\aeinv.dll 2015-04-16 09:44:28 ----A---- C:\Windows\system32\aepic.dll 2015-04-16 09:44:28 ----A---- C:\Windows\system32\aepdu.dll 2015-04-16 09:44:22 ----A---- C:\Windows\system32\gdi32.dll 2015-04-16 09:44:20 ----A---- C:\Windows\SYSWOW64\gdi32.dll 2015-04-16 09:44:10 ----A---- C:\Windows\SYSWOW64\msxml3.dll 2015-04-16 09:44:10 ----A---- C:\Windows\system32\msxml3.dll 2015-04-16 09:44:07 ----A---- C:\Windows\SYSWOW64\msxml3r.dll 2015-04-16 09:44:07 ----A---- C:\Windows\system32\msxml3r.dll 2015-04-16 09:43:45 ----A---- C:\Windows\system32\ntoskrnl.exe 2015-04-16 09:43:44 ----A---- C:\Windows\system32\ntdll.dll 2015-04-16 09:43:43 ----A---- C:\Windows\SYSWOW64\ntdll.dll 2015-04-16 09:43:43 ----A---- C:\Windows\system32\KernelBase.dll 2015-04-16 09:43:43 ----A---- C:\Windows\system32\kernel32.dll 2015-04-16 09:43:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2015-04-16 09:43:36 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2015-04-16 09:43:35 ----A---- C:\Windows\system32\schannel.dll 2015-04-16 09:43:34 ----A---- C:\Windows\SYSWOW64\kernel32.dll 2015-04-16 09:43:34 ----A---- C:\Windows\system32\wow64win.dll 2015-04-16 09:43:32 ----A---- C:\Windows\system32\lsasrv.dll 2015-04-16 09:43:31 ----A---- C:\Windows\SYSWOW64\schannel.dll 2015-04-16 09:43:30 ----A---- C:\Windows\system32\wow64.dll 2015-04-16 09:43:30 ----A---- C:\Windows\system32\srcore.dll 2015-04-16 09:43:30 ----A---- C:\Windows\system32\conhost.exe 2015-04-16 09:43:29 ----A---- C:\Windows\SYSWOW64\kerberos.dll 2015-04-16 09:43:29 ----A---- C:\Windows\system32\winsrv.dll 2015-04-16 09:43:28 ----A---- C:\Windows\system32\rstrui.exe 2015-04-16 09:43:28 ----A---- C:\Windows\system32\kerberos.dll 2015-04-16 09:43:26 ----A---- C:\Windows\SYSWOW64\msv1_0.dll 2015-04-16 09:43:25 ----A---- C:\Windows\system32\wdigest.dll 2015-04-16 09:43:25 ----A---- C:\Windows\system32\msv1_0.dll 2015-04-16 09:43:25 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2015-04-16 09:43:24 ----A---- C:\Windows\SYSWOW64\ncrypt.dll 2015-04-16 09:43:24 ----A---- C:\Windows\system32\ncrypt.dll 2015-04-16 09:43:24 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2015-04-16 09:43:23 ----A---- C:\Windows\SYSWOW64\TSpkg.dll 2015-04-16 09:43:23 ----A---- C:\Windows\system32\TSpkg.dll 2015-04-16 09:43:23 ----A---- C:\Windows\system32\sspicli.dll 2015-04-16 09:43:23 ----A---- C:\Windows\system32\smss.exe 2015-04-16 09:43:22 ----A---- C:\Windows\SYSWOW64\wdigest.dll 2015-04-16 09:43:22 ----A---- C:\Windows\SYSWOW64\setup16.exe 2015-04-16 09:43:22 ----A---- C:\Windows\system32\lsass.exe 2015-04-16 09:43:22 ----A---- C:\Windows\system32\auditpol.exe 2015-04-16 09:43:20 ----A---- C:\Windows\SYSWOW64\auditpol.exe 2015-04-16 09:43:20 ----A---- C:\Windows\system32\srclient.dll 2015-04-16 09:43:19 ----A---- C:\Windows\SYSWOW64\srclient.dll 2015-04-16 09:43:19 ----A---- C:\Windows\system32\ntvdm64.dll 2015-04-16 09:43:19 ----A---- C:\Windows\system32\csrsrv.dll 2015-04-16 09:43:18 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll 2015-04-16 09:43:18 ----A---- C:\Windows\system32\sspisrv.dll 2015-04-16 09:43:18 ----A---- C:\Windows\system32\secur32.dll 2015-04-16 09:43:18 ----A---- C:\Windows\system32\credssp.dll 2015-04-16 09:43:17 ----A---- C:\Windows\SYSWOW64\secur32.dll 2015-04-16 09:43:17 ----A---- C:\Windows\SYSWOW64\KernelBase.dll 2015-04-16 09:43:17 ----A---- C:\Windows\SYSWOW64\credssp.dll 2015-04-16 09:43:17 ----A---- C:\Windows\system32\wow64cpu.dll 2015-04-16 09:43:16 ----A---- C:\Windows\SYSWOW64\wow32.dll 2015-04-16 09:43:16 ----A---- C:\Windows\SYSWOW64\sspicli.dll 2015-04-16 09:43:15 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-04-16 09:43:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll 2015-04-16 09:43:14 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-04-16 09:43:14 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-04-16 09:43:14 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-16 09:43:14 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-04-16 09:43:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-16 09:43:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-04-16 09:43:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll 2015-04-16 09:43:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-16 09:43:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-04-16 09:43:13 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-16 09:43:13 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-04-16 09:43:13 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-04-16 09:43:13 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-16 09:43:13 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-04-16 09:43:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-16 09:43:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-16 09:43:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-16 09:43:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-04-16 09:43:12 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-16 09:43:12 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-16 09:43:12 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-16 09:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-04-16 09:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-16 09:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll 2015-04-16 09:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-16 09:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-04-16 09:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-04-16 09:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-04-16 09:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-16 09:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-16 09:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-04-16 09:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-16 09:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-04-16 09:43:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-16 09:43:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-04-16 09:43:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-16 09:43:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-04-16 09:43:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-04-16 09:43:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-04-16 09:43:10 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-04-16 09:43:10 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-04-16 09:43:10 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-04-16 09:43:10 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-16 09:43:10 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-04-16 09:43:10 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-04-16 09:43:10 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-04-16 09:43:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll 2015-04-16 09:43:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-04-16 09:43:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll 2015-04-16 09:43:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-16 09:43:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-04-16 09:43:09 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-04-16 09:43:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll 2015-04-16 09:43:07 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-04-16 09:43:07 ----A---- C:\Windows\SYSWOW64\user.exe 2015-04-16 09:43:07 ----A---- C:\Windows\SYSWOW64\instnm.exe 2015-04-16 09:43:07 ----A---- C:\Windows\SYSWOW64\apisetschema.dll 2015-04-16 09:43:07 ----A---- C:\Windows\system32\apisetschema.dll 2015-04-16 09:43:05 ----A---- C:\Windows\SYSWOW64\adtschema.dll 2015-04-16 09:43:05 ----A---- C:\Windows\system32\adtschema.dll 2015-04-16 09:43:03 ----A---- C:\Windows\SYSWOW64\msobjs.dll 2015-04-16 09:43:03 ----A---- C:\Windows\SYSWOW64\msaudite.dll 2015-04-16 09:43:03 ----A---- C:\Windows\system32\msobjs.dll 2015-04-16 09:43:03 ----A---- C:\Windows\system32\msaudite.dll 2015-04-16 09:40:45 ----A---- C:\Windows\system32\drivers\http.sys 2015-04-16 09:40:38 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2015-04-16 09:40:38 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2015-04-16 09:40:38 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2015-04-16 09:40:38 ----A---- C:\Windows\system32\ieetwproxystub.dll 2015-04-16 09:40:38 ----A---- C:\Windows\system32\ieetwcollector.exe 2015-04-16 09:40:37 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll 2015-04-16 09:40:36 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll 2015-04-16 09:40:36 ----A---- C:\Windows\system32\iernonce.dll 2015-04-16 09:40:36 ----A---- C:\Windows\system32\ie4uinit.exe 2015-04-16 09:40:35 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2015-04-16 09:40:35 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2015-04-16 09:40:33 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2015-04-16 09:40:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2015-04-16 09:40:33 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2015-04-16 09:40:33 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-04-16 09:40:31 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2015-04-16 09:40:31 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2015-04-16 09:40:30 ----A---- C:\Windows\system32\urlmon.dll 2015-04-16 09:40:30 ----A---- C:\Windows\system32\iedkcs32.dll 2015-04-16 09:40:29 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2015-04-16 09:40:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2015-04-16 09:40:29 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2015-04-16 09:40:28 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2015-04-16 09:40:28 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2015-04-16 09:40:27 ----A---- C:\Windows\SYSWOW64\ieui.dll 2015-04-16 09:40:27 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2015-04-16 09:40:27 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2015-04-16 09:40:27 ----A---- C:\Windows\system32\dxtrans.dll 2015-04-16 09:40:26 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2015-04-16 09:40:26 ----A---- C:\Windows\system32\msfeeds.dll 2015-04-16 09:40:25 ----A---- C:\Windows\system32\iesetup.dll 2015-04-16 09:40:25 ----A---- C:\Windows\system32\ieapfltr.dll 2015-04-16 09:40:23 ----A---- C:\Windows\system32\iertutil.dll 2015-04-16 09:40:22 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll 2015-04-16 09:40:21 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2015-04-16 09:40:21 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2015-04-16 09:40:20 ----A---- C:\Windows\SYSWOW64\wininet.dll 2015-04-16 09:40:20 ----A---- C:\Windows\system32\jsproxy.dll 2015-04-16 09:40:19 ----A---- C:\Windows\system32\ieUnatt.exe 2015-04-16 09:40:18 ----A---- C:\Windows\SYSWOW64\msrating.dll 2015-04-16 09:40:17 ----A---- C:\Windows\system32\dxtmsft.dll 2015-04-16 09:40:16 ----A---- C:\Windows\system32\ieui.dll 2015-04-16 09:40:14 ----A---- C:\Windows\system32\ieframe.dll 2015-04-16 09:40:13 ----A---- C:\Windows\system32\mshtmlmedia.dll 2015-04-16 09:40:13 ----A---- C:\Windows\system32\mshtmled.dll 2015-04-16 09:40:13 ----A---- C:\Windows\system32\jscript9diag.dll 2015-04-16 09:40:13 ----A---- C:\Windows\system32\jscript9.dll 2015-04-16 09:40:12 ----A---- C:\Windows\system32\wininet.dll 2015-04-16 09:40:12 ----A---- C:\Windows\system32\vbscript.dll 2015-04-16 09:40:10 ----A---- C:\Windows\system32\msrating.dll 2015-04-16 09:40:10 ----A---- C:\Windows\system32\MshtmlDac.dll 2015-04-16 09:40:09 ----A---- C:\Windows\system32\mshtml.dll 2015-04-16 09:38:17 ----A---- C:\Windows\system32\clfs.sys 2015-04-16 09:38:16 ----A---- C:\Windows\system32\clfsw32.dll 2015-04-16 09:38:15 ----A---- C:\Windows\SYSWOW64\clfsw32.dll 2015-04-15 13:06:02 ----AC---- C:\Windows\system32\drivers\avgldx64.sys 2015-04-09 14:11:14 ----AC---- C:\Windows\system32\drivers\avgidsdrivera.sys 2015-04-07 15:19:00 ----DC---- C:\Program Files (x86)\Mozilla Firefox 2015-04-07 15:19:00 ----DC---- C:\Program Files (x86)\Belgium Identity Card 2015-04-07 14:08:45 ----DC---- C:\Windows\Cache 2015-04-07 13:45:18 ----RAC---- C:\Windows\SYSWOW64\drivers\RtsUIr.sys 2015-04-07 13:45:18 ----RAC---- C:\Windows\SYSWOW64\drivers\RtsUCcid.sys 2015-04-07 12:39:26 ----AC---- C:\Windows\system32\drivers\avgtdia.sys 2015-04-06 13:18:34 ----SDC---- C:\Windows\SYSWOW64\GWX 2015-04-06 13:18:33 ----SDC---- C:\Windows\system32\GWX 2015-04-03 09:34:12 ----AC---- C:\Windows\system32\drivers\avgmfx64.sys 2015-03-27 11:36:34 ----A---- C:\Windows\system32\aepic(129).dll 2015-03-20 12:18:18 ----AC---- C:\Windows\system32\drivers\avgrkx64.sys 2015-03-19 13:50:21 ----AC---- C:\Windows\SYSWOW64\shoFD44.tmp ======List of files/folders modified in the last 1 month====== 2015-04-18 09:58:31 ----DC---- C:\Program Files\trend micro 2015-04-18 09:58:28 ----DC---- C:\Windows\Temp 2015-04-18 09:48:30 ----DC---- C:\Windows\SysWOW64 2015-04-18 09:45:54 ----DC---- C:\Windows\system32\config 2015-04-18 09:20:02 ----DC---- C:\ProgramData\MFAData 2015-04-18 09:19:21 ----DC---- C:\ProgramData\clear.fi 2015-04-18 09:18:24 ----DC---- C:\Users\alain\AppData\Roaming\Dropbox 2015-04-18 09:15:50 ----DC---- C:\Windows\tracing 2015-04-18 09:12:47 ----DC---- C:\Windows\system32\wbem 2015-04-18 09:12:47 ----DC---- C:\Windows 2015-04-18 09:10:29 ----DC---- C:\drivers 2015-04-18 09:10:28 ----RDC---- C:\Program Files (x86)\Skype 2015-04-18 09:10:28 ----HDC---- C:\Program Files (x86)\InstallShield Installation Information 2015-04-18 09:10:28 ----DC---- C:\Program Files\Internet Explorer 2015-04-18 09:10:28 ----DC---- C:\Program Files (x86)\Internet Explorer 2015-04-18 09:10:28 ----DC---- C:\Program Files (x86)\Common Files 2015-04-18 09:10:27 ----DC---- C:\ProgramData\Skype 2015-04-18 09:10:09 ----SDC---- C:\Users\alain\AppData\Roaming\Microsoft 2015-04-18 09:10:09 ----DC---- C:\Users\alain\AppData\Roaming\PowerCinema 2015-04-18 09:10:09 ----DC---- C:\Users\alain\AppData\Roaming\FreeFLVConverter 2015-04-18 09:10:09 ----DC---- C:\Users\alain\AppData\Roaming\DVDVideoSoft 2015-04-18 09:10:08 ----DC---- C:\Windows\AppPatch 2015-04-18 09:10:08 ----DC---- C:\Windows\AppCompat 2015-04-18 09:10:06 ----DC---- C:\Windows\inf 2015-04-18 09:10:05 ----SHDC---- C:\Windows\Installer 2015-04-18 09:10:02 ----DC---- C:\Windows\pss 2015-04-18 09:10:02 ----DC---- C:\Windows\PolicyDefinitions 2015-04-18 09:10:02 ----D---- C:\Windows\rescache 2015-04-18 09:09:58 ----SDC---- C:\Windows\system32\CompatTel 2015-04-18 09:09:58 ----DC---- C:\Windows\system32\drivers\UMDF 2015-04-18 09:09:58 ----DC---- C:\Windows\system32\drivers\etc 2015-04-18 09:09:58 ----DC---- C:\Windows\system32\drivers 2015-04-18 09:09:58 ----DC---- C:\Windows\system32\CodeIntegrity 2015-04-18 09:09:58 ----DC---- C:\Windows\system32\catroot2 2015-04-18 09:09:58 ----DC---- C:\Windows\system32\appraiser 2015-04-18 09:09:58 ----DC---- C:\Windows\System32 2015-04-18 09:09:58 ----D---- C:\Windows\system32\DriverStore 2015-04-18 09:09:57 ----DC---- C:\Windows\system32\wfp 2015-04-18 09:09:57 ----DC---- C:\Windows\system32\Tasks 2015-04-18 09:09:57 ----DC---- C:\Windows\system32\nl-NL 2015-04-18 09:09:57 ----DC---- C:\Windows\system32\NDF 2015-04-18 09:09:57 ----DC---- C:\Windows\system32\en-US 2015-04-18 09:09:56 ----DC---- C:\Windows\SYSWOW64\sda 2015-04-18 09:09:56 ----DC---- C:\Windows\SYSWOW64\RTCOM 2015-04-18 09:09:56 ----DC---- C:\Windows\SYSWOW64\nl-NL 2015-04-18 09:09:56 ----DC---- C:\Windows\SYSWOW64\en-US 2015-04-18 09:09:56 ----DC---- C:\Windows\SYSWOW64\drivers 2015-04-18 09:09:55 ----DC---- C:\Windows\Tasks 2015-04-18 09:09:55 ----DC---- C:\Windows\SYSWOW64\wbem 2015-04-18 09:09:55 ----D---- C:\Windows\winsxs 2015-04-18 09:09:17 ----D---- C:\Windows\registration 2015-04-18 08:50:44 ----SHD---- C:\System Volume Information 2015-04-18 08:49:42 ----AC---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2015-04-17 12:06:28 ----RDC---- C:\Program Files 2015-04-17 12:03:13 ----DC---- C:\Program Files (x86)\Mobistar Internet Everywhere 2015-04-17 12:01:53 ----DC---- C:\Program Files (x86) 2015-04-17 12:00:45 ----DC---- C:\DOLBY PCEE4 2015-04-17 11:40:34 ----DC---- C:\Windows\Microsoft.NET 2015-04-17 11:40:32 ----RSDC---- C:\Windows\assembly 2015-04-17 11:00:07 ----DC---- C:\Windows\system32\catroot 2015-04-16 20:37:03 ----DC---- C:\Windows\debug 2015-04-16 16:53:34 ----DC---- C:\Windows\SoftwareDistribution 2015-04-16 11:49:59 ----DC---- C:\Users\alain\AppData\Roaming\QuickScan 2015-04-16 11:49:58 ----ADC---- C:\ProgramData\Temp 2015-04-16 11:49:57 ----DC---- C:\Windows\system32\sysprep 2015-04-16 11:19:39 ----DC---- C:\Users\alain\AppData\Roaming\AVG 2015-04-16 11:18:41 ----DC---- C:\Program Files (x86)\AVG 2015-04-16 11:13:08 ----DC---- C:\ProgramData\AVG 2015-04-16 10:40:07 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI 2015-04-16 10:39:55 ----A---- C:\Windows\system32\PerfStringBackup.INI 2015-04-16 10:36:26 ----DC---- C:\Windows\system32\MRT 2015-04-16 10:29:18 ----A---- C:\Windows\system32\MRT.exe 2015-04-14 10:01:12 ----DC---- C:\Program Files (x86)\Realtek 2015-04-14 08:32:40 ----AC---- C:\Windows\wininit.ini 2015-04-13 18:59:36 ----DC---- C:\Users\alain\AppData\Roaming\Skype 2015-04-13 18:55:20 ----DC---- C:\Users\alain\AppData\Roaming\Vodafone 2015-04-13 18:55:19 ----DC---- C:\Users\alain\AppData\Roaming\TuneUp Software 2015-04-13 18:55:15 ----DC---- C:\Users\alain\AppData\Roaming\SoftGrid Client 2015-04-13 18:55:13 ----DC---- C:\Users\alain\AppData\Roaming\Mozilla 2015-04-13 18:55:10 ----DC---- C:\Users\alain\AppData\Roaming\FLEXnet 2015-04-13 18:54:38 ----DC---- C:\Users\alain\AppData\Roaming\AVG2015 2015-04-13 18:54:38 ----DC---- C:\Users\alain\AppData\Roaming\Adobe 2015-04-13 18:52:38 ----HDC---- C:\ProgramData 2015-04-13 18:52:26 ----DC---- C:\ProgramData\AVG2015 2015-04-12 12:11:50 ----DC---- C:\Windows\Prefetch 2015-04-06 13:18:59 ----DC---- C:\Windows\Logs 2015-04-03 13:12:48 ----DC---- C:\ProgramData\CanonIJPLM ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2015-03-11 213984] R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2015-03-11 344544] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2015-04-03 137184] R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2015-03-20 40928] R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-11-15 274696] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2015-03-11 162784] R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2015-03-20 67040] R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2015-04-09 284128] R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2015-04-15 256992] R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2015-04-07 291296] R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2014-03-21 49952] R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2011-05-20 22912] R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2011-05-20 20328] R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-05-20 62584] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 124560] R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-21 146432] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-09-16 16750080] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-09-15 576000] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-03-17 2712064] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2014-06-21 94720] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-12-11 4351960] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424] R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432] R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144] R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840] R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208] R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408] R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-15 47232] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 A38CCID;CCID USB Smart Card Reader; C:\Windows\system32\DRIVERS\a38ccid.sys [2014-05-14 62592] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-12-30 117248] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-09-12 57856] S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-06-10 98816] S3 huawei_cdcecm;huawei_cdcecm; C:\Windows\system32\DRIVERS\ew_jucdcecm.sys [2010-12-30 54784] S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-06-10 86016] S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2011-06-10 28672] S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2011-06-10 213504] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [] S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [] S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208] S3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista; C:\Windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-24 19456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-11-13 56832] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] S3 usbrndis6;USB RNDIS6-adapter; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 19968] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496] S3 WinUsb;WinUsb-stuurprogramma; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-09-16 239616] R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-09-15 344064] R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [2015-04-15 1517480] R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-04-15 3438032] R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-04-15 311792] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088] R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504] R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-03-31 352848] R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2013-05-14 140936] R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-01-30 23784] R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832] R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480] R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-12 247968] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-01-30 366512] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528] S2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-12 193696] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 116648] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18 267440] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-03-04 655624] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 116648] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-10-09 194032] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-04-16 114688] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-05 1255736] S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864] S4 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912] S4 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552] S4 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [2007-12-17 163840] S4 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464] S4 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-01-18 39528] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944] -----------------EOF-----------------

Beste Clarkie, Heb eerst AVG Tune-up verwijderd. De computer herop gestart. Dan heb ik een systeemherstel gedaan zonder resultaat. Heb geprobeerd met antivirus en zonder. Geen van beide kon de laptop naar een eerder herstelpunt brengen. Heb de handleiding van de card reader geprobeerd. Zowel automatisch als manueel. Ook zonder resultaat. Hij erkend zelfs de kaartlezer niet in apparaatbeheer. Vind hem nergens terug. Geprobeerd in USB 1.0 als USB2.0. Ook is de computer erg traag geworden. Ten einde raad. Pffff. Mvg Alain

Beste, Ik heb geprobeerd om een EID kaart lezer te instaleren maar deze lukt mij niet. Nog 10 tallen keren programma erop en weer eraf, opnieuw opstarten, FIX-IT geprobeerd, Apparaatbeheer open gedaan onder "draagbare apparaten" zoeken naar stuurprogramma's maar te vergeefs. Geen resultaat! Ook heb ik het programma verwijderd en ook zonder resultaat. Bijna dagelijks laat ik het programma CC-Cleaner lopen. Hier heb ik ook geen resultaat bij. Ook heb ik , Klik op "QuickInstall" hieronder om de eID-software 4.0.7 voor Windows te installeren. QuickInstall v407.7466 (EXE, 43.75 MB), geïnstalleerd . Deze heb ik ook geïnstalleerd , Indien u beschikt over een kaart met 10 jaar geldigheid, download dan de laatste versie van de software hier. Zelfs deze manuele procedure. Windows manuele procedureWindows XP: SP3 is noodzakelijk. Installeer alle updates van Windows: http://windowsupdate.microsoft.com Installeer de laatste versie van de eID software op onze site: 32-bit (EXE, 16.42 MB) 64-bit (EXE, 18.08 MB) Toekomstige versie 32-bit (EXE, 16.42 MB) Toekomstige versie 64-bit (EXE, 18.08 MB) Herstart uw computer. Probeer de kaart uit te lezen met de eID Viewer. Als dat niet lukt: installeer de driver van je kaartlezer. Heb dan AVG Tune-Up geïnstalleerd maar ook zonder resultaat. Telkens krijg ik de melding dat er problemen zijn met het stuurprogramma "stuurprogramma voor Microsoft WPD beveiligde-opslagwachtwoord. Heb bij zus de smard card reader ook proberen te instaleren en dat is perfect gelukt (zij werkt met Windows Vista) Ben ten einde raad. Hoop dat jullie mij kunnen helpen MVG Lauwers Alain.

Beste Kape, Super bedankt voor je hulp. Hij werkt weer perfect! Mvg Alain.

Beste Kape, Hij gedraagt zich veel beter en is ook vlugger. Hoop dat zo blijft. Misschien nog eens een CC Cleaner doen? Mvg Alain.

# AdwCleaner v3.309 - Rapport aangemaakt 08/09/2014 op 05:56:38 # Laatste Update 02/09/2014 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruikersnaam : alain - ALAIN-PC # Gestart vanuit : C:\Users\alain\Desktop\adwcleaner_3.309.exe # Optie : Verwijderen ***** [ Services ] ***** ***** [ Bestanden / Mappen ] ***** Map Verwijderd : C:\Program Files (x86)\FlvPlayer ***** [ Taken ] ***** Taak Verwijderd : EPUpdater Taak Verwijderd : Express FilesUpdate Taak Verwijderd : pricemeterdownloader ***** [ Snelkoppelingen ] ***** ***** [ Register ] ***** Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\PriceMeterLiveUpdate.exe Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0 Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{126C78A0-36E7-4697-A3AB-32706144398B} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{8D73A258-9787-4AE7-9232-41036673FD0E} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{00A154AE-6C33-4F1E-9057-242350540936} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{8D73A258-9787-4AE7-9232-41036673FD0E} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89449F37-4AB2-46ED-A566-BB3A7797701B} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F509ADC2-B40E-470F-A7B7-45191486B5CB} Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Sleutel Verwijderd : HKCU\Software\PriceMeterLiveUpdate Sleutel Verwijderd : HKCU\Software\PriceMeterUpdater Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Re_Markit Sleutel Verwijderd : HKLM\SOFTWARE\PriceMeterLiveUpdate Sleutel Verwijderd : HKLM\SOFTWARE\Vittalia Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17239 -\\ Mozilla Firefox v -\\ Google Chrome v [ Bestand : C:\Users\alain\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [5248 octets] - [08/09/2014 05:52:54] AdwCleaner[s0].txt - [5019 octets] - [08/09/2014 05:56:38] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5079 octets] ##########

Zoek.exe v5.0.0.0 Updated 07-September-2014 Tool run by alain on zo 07/09/2014 at 23:49:36,92. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\alain\Documents\alain\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-09-07-110758.log 34148 bytes C:\zoek-results2014-09-07-161511.log 34950 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\epson deleted successfully C:\PROGRA~2\Gabest deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\alain\AppData\Roaming\MyEmoticons.20140708121733 deleted successfully C:\Users\Gast\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\alain\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe C:\Users\alain\Documents\alain\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3563 MB CPU Info: AMD A4-3300M APU with Radeon HD Graphics CPU Speed: 1902,7 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: AMD Radeon HD 6480G | AMD Radeon HD 6480G | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR5B97 Wireless Network Adapter | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW TS-L633F Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 581,1GB | Q: 0,0MB Hard Disks - Free: C: 459,9GB | Q: 0,0MB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 05/04/11 | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer JE70-SB Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated) Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Internet Explorer Version: 11.0.9600.17239 Adobe Reader version: 11.0.8.4 Sun Java version: 1.7.0_67 (32-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\alain\AppData\Local\Temp ==== 2014-09-07 21:39:41 D11FB7A5078631BE2E183DC56FCD5375 43008 -c--a-w- C:\Users\alain\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu1ybsl.dll 2014-09-07 16:16:08 22385EE33688B10B61DA1D8CA9549E4B 120192 -c--a-w- C:\Users\alain\AppData\Local\Temp\clear.fiClient\cabarc.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-08-28 02:51:50 980305AC3AF53C1964A11190451ABB32 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-08-28 02:51:52 A347EF56B7CD8360B3EF7772FEA597B9 3163648 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-08-28 02:51:50 860528C9E50AB84935843B23A80E665E 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll ====== C:\Windows\Sysnative\drivers ===== 2014-08-13 05:56:35 87CE5C8965E101CCCED1F4675557E868 985536 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys ====== C:\Windows\Tasks ====== 2014-08-10 09:32:27 0C3ACBE5A53427BA4574A71589019F3A 2984 -c--a-w- C:\Windows\Sysnative\Tasks\{0D8EF99F-AF1D-4A05-8A55-978FB2AE2594} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\alain\AppData\Roaming ====== 2014-09-07 16:12:07 -------- dc----w- C:\Users\Gast\AppData\Local\Temp 2014-09-07 16:12:07 -------- dc----w- C:\Users\Cody\AppData\Local\Temp 2014-09-07 16:12:07 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-09-07 16:12:06 -------- dc----w- C:\Users\alain\AppData\Local\Temp 2014-09-07 11:07:58 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-09-01 11:41:03 -------- dc----w- C:\Users\Gast\AppData\Locallow\Adobe 2014-09-01 11:41:03 -------- dc----w- C:\Users\Gast\AppData\Local\Adobe 2014-08-29 14:07:04 -------- dc----w- C:\Users\alain\AppData\Local\Microsoft Help 2014-08-23 06:59:35 -------- dc----w- C:\Users\alain\AppData\Roaming\ATI ====== C:\Users\alain ====== 2014-08-29 14:07:04 -------- dc----w- C:\ProgramData\Microsoft Help ====== C: exe-files == 2014-09-07 21:46:58 83CEBD6FEB54E4B4C395213C19A53177 544 -c--a-w- C:\$RECYCLE.BIN\S-1-5-21-3241781761-3953431157-4087400376-1000\$IG11JAB.exe 2014-09-07 16:16:08 22385EE33688B10B61DA1D8CA9549E4B 120192 -c--a-w- C:\Users\alain\AppData\Local\Temp\clear.fiClient\cabarc.exe 2014-09-07 07:30:08 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 -c--a-w- C:\$RECYCLE.BIN\S-1-5-21-3241781761-3953431157-4087400376-1000\$RG11JAB.exe 2014-09-03 07:51:40 A9F5BF3EC85A8F5EA668FD404B61C2B8 16912 -c--a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtesta.exe 2014-09-03 07:51:40 A715DD1F4D7894100FBA9153048FDE1B 62992 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\update\backup\avguirux.exe 2014-09-03 07:51:40 9B3A0BC81C174ADF77DC6869AC6BCDDD 15888 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\update\backup\avgrdtestx.exe 2014-09-03 07:51:40 88950BBD830F5CCA4B18BD6AB3DD05FF 16912 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\update\backup\avgrdtesta.exe 2014-09-03 07:51:40 7556F0CCABAD60FA2F19165D6BBD92EA 62992 -c--a-w- C:\Program Files (x86)\AVG\AVG2014\avguirux.exe 2014-09-03 07:51:40 4505C7EEC5B0FFA5C45A7450198CBCC0 6018176 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\update\backup\avgmfapx.exe 2014-09-03 07:51:40 23E082855C7B3552390F425153617767 6018176 -c--a-w- C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe 2014-09-03 07:51:40 0FED596E388C979A5E865CEBA466B927 15888 -c--a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtestx.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver " "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver " "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe " "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "SkyDrive"="\"C:\\Users\\alain\\AppData\\Local\\Microsoft\\SkyDrive\\SkyDrive.exe\" /background" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeMovieService" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer\\clear.fi\\Movie\\clear.fiMovieService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonQuickMenu] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonQuickMenu" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\Quick Menu\\CNQMMAIN.EXE /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Advanced Audio v2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dolby Advanced Audio v2" "hkey"="HKLM" "command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecPMMUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX210 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EPSON SX210 Series" "hkey"="HKCU" "command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIFDE.EXE /FU \"C:\\Users\\alain\\AppData\\Local\\Temp\\E_S145B.tmp\" /EF \"HKCU\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IJNetworkScannerSelectorEX] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IJNetworkScannerSelectorEX" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\IJ Network Scanner Selector EX\\CNMNSST.exe /FORCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LManager" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE4" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SuiteTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^alain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "item"="Dropbox" "path"="C:\\Users\\alain\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\alain\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_EB_RPCV4_01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_PM_RPCV4_01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VmbService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "MSC"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" ==== Startup Folders ====================== 2014-06-23 07:25:50 1053 -c--a-w- C:\Users\alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a--c--- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/07/2014 13:49] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core.job --a--c--- C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/02/2013 14:13] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA.job --a--c--- C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/02/2013 14:13] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/10/2012 07:53] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/10/2012 07:53] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"] "C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core" [C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA" [C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\alain\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{97AA51C9-AC69-4524-B564-DB6C5E236309}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{0D8EF99F-AF1D-4A05-8A55-978FB2AE2594}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\{1137D312-D604-40E6-80D4-64945D0C9DCB}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{1E86B152-0279-4C4A-B3F7-BF4C47CCD9C2}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{37415A4E-3F55-412F-A600-E2EE497A832D}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{831227B2-235C-419D-A532-F99F94993806}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{8E2D9D37-81B1-438C-93A9-B73D30E01F35}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{AF454F46-4C32-4E2E-BCF4-563D25CB09BC}" [C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE] "C:\Windows\SysNative\tasks\{BAF2D979-D8DC-47F1-A257-4EAB52E461BF}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{CA4BF9A3-5B8D-473D-8610-5639D3C97E87}" [C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE] "C:\Windows\SysNative\tasks\{CADF8D62-B9C9-4A4D-A65D-35A3A9705C6E}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{CDDEFDED-A3AD-41AD-B8CC-3802F4328783}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{E7E3EE23-A1FA-496C-B7CF-DC47F484AFB9}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{E9764320-6B91-4284-B9B7-3184EBBE7639}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{EA946BB5-03C2-4352-8CD3-C37E263CBB05}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\i4emk1mu.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\i4emk1mu.default 506C758195FD6F4F1594C0F1B1E32A15 - C:\ProgramData\Kortingzoeker\FFExtension20131010193222\plugins\npdf.dll - MoneyMillionaire plugin 4F26678A032868EA584431944FB2E6C7 - C:\Users\alain\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll - Microsoft Office 2013 FF0D6F82A0EC13952E83B9439100E45D - C:\Users\alain\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Chrome Look ====================== Google Docs - alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Bing" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Bing" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{20711F84-BDC0-4ABF-84DA-B974A90FDD74}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="{searchTerms - Google Search}" {20711F84-BDC0-4ABF-84DA-B974A90FDD74} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Startup: Dropbox.lnk = alain\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Cody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Cody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\alain\AppData\Local\Mozilla\Firefox\Profiles\i4emk1mu.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\alain\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1256 folders=252 388865705 bytes) ==== Empty Temp Folders ====================== C:\Users\alain\AppData\Local\Temp will be emptied at reboot C:\Users\Cody\AppData\Local\Temp emptied successfully C:\Users\Gast\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\alain\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 08/09/2014 at 0:23:47,49 ======================

Zoek.exe v5.0.0.0 Updated 07-September-2014 Tool run by alain on zo 07/09/2014 at 17:41:49,69. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\alain\Documents\alain\zoek.exe [scan all users] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-09-07-110758.log 34148 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Users\alain\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe C:\Users\alain\Documents\alain\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3563 MB CPU Info: AMD A4-3300M APU with Radeon HD Graphics CPU Speed: 1943,9 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: AMD Radeon HD 6480G | AMD Radeon HD 6480G | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR5B97 Wireless Network Adapter | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW TS-L633F Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 581,1GB | Q: 0,0MB Hard Disks - Free: C: 460,0GB | Q: 0,0MB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 05/04/11 | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer JE70-SB Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated) Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Internet Explorer Version: 11.0.9600.17239 Adobe Reader version: 11.0.8.4 Sun Java version: 1.7.0_67 (32-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\alain\AppData\Local\Temp ==== 2014-09-07 04:56:55 D11FB7A5078631BE2E183DC56FCD5375 43008 -c--a-w- C:\Users\alain\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpokonnx.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-08-28 02:51:50 980305AC3AF53C1964A11190451ABB32 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-08-28 02:51:52 A347EF56B7CD8360B3EF7772FEA597B9 3163648 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-08-28 02:51:50 860528C9E50AB84935843B23A80E665E 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll ====== C:\Windows\Sysnative\drivers ===== 2014-08-13 05:56:35 87CE5C8965E101CCCED1F4675557E868 985536 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys ====== C:\Windows\Tasks ====== 2014-08-10 09:32:27 0C3ACBE5A53427BA4574A71589019F3A 2984 -c--a-w- C:\Windows\Sysnative\Tasks\{0D8EF99F-AF1D-4A05-8A55-978FB2AE2594} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\alain\AppData\Roaming ====== 2014-09-07 11:07:58 -------- dc----w- C:\Users\Gast\AppData\Local\Temp 2014-09-07 11:07:58 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-09-07 11:07:58 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-09-07 11:07:57 -------- dc----w- C:\Users\Cody\AppData\Local\Temp 2014-09-01 11:41:03 -------- dc----w- C:\Users\Gast\AppData\Locallow\Adobe 2014-09-01 11:41:03 -------- dc----w- C:\Users\Gast\AppData\Local\Adobe 2014-08-29 14:07:04 -------- dc----w- C:\Users\alain\AppData\Local\Microsoft Help 2014-08-23 06:59:35 -------- dc----w- C:\Users\alain\AppData\Roaming\ATI ====== C:\Users\alain ====== 2014-08-29 14:07:04 -------- dc----w- C:\ProgramData\Microsoft Help ====== C: exe-files == 2014-09-07 15:39:45 0F78D7226515CE867F8279403807848A 544 -c--a-w- C:\$RECYCLE.BIN\S-1-5-21-3241781761-3953431157-4087400376-1000\$IIQ3FZU.exe 2014-09-07 15:34:11 EE2DE64056FD4743B81E37CDC15CC704 544 -c--a-w- C:\$RECYCLE.BIN\S-1-5-21-3241781761-3953431157-4087400376-1000\$IIVOR09.exe 2014-09-07 07:30:08 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 -c--a-w- C:\Users\alain\Documents\alain\RSITx64.exe 2014-09-03 07:51:40 A9F5BF3EC85A8F5EA668FD404B61C2B8 16912 -c--a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtesta.exe 2014-09-03 07:51:40 A715DD1F4D7894100FBA9153048FDE1B 62992 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\update\backup\avguirux.exe 2014-09-03 07:51:40 9B3A0BC81C174ADF77DC6869AC6BCDDD 15888 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\update\backup\avgrdtestx.exe 2014-09-03 07:51:40 88950BBD830F5CCA4B18BD6AB3DD05FF 16912 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\update\backup\avgrdtesta.exe 2014-09-03 07:51:40 7556F0CCABAD60FA2F19165D6BBD92EA 62992 -c--a-w- C:\Program Files (x86)\AVG\AVG2014\avguirux.exe 2014-09-03 07:51:40 4505C7EEC5B0FFA5C45A7450198CBCC0 6018176 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\update\backup\avgmfapx.exe 2014-09-03 07:51:40 23E082855C7B3552390F425153617767 6018176 -c--a-w- C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe 2014-09-03 07:51:40 0FED596E388C979A5E865CEBA466B927 15888 -c--a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtestx.exe === C: other files == 2014-09-07 15:41:46 D6438BE54C3A66CBCA2BBA4749DCF5B7 544 -c--a-w- C:\$RECYCLE.BIN\S-1-5-21-3241781761-3953431157-4087400376-1000\$IQWUIIR.zip 2014-09-07 15:39:45 DC0BD2D13FF9083AF2E6BAF51643BD4E 544 -c--a-w- C:\$RECYCLE.BIN\S-1-5-21-3241781761-3953431157-4087400376-1000\$IS047YW.com 2014-09-07 15:34:01 51FF283B10FD007BE4C2E4052F629F69 544 -c--a-w- C:\$RECYCLE.BIN\S-1-5-21-3241781761-3953431157-4087400376-1000\$IRFR2DW.com 2014-09-07 10:18:56 CD01F2F46B95ABBEA783B5A4FC88D2AC 4108341 -c--a-w- C:\$RECYCLE.BIN\S-1-5-21-3241781761-3953431157-4087400376-1000\$RQWUIIR.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver " "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver " "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe " "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "SkyDrive"="\"C:\\Users\\alain\\AppData\\Local\\Microsoft\\SkyDrive\\SkyDrive.exe\" /background" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeMovieService" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer\\clear.fi\\Movie\\clear.fiMovieService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonQuickMenu] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonQuickMenu" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\Quick Menu\\CNQMMAIN.EXE /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Advanced Audio v2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dolby Advanced Audio v2" "hkey"="HKLM" "command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecPMMUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX210 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EPSON SX210 Series" "hkey"="HKCU" "command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIFDE.EXE /FU \"C:\\Users\\alain\\AppData\\Local\\Temp\\E_S145B.tmp\" /EF \"HKCU\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IJNetworkScannerSelectorEX] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IJNetworkScannerSelectorEX" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\IJ Network Scanner Selector EX\\CNMNSST.exe /FORCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LManager" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE4" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SuiteTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^alain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "item"="Dropbox" "path"="C:\\Users\\alain\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\alain\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_EB_RPCV4_01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_PM_RPCV4_01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VmbService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "MSC"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" ==== Startup Folders ====================== 2014-06-23 07:25:50 1053 -c--a-w- C:\Users\alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a--c--- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/07/2014 13:49] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core.job --a--c--- C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/02/2013 14:13] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA.job --a--c--- C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/02/2013 14:13] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/10/2012 07:53] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/10/2012 07:53] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"] "C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core" [C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA" [C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\alain\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{97AA51C9-AC69-4524-B564-DB6C5E236309}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{0D8EF99F-AF1D-4A05-8A55-978FB2AE2594}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\{1137D312-D604-40E6-80D4-64945D0C9DCB}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{1E86B152-0279-4C4A-B3F7-BF4C47CCD9C2}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{37415A4E-3F55-412F-A600-E2EE497A832D}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{831227B2-235C-419D-A532-F99F94993806}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{8E2D9D37-81B1-438C-93A9-B73D30E01F35}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{AF454F46-4C32-4E2E-BCF4-563D25CB09BC}" [C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE] "C:\Windows\SysNative\tasks\{BAF2D979-D8DC-47F1-A257-4EAB52E461BF}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{CA4BF9A3-5B8D-473D-8610-5639D3C97E87}" [C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE] "C:\Windows\SysNative\tasks\{CADF8D62-B9C9-4A4D-A65D-35A3A9705C6E}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{CDDEFDED-A3AD-41AD-B8CC-3802F4328783}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{E7E3EE23-A1FA-496C-B7CF-DC47F484AFB9}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{E9764320-6B91-4284-B9B7-3184EBBE7639}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{EA946BB5-03C2-4352-8CD3-C37E263CBB05}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\i4emk1mu.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\i4emk1mu.default 506C758195FD6F4F1594C0F1B1E32A15 - C:\ProgramData\Kortingzoeker\FFExtension20131010193222\plugins\npdf.dll - MoneyMillionaire plugin 4F26678A032868EA584431944FB2E6C7 - C:\Users\alain\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll - Microsoft Office 2013 FF0D6F82A0EC13952E83B9439100E45D - C:\Users\alain\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Chrome Look ====================== Google Docs - alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Bing" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Bing" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{20711F84-BDC0-4ABF-84DA-B974A90FDD74}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="{searchTerms - Google Search}" {20711F84-BDC0-4ABF-84DA-B974A90FDD74} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Startup: Dropbox.lnk = alain\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Cody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Cody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\alain\AppData\Local\Mozilla\Firefox\Profiles\i4emk1mu.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\alain\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1256 folders=252 388865705 bytes) ==== Empty Temp Folders ====================== C:\Users\alain\AppData\Local\Temp will be emptied at reboot C:\Users\Cody\AppData\Local\Temp emptied successfully C:\Users\Gast\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\alain\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun-14-0F05C8FF-0B18-43E3-BDFB-9A0C84B0E5DA.lock" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found ==== EOF on zo 07/09/2014 at 18:15:11,37 ======================

Logfile of random's system information tool 1.10 (written by random/random) Run by alain at 2014-09-07 09:31:56 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 472 GB (79%) free of 595 GB Total RAM: 3563 MB (58% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:32:06, on 7/09/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17239) Boot mode: Normal Running processes: C:\Users\alain\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files\trend micro\alain.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Startup: Dropbox.lnk = alain\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10456 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe c:\PROGRA~2\AVG\AVG2014\avgrsa.exe /boot C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=74054d2f-ae9a-4c34-b4bd-ac2d1bd88c68 /coreSdkOptions=4382 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\f52ddc3e-b656-4f5f-9b34-5a07a277b625-194-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\" /logPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\log\" %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "c:\Program Files\Microsoft Security Client\MsMpEng.exe" C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork atieclxx C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe" "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe" "C:\Program Files (x86)\Launch Manager\dsiwmis.exe" "C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE" "C:\Program Files\Acer\Acer Updater\UpdaterService.exe" "C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window "C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe" "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" WLIDSvcM.exe 2488 "C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe" "C:\Program Files (x86)\AVG\AVG2014\avgemca.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" C:\Windows\System32\alg.exe "taskhost.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "c:\Program Files\Microsoft Security Client\NisSrv.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Users\alain\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup taskeng.exe {CE9C9B40-67FC-4335-9429-8F77EEDAC0E4} "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe" "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" C:\Windows\system32\SearchIndexer.exe /Embedding ctfmon.exe "C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe" "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe" "C:\Users\alain\Documents\alain\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core.job - C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA.job - C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24 209504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-08-10 256456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12 1154720] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24 176736] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-08 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-08-10 194504] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12 1431712] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-08 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12 1154720] {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24 6126680] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-08-10 256456] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12 1431712] {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24 4438104] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-08-10 194504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"=C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-12 138096] "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-03-05 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [2011-02-18 177448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2013-05-02 1282120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe [2011-02-03 506712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-09-18 407920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-09-18 201584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE [2008-11-06 223232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2013-02-19 453736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [2011-03-31 1092688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-03-21 2207848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-04-07 11788392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-25 336384] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2010-09-28 340336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-03-05 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^alain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] C:\Users\alain\AppData\Roaming\Dropbox\bin\Dropbox.exe [2014-07-30 36414496] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-08-25 5188112] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896] C:\Users\alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\alain\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-09-07 09:31:56 ----DC---- C:\rsit 2014-08-29 16:07:04 ----DC---- C:\ProgramData\Microsoft Help 2014-08-28 04:51:52 ----A---- C:\Windows\system32\win32k.sys 2014-08-28 04:51:50 ----A---- C:\Windows\SYSWOW64\gdi32.dll 2014-08-28 04:51:50 ----A---- C:\Windows\system32\gdi32.dll 2014-08-23 08:59:35 ----DC---- C:\Users\alain\AppData\Roaming\ATI 2014-08-13 08:01:50 ----A---- C:\Windows\SYSWOW64\infocardapi.dll 2014-08-13 08:01:50 ----A---- C:\Windows\system32\infocardapi.dll 2014-08-13 08:01:49 ----A---- C:\Windows\SYSWOW64\icardagt.exe 2014-08-13 08:01:49 ----A---- C:\Windows\system32\icardagt.exe 2014-08-13 08:01:46 ----A---- C:\Windows\SYSWOW64\icardres.dll 2014-08-13 08:01:46 ----A---- C:\Windows\system32\icardres.dll 2014-08-13 08:01:12 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe 2014-08-13 08:01:12 ----A---- C:\Windows\system32\TsWpfWrp.exe 2014-08-13 07:58:37 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2014-08-13 07:58:36 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2014-08-13 07:58:36 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2014-08-13 07:58:35 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2014-08-13 07:58:35 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2014-08-13 07:58:35 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2014-08-13 07:58:35 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2014-08-13 07:58:35 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2014-08-13 07:58:35 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-13 07:58:35 ----A---- C:\Windows\system32\ieetwproxystub.dll 2014-08-13 07:58:34 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2014-08-13 07:58:33 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2014-08-13 07:58:32 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll 2014-08-13 07:58:32 ----A---- C:\Windows\system32\iernonce.dll 2014-08-13 07:58:32 ----A---- C:\Windows\system32\ie4uinit.exe 2014-08-13 07:58:31 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2014-08-13 07:58:31 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2014-08-13 07:58:31 ----A---- C:\Windows\system32\urlmon.dll 2014-08-13 07:58:31 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2014-08-13 07:58:31 ----A---- C:\Windows\system32\ieetwcollector.exe 2014-08-13 07:58:30 ----A---- C:\Windows\SYSWOW64\ieui.dll 2014-08-13 07:58:30 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2014-08-13 07:58:30 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2014-08-13 07:58:30 ----A---- C:\Windows\system32\msfeeds.dll 2014-08-13 07:58:30 ----A---- C:\Windows\system32\dxtmsft.dll 2014-08-13 07:58:29 ----A---- C:\Windows\system32\iesetup.dll 2014-08-13 07:58:28 ----A---- C:\Windows\system32\iedkcs32.dll 2014-08-13 07:58:26 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll 2014-08-13 07:58:26 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2014-08-13 07:58:26 ----A---- C:\Windows\system32\iertutil.dll 2014-08-13 07:58:25 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2014-08-13 07:58:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2014-08-13 07:58:25 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2014-08-13 07:58:24 ----A---- C:\Windows\SYSWOW64\wininet.dll 2014-08-13 07:58:24 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll 2014-08-13 07:58:24 ----A---- C:\Windows\system32\jsproxy.dll 2014-08-13 07:58:23 ----A---- C:\Windows\SYSWOW64\msrating.dll 2014-08-13 07:58:22 ----A---- C:\Windows\system32\ieui.dll 2014-08-13 07:58:22 ----A---- C:\Windows\system32\dxtrans.dll 2014-08-13 07:58:21 ----A---- C:\Windows\system32\ieframe.dll 2014-08-13 07:58:20 ----A---- C:\Windows\system32\mshtmlmedia.dll 2014-08-13 07:58:20 ----A---- C:\Windows\system32\mshtmled.dll 2014-08-13 07:58:20 ----A---- C:\Windows\system32\ieUnatt.exe 2014-08-13 07:58:19 ----A---- C:\Windows\system32\jscript9diag.dll 2014-08-13 07:58:18 ----A---- C:\Windows\system32\vbscript.dll 2014-08-13 07:58:18 ----A---- C:\Windows\system32\jscript9.dll 2014-08-13 07:58:18 ----A---- C:\Windows\system32\ieapfltr.dll 2014-08-13 07:58:17 ----A---- C:\Windows\system32\wininet.dll 2014-08-13 07:58:16 ----A---- C:\Windows\system32\msrating.dll 2014-08-13 07:58:16 ----A---- C:\Windows\system32\MshtmlDac.dll 2014-08-13 07:58:14 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-13 07:58:14 ----A---- C:\Windows\system32\mshtml.dll 2014-08-13 07:57:11 ----A---- C:\Windows\system32\msi.dll 2014-08-13 07:57:10 ----A---- C:\Windows\SYSWOW64\msi.dll 2014-08-13 07:57:10 ----A---- C:\Windows\SYSWOW64\authui.dll 2014-08-13 07:57:10 ----A---- C:\Windows\system32\authui.dll 2014-08-13 07:57:09 ----A---- C:\Windows\SYSWOW64\msihnd.dll 2014-08-13 07:57:09 ----A---- C:\Windows\system32\msihnd.dll 2014-08-13 07:57:09 ----A---- C:\Windows\system32\consent.exe 2014-08-13 07:57:03 ----A---- C:\Windows\SYSWOW64\tzres.dll 2014-08-13 07:57:03 ----A---- C:\Windows\system32\tzres.dll 2014-08-13 07:56:38 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL 2014-08-13 07:56:38 ----A---- C:\Windows\system32\KBDTAT.DLL 2014-08-13 07:56:37 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL 2014-08-13 07:56:37 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL 2014-08-13 07:56:37 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL 2014-08-13 07:56:37 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL 2014-08-13 07:56:37 ----A---- C:\Windows\system32\KBDYAK.DLL 2014-08-13 07:56:37 ----A---- C:\Windows\system32\KBDRU1.DLL 2014-08-13 07:56:37 ----A---- C:\Windows\system32\KBDRU.DLL 2014-08-13 07:56:37 ----A---- C:\Windows\system32\KBDBASH.DLL 2014-08-13 07:56:35 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys 2014-08-13 07:56:30 ----A---- C:\Windows\system32\rpcrt4.dll 2014-08-13 07:56:29 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll 2014-08-13 07:56:26 ----A---- C:\Windows\SYSWOW64\shell32.dll 2014-08-13 07:56:26 ----A---- C:\Windows\system32\shell32.dll 2014-08-13 07:53:19 ----A---- C:\Windows\system32\aepdu.dll 2014-08-13 07:53:17 ----A---- C:\Windows\system32\aeinv.dll 2014-08-08 05:47:53 ----AC---- C:\Windows\SYSWOW64\javaws.exe 2014-08-08 05:47:41 ----AC---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll 2014-08-08 05:47:41 ----AC---- C:\Windows\SYSWOW64\javaw.exe 2014-08-08 05:47:41 ----AC---- C:\Windows\SYSWOW64\java.exe 2014-08-08 05:47:24 ----DC---- C:\Program Files (x86)\Java ======List of files/folders modified in the last 1 month====== 2014-09-07 09:32:06 ----DC---- C:\Windows\Prefetch 2014-09-07 09:32:04 ----DC---- C:\Program Files\trend micro 2014-09-07 09:30:09 ----DC---- C:\Windows\Temp 2014-09-07 08:13:36 ----DC---- C:\Windows\tracing 2014-09-07 07:15:12 ----DC---- C:\Users\alain\AppData\Roaming\Dropbox 2014-09-07 07:07:03 ----DC---- C:\Windows\inf 2014-09-07 07:06:59 ----DC---- C:\Windows\Minidump 2014-09-07 07:06:59 ----DC---- C:\Windows 2014-09-07 07:03:35 ----DC---- C:\Windows\system32\NDF 2014-09-07 06:57:19 ----DC---- C:\ProgramData\clear.fi 2014-09-07 06:54:32 ----DC---- C:\Windows\system32\config 2014-09-07 05:25:08 ----DC---- C:\ProgramData\MFAData 2014-09-06 10:39:11 ----DC---- C:\Windows\System32 2014-09-06 10:39:11 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-09-05 06:04:30 ----SHD---- C:\System Volume Information 2014-09-03 11:22:24 ----DC---- C:\ProgramData\CanonIJPLM 2014-09-03 09:58:01 ----SHDC---- C:\Windows\Installer 2014-09-03 09:58:00 ----SHDC---- C:\Config.Msi 2014-09-03 09:56:31 ----DC---- C:\Windows\system32\drivers 2014-08-30 13:20:18 ----DC---- C:\Users\alain\AppData\Roaming\SoftGrid Client 2014-08-29 18:45:26 ----HDC---- C:\ProgramData 2014-08-29 18:45:17 ----DC---- C:\Windows\system32\Tasks 2014-08-29 18:45:13 ----DC---- C:\Windows\Tasks 2014-08-29 16:07:16 ----SDC---- C:\Users\alain\AppData\Roaming\Microsoft 2014-08-28 09:14:21 ----D---- C:\Windows\winsxs 2014-08-28 09:10:39 ----DC---- C:\Windows\SysWOW64 2014-08-28 04:43:51 ----DC---- C:\Windows\system32\catroot2 2014-08-28 04:43:51 ----DC---- C:\Windows\system32\catroot 2014-08-24 08:32:04 ----D---- C:\Windows\rescache 2014-08-22 12:52:01 ----DC---- C:\Windows\Microsoft.NET 2014-08-22 12:50:21 ----RSDC---- C:\Windows\assembly 2014-08-15 05:38:58 ----AC---- C:\Windows\wininit.ini 2014-08-14 09:26:17 ----HDC---- C:\ProgramData\CanonIJScan 2014-08-14 09:26:17 ----DC---- C:\Users\alain\AppData\Roaming\Canon 2014-08-13 11:02:21 ----DC---- C:\Windows\debug 2014-08-13 08:51:47 ----DC---- C:\Windows\ehome 2014-08-13 08:51:46 ----RSDC---- C:\Windows\Fonts 2014-08-13 08:51:26 ----DC---- C:\Windows\SYSWOW64\nl-NL 2014-08-13 08:51:26 ----DC---- C:\Windows\system32\nl-NL 2014-08-13 08:51:21 ----DC---- C:\Program Files\Internet Explorer 2014-08-13 08:51:20 ----DC---- C:\Windows\SYSWOW64\en-US 2014-08-13 08:51:20 ----DC---- C:\Windows\PolicyDefinitions 2014-08-13 08:51:19 ----DC---- C:\Windows\system32\en-US 2014-08-13 08:51:19 ----DC---- C:\Program Files (x86)\Internet Explorer 2014-08-13 08:18:26 ----DC---- C:\Windows\system32\MRT 2014-08-13 08:13:17 ----A---- C:\Windows\system32\MRT.exe 2014-08-13 08:00:10 ----SDC---- C:\Windows\system32\CompatTel 2014-08-10 11:36:35 ----DC---- C:\Program Files (x86)\Google 2014-08-10 11:29:15 ----DC---- C:\Program Files (x86) 2014-08-08 05:48:14 ----DC---- C:\Program Files (x86)\Common Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-06-17 190744] R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-06-17 328984] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-08-06 123672] R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-06-17 31512] R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-06-30 152344] R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-07-21 244504] R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-06-17 235800] R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-06-17 269080] R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2014-03-21 49952] R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2011-05-20 22912] R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2011-05-20 20328] R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-05-20 62584] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928] R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600] R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-21 146432] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-25 9257472] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-25 300544] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-03-17 2712064] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-04-12 2833256] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424] R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432] R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144] R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840] R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208] R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408] R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-15 47232] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 A38CCID;CCID USB Smart Card Reader; C:\Windows\system32\DRIVERS\a38ccid.sys [2014-05-14 62592] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-12-30 117248] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-09-12 57856] S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-06-10 98816] S3 huawei_cdcecm;huawei_cdcecm; C:\Windows\system32\DRIVERS\ew_jucdcecm.sys [2010-12-30 54784] S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-06-10 86016] S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2011-06-10 28672] S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2011-06-10 213504] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-09-10 117248] S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [] S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208] S3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista; C:\Windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-24 19456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-11-13 56832] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] S3 usbrndis6;USB RNDIS6-adapter; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 19968] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496] S3 WinUsb;WinUsb-stuurprogramma; C:\Windows\system32\drivers\WinUSB.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-25 204288] R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-08-25 3242000] R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-08-25 289328] R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504] R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-03-31 352848] R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2013-05-14 140936] R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808] R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832] R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480] R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-12 247968] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528] S2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-12 193696] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 116648] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 262320] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-03-04 655624] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 116648] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-10-09 194032] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-08-13 111616] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-05 1255736] S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808] S4 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912] S4 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552] S4 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [2007-12-17 163840] S4 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464] S4 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-01-18 39528] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] -----------------EOF-----------------

Beste, Gisteren (05.09.2014) is mijn laptop 2 X gecrashed. En vandaag terug. Nochtans gebruik ik regelmatig CC Cleaner. Deze voer ik altijd uit als adm. Telkens als de LT uitvalt krijg ik een blauw scherm met tekst op. Onderaan staat "dumping physical memory" met daarnaast een soort timer die optelt tot 100% en dan valt hij uit en start terug op. Eens ik terug ben ingelogd verschijnt er een melding van windows. "Windows is onverwachts afgesloten en terug hersteld. Wij zoeken naar een oplossing voor dit probleem". Daarom zou ik willen vragen of jullie eens kunnen kijken of er een groot probleem is of mms gehacked? Mvg Alain.

Beste Kabe, Hartelijk dank voor jullie hulp. Mijn laptop werkt weer normaal. Mvg Alain.

# AdwCleaner v3.023 - Report created 12/04/2014 at 10:09:41 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : alain - ALAIN-PC # Running from : C:\Users\alain\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js File Deleted : C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\slx6c20e.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [discountfinder@moneymillionaire.com] Key Deleted : HKCU\Software\Classes\pokki Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com Key Deleted : HKLM\SOFTWARE\Classes\AmiBs.Installer Key Deleted : HKLM\SOFTWARE\Classes\AmiBs.Installer.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncherSettings Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncherSettings.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_duplicate-cleaner_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_duplicate-cleaner_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_noclone-free_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_noclone-free_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9083CE-8758-4704-BA57-3C891D7452BD} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\DataMngr [#] Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\ExpressFiles Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\lollipop Key Deleted : HKCU\Software\Myfree Codec Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\ParetoLogic Key Deleted : HKCU\Software\PrivitizeVPNInstallDates Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\VideoDownloadConverter_4z Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\ExpressFiles Key Deleted : HKLM\Software\Myfree Codec Key Deleted : HKLM\Software\ParetoLogic Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\VideoDownloadConverter Key Deleted : HKLM\Software\VideoDownloadConverter_4z Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v ************************* AdwCleaner[R0].txt - [15703 octets] - [12/04/2014 10:08:10] AdwCleaner[s0].txt - [15130 octets] - [12/04/2014 10:09:41] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [15191 octets] ##########

Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by alain on za 12/04/2014 at 7:25:12,17. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\alain\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-04-11-064555.log 47220 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "NTRedirect"=- [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e77d8ca6-3a60-4ae9-8461-53b22fa3125b}"=- ==== Deleting Files \ Folders ====================== C:\\Users\\alain\\AppData\\Roaming\\BabSolution not found C:\Users\alain\AppData\Locallow\EmieUserList deleted C:\Users\alain\AppData\Local\EmieUserList deleted C:\Users\alain\AppData\Local\EmieSiteList deleted C:\Users\alain\AppData\Locallow\EmieSiteList deleted C:\Users\alain\AppData\Local\PriceMeterLiveUpdate deleted C:\Windows\SysNative\tasks\0 deleted C:\Windows\SysNative\tasks\pricemeterdownloader deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-04-07 09:13:32 50625CF1B2D2860E4BA7F96E15370A9A 457073076 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\alain\AppData\Local\Temp ==== 2014-04-11 06:45:34 22385EE33688B10B61DA1D8CA9549E4B 120192 -c--a-w- C:\Users\alain\AppData\Local\Temp\clear.fiClient\cabarc.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-04-09 07:11:57 AA12D7A960DB78DD9690AB5B5DAE6586 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-04-09 07:11:53 CE6921D33682C6C3DB8A45853CC69402 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-04-09 07:11:44 A127D17C354B473B0F4C6265538F5A2C 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 07:11:36 7E9FE7DB43BC204E44F159F843E35C15 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-04-09 07:11:35 EDACA6C44D9CE200F899B7DB0F201DFF 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-04-09 07:11:35 EBC35FE64056910A84485BEEB6DCCAC6 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-04-09 07:11:35 34FC79C948EE2C5FD0CD699E7D7F91B7 244224 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-04-09 07:11:34 31385A6CAA31BE9D07B0B32E5AA99ABB 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-04-09 07:11:33 82287FCFFA4A2D60FD744E3FEB3192C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-04-09 07:11:33 21BF6759685FD193715B483F2B3F21B1 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-04-09 07:11:32 C9CA9803299EB6AFA34CB520BAAB083D 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-09 07:11:32 0FDC1A576A3F40420882C0F7C4A66EAD 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-04-09 07:11:28 BB185D4A9362AA17CBCEC0768CDBF249 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-04-09 07:11:28 6557B48D53D653CFCCE3CB1CFA53A8E1 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-09 07:11:28 0F4A295516781897FFB09B4CCF2E8798 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-04-09 07:11:25 05BD47136DE62FAFE9F95B40E4100144 2178048 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-04-09 07:11:24 E4E829EE073E046B0EB19B5FECB19B8C 1789440 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-04-09 07:11:24 76F58DB8F85C125E0D6B3AA42F3BF1D0 1143808 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-04-09 07:11:23 C4A383FD50FBD7E274DD41CF571DF898 1967104 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-04-09 07:11:21 2AFBB91BBD2378933B26E6D68C140D1B 11745792 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-04-09 07:11:20 EA85144F35EDE6EE25C484D4242FF2C8 17387008 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-04-09 07:11:18 8C46360D6EF9D4C563FE834C4F287DA3 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-04-09 04:02:23 76161B9D78A275F8F28DD67436013110 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2014-04-09 04:02:19 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2014-04-09 04:02:16 1F76F7CB3C690ACB985C2FD419383B49 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 04:02:13 1E886E327F37F34CC7465F1605D1F3CD 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2014-04-09 04:02:12 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2014-04-09 04:02:09 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2014-04-08 07:48:29 C33CA1A7B95318D945F96A794E3C0DE7 25400 -c--a-w- C:\Windows\SysWOW64\authuitu.dll 2014-04-08 07:48:19 A0265D720F0F4B0496A2D679D64C2E83 35640 -c--a-w- C:\Windows\SysWOW64\uxtuneup.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-04-09 07:11:58 7446786E7092ABE122D372F95E6ED74B 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-04-09 07:11:53 FFF555C177D9F2B79B5C3146BED09FB1 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-04-09 07:11:45 6A8AA25D37F89E40B834F34950E3B89B 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-04-09 07:11:41 D6067F7EE060C5D6D79008AD591B4E3B 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-04-09 07:11:41 3F498856C68725717195C16568FE19D0 586240 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-04-09 07:11:40 964C89BC8A52A260D68C90FDDEB862E2 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-04-09 07:11:40 72116CC377FF4281B0132C397026D911 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-04-09 07:11:37 3F547245C78F4847B73EDDFD4A2F7E12 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-04-09 07:11:36 E0D95345D1EBB54F28E958782B9C0CE0 453120 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-04-09 07:11:36 CFBA793F678EB3855052ECF99357A9A1 296960 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-04-09 07:11:35 E7161E2C66FF9B1E87C30FC9D2497ABB 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-04-09 07:11:35 CB57E934280D346AE0A9B053DAA284C5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-04-09 07:11:34 75AD355828187145A60E3DC7BAF7B0F3 628736 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-04-09 07:11:33 1BF215FF4DF6DE10D2F81A2CE85157D2 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-04-09 07:11:32 A3F9A9E46BDDBB8B20B7CF3EEDB990F2 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-04-09 07:11:31 37D0FB9E5E8EDA40B66FC3FB3D660261 23549440 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-04-09 07:11:28 EBAD8A4D048ED257E4A45F6356541F86 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-04-09 07:11:28 915D8A9E112C97C90C654F792B6B28B9 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-04-09 07:11:27 A3A132CBE48AF0324466469F2CAAE8A2 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-04-09 07:11:26 710FD0E362A1A5C087DB90C1BAC46411 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-04-09 07:11:25 1F8534A19A66275C863DE17645CB2A13 2767360 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-04-09 07:11:24 F220BA78AB542C70211D73AE4729B2CD 2260480 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-04-09 07:11:24 32417AE8280276968E5C551ED85D3525 1400832 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-04-09 07:11:22 A14BB2F5F6457738AAA11367F5172A05 13551104 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-04-09 07:11:22 1654093C8BD3342997D27B71684ACCE8 2043904 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-04-09 07:11:19 BF25489459C7A762DD7B3186C7E3984D 5784064 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-04-09 04:02:26 D2A513EE880D71BDE7F0257F38B9D019 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2014-04-09 04:02:24 2A107B611C91CD256466C58C0D776E9D 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2014-04-09 04:02:22 7434E01FBCA3CB86539C39412A31D5E1 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2014-04-09 04:02:16 74959C718FF4594369645F35B7DF19C4 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2014-04-09 04:02:15 0F090A77E664CB0F70AB8D3B230B760C 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2014-04-08 07:48:29 8BAC9B63A6F3864F5F973729014F6D7F 29496 -c--a-w- C:\Windows\Sysnative\authuitu.dll 2014-04-08 07:48:20 153C65961B92D0FF804644533E7F1100 42808 -c--a-w- C:\Windows\Sysnative\uxtuneup.dll ====== C:\Windows\Sysnative\drivers ===== 2014-04-09 04:02:34 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys 2014-04-09 04:02:34 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\Sysnative\drivers\storport.sys 2014-04-09 04:02:34 96BB922A0981BC7432C8CF52B5410FE6 274880 -c--a-w- C:\Windows\Sysnative\drivers\msiscsi.sys 2014-04-09 04:02:03 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys ====== C:\Windows\Tasks ====== 2014-03-21 17:11:32 772096B1533565D97B73C65131B7AA23 3694 -c--a-w- C:\Windows\Sysnative\Tasks\Adobe online update program ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-04-10 06:49:14 -------- dc----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-04-08 07:23:12 -------- dc----w- C:\PROGRA~2\TuneUp Utilities 2014 ======= C: ===== ====== C:\Users\alain\AppData\Roaming ====== 2014-04-11 06:40:44 -------- dc----w- C:\Users\Gast\AppData\Local\Temp 2014-04-11 06:40:44 -------- dc----w- C:\Users\Cody\AppData\Local\Temp 2014-04-11 06:40:44 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-04-11 06:40:44 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-04-11 06:40:43 -------- dc----w- C:\Users\alain\AppData\Local\Temp 2014-04-08 07:24:18 -------- dc----w- C:\Users\alain\AppData\Local\TuneUp Software 2014-03-27 15:14:27 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\AVG 2014-03-26 11:01:09 -------- dc----w- C:\Users\alain\AppData\Local\AVG 2014-03-23 06:38:56 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG 2014-03-22 06:37:19 -------- dc----w- C:\Users\alain\AppData\Roaming\AVG ====== C:\Users\alain ====== 2014-04-10 06:57:19 662C39FC1E27131551D557862CEC47F0 935175 -c--a-w- C:\Users\alain\Desktop\RSITx64.exe 2014-04-09 08:40:10 -------- dc-h--w- C:\ProgramData\CanonIJMyPrinter 2014-04-09 08:37:52 -------- dc----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikersregistratie voor Canon MG5500 series 2014-04-09 08:13:34 -------- dc-h--w- C:\ProgramData\CanonIJMIG 2014-04-07 08:24:11 -------- dc----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher 2014-04-01 07:54:07 -------- dc----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-03-22 06:33:34 -------- dc----w- C:\ProgramData\AVG ====== C: exe-files == 2014-04-11 06:45:34 22385EE33688B10B61DA1D8CA9549E4B 120192 -c--a-w- C:\Users\alain\AppData\Local\Temp\clear.fiClient\cabarc.exe 2014-04-10 06:57:19 662C39FC1E27131551D557862CEC47F0 935175 -c--a-w- C:\Users\alain\Desktop\RSITx64.exe 2014-04-10 06:49:14 9A2347903D6EDB84C10F288BC0578C1C 388608 -c--a-w- C:\Program Files\trend micro\alain.exe 2014-04-09 08:37:52 EA2DFB3E298DE43E77EC4E70C9B3B8BD 69712 -c----w- C:\Program Files (x86)\Canon\IJEREG\MG5500 series\IJRMF.exe 2014-04-09 08:37:52 57B2DC0F38E830D98C5D5323F0F3C262 72784 -c----w- C:\Program Files (x86)\Canon\IJEREG\MG5500 series\UNINST.EXE 2014-04-09 08:29:46 9FA2DA695795766CB2CF977DAB3D44D6 56424 -c----w- C:\Program Files\CanonBJ\IJPrinter\Canon MG5500 series\IJDIA6.exe 2014-04-09 08:11:54 204B2B393B0A41E394C08EE3285C4BD1 94344 -c--a-r- C:\Program Files (x86)\Canon\IJPLM\setup.exe 2014-04-09 08:11:17 0767866EC60D7505DEF5B27288022351 124496 -c--a-w- C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe 2014-04-09 08:11:15 DE4445CFBBFC40A407D7C0DC96A66691 94288 -c--a-w- C:\Program Files (x86)\Canon\IJ Scan Utility\MAPI.exe 2014-04-09 08:11:15 1254E2F94611C48090EA705879818560 1112656 -c--a-w- C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe 2014-04-09 08:11:11 D692DF2EE9EAF76E45E391FB1EF71153 421032 -c-ha-w- C:\Program Files (x86)\Canon\IJ Scan Utility\MAINT.exe 2014-04-09 07:11:50 F972DDD19A10F53D74021DDEAC07CCA6 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-04-09 07:11:50 E0155A11B26C7D5347069AB7ACB62D02 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-04-09 07:11:50 BEA4E0C0BA936E8A3DB24D1A37BF70BE 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-04-09 07:11:49 C5C7E33308BAE18BD9F59F9A93E85D33 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-04-09 07:11:41 3F498856C68725717195C16568FE19D0 586240 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-04-09 07:11:33 21BF6759685FD193715B483F2B3F21B1 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-04-09 07:11:33 1BF215FF4DF6DE10D2F81A2CE85157D2 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-04-09 07:11:27 A3A132CBE48AF0324466469F2CAAE8A2 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-04-09 07:11:26 710FD0E362A1A5C087DB90C1BAC46411 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-04-09 07:11:24 EA8386CA87165460D39A1D29FF11080B 809680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-04-09 07:11:23 0667ED9F8E905E1F73DB60ACCEDCBCA7 811728 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-04-09 04:02:19 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2014-04-09 04:02:12 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2014-04-09 04:02:09 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2014-04-07 08:24:55 FFEAB08AE0C438B404D0CFD0D1C31F22 114376 -c--a-w- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\uninstall.exe === C: other files == 2014-04-09 04:02:34 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2014-04-09 04:02:34 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\System32\drivers\storport.sys 2014-04-09 04:02:34 96BB922A0981BC7432C8CF52B5410FE6 274880 -c--a-w- C:\Windows\System32\drivers\msiscsi.sys 2014-04-09 04:02:03 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver " "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe " "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon " "IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE " "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver " "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe " "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe " "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "SkyDrive"="\"C:\\Users\\alain\\AppData\\Local\\Microsoft\\SkyDrive\\SkyDrive.exe\" /background" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "vProt"="\"C:\\Program Files (x86)\\AVG Secure Search\\vprot.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeMovieService" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer\\clear.fi\\Movie\\clear.fiMovieService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Advanced Audio v2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dolby Advanced Audio v2" "hkey"="HKLM" "command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EEventManager" "hkey"="HKLM" "command"="C:\\PROGRA~2\\EPSONS~1\\EVENTM~1\\EEventManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecPMMUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX210 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EPSON SX210 Series" "hkey"="HKCU" "command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIFDE.EXE /FU \"C:\\Users\\alain\\AppData\\Local\\Temp\\E_S145B.tmp\" /EF \"HKCU\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LManager" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE4" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SuiteTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^alain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "item"="Dropbox" "path"="C:\\Users\\alain\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\alain\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_EB_RPCV4_01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_PM_RPCV4_01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VmbService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "MSC"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" ==== Startup Folders ====================== 2013-08-18 11:35:31 1053 -c-ha-w- C:\Users\alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a--c--- [undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core.job --a--c--- C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/02/2013 14:13] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA.job --a--c--- C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/02/2013 14:13] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/10/2012 07:53] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/10/2012 07:53] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"] "C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core" [C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA" [C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\alain\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{97AA51C9-AC69-4524-B564-DB6C5E236309}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{1137D312-D604-40E6-80D4-64945D0C9DCB}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{1E86B152-0279-4C4A-B3F7-BF4C47CCD9C2}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{37415A4E-3F55-412F-A600-E2EE497A832D}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{831227B2-235C-419D-A532-F99F94993806}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{8E2D9D37-81B1-438C-93A9-B73D30E01F35}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{AF454F46-4C32-4E2E-BCF4-563D25CB09BC}" [C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE] "C:\Windows\SysNative\tasks\{BAF2D979-D8DC-47F1-A257-4EAB52E461BF}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{CA4BF9A3-5B8D-473D-8610-5639D3C97E87}" [C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE] "C:\Windows\SysNative\tasks\{CADF8D62-B9C9-4A4D-A65D-35A3A9705C6E}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{CDDEFDED-A3AD-41AD-B8CC-3802F4328783}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{E7E3EE23-A1FA-496C-B7CF-DC47F484AFB9}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{E9764320-6B91-4284-B9B7-3184EBBE7639}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{EA946BB5-03C2-4352-8CD3-C37E263CBB05}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "discountfinder@moneymillionaire.com"="C:\ProgramData\Kortingzoeker\FFExtension20131010193222" [12/10/2013 16:05] ==== Firefox Extensions ====================== ProfilePath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\i4emk1mu.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\i4emk1mu.default 506C758195FD6F4F1594C0F1B1E32A15 - C:\ProgramData\Kortingzoeker\FFExtension20131010193222\plugins\npdf.dll - MoneyMillionaire plugin 4F26678A032868EA584431944FB2E6C7 - C:\Users\alain\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll - Microsoft Office 2013 FF0D6F82A0EC13952E83B9439100E45D - C:\Users\alain\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Bing" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Bing" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{20711F84-BDC0-4ABF-84DA-B974A90FDD74}" {20711F84-BDC0-4ABF-84DA-B974A90FDD74} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Cody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Cody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\alain\AppData\Local\Mozilla\Firefox\Profiles\i4emk1mu.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1115 folders=247 161097456 bytes) ==== Empty Temp Folders ====================== C:\Users\alain\AppData\Local\Temp will be emptied at reboot C:\Users\Cody\AppData\Local\Temp emptied successfully C:\Users\Gast\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\alain\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 12/04/2014 at 8:10:18,79 ======================

Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by alain on vr 11/04/2014 at 8:03:19,59. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\alain\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 11/04/2014 8:10:12 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully C:\Users\alain\AppData\Roaming\Systweak deleted successfully C:\Users\alain\AppData\Local\Downloaded Installations deleted successfully C:\Users\alain\AppData\Local\Lollipop deleted successfully C:\Users\Cody\AppData\Local\VirtualStore deleted successfully C:\Users\Gast\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.0.5 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.0.5 deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775b}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] ==== Deleting Files \ Folders ====================== C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\Program Files (x86)\PriceMeterLiveUpdate not found C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found C:\ProgramData\PriceMeterLiveUpdate deleted C:\Users\alain\AppData\Roaming\PriceMeterUpdater deleted C:\Program Files (x86)\Ask.com deleted C:\PROGRA~2\GUTFBEC.tmp deleted C:\PROGRA~2\GUMFBEB.tmp deleted C:\PROGRA~2\PC Speed Up deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~2\Re-markit deleted C:\PROGRA~2\VideoDownloadConverter deleted C:\PROGRA~2\VideoDownloadConverter_4z deleted C:\PROGRA~2\MyFree Codec deleted C:\PROGRA~2\Search Results Toolbar deleted C:\PROGRA~2\COMMON~1\AVG Secure Search deleted C:\Users\alain\AppData\Roaming\ExpressFiles deleted C:\Users\alain\AppData\Roaming\DVDVideoSoftIEHelpers deleted C:\Users\alain\AppData\Roaming\ParetoLogic deleted C:\Users\alain\AppData\Roaming\DriverCure deleted C:\Users\alain\AppData\Roaming\BabSolution deleted C:\Users\alain\AppData\Roaming\Babylon deleted C:\Users\alain\AppData\Roaming\Registry Mechanic deleted C:\Users\alain\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\StarApp deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\OberonGameConsole deleted C:\PROGRA~3\MaggneiPaic deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Tarma Installer deleted C:\Users\alain\AppData\Local\VideoDownloadConverter_4z deleted C:\Users\alain\AppData\Local\AVG Secure Search deleted C:\Users\alain\AppData\Local\PutLockerDownloader deleted C:\Users\alain\AppData\Local\Software deleted C:\Users\Gast\AppData\Local\AVG Secure Search deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\alain\AppData\LocalLow\AVG Secure Search deleted C:\Users\alain\AppData\LocalLow\VideoDownloadConverter_4z deleted C:\Users\alain\AppData\LocalLow\searchresultstb deleted C:\Users\alain\AppData\LocalLow\IAC deleted C:\Users\alain\AppData\LocalLow\ilividtoolbargaw deleted C:\Users\alain\AppData\LocalLow\DataMngr deleted C:\Users\Gast\AppData\LocalLow\AVG Secure Search deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\wininit.ini deleted C:\windows\SysNative\TASKS\Scheduled Update for Ask Toolbar deleted C:\windows\SysNative\Tasks\Express FilesUpdate deleted C:\windows\SysNative\Tasks\EPUpdater deleted C:\user.js deleted C:\END deleted C:\Windows\Syswow64\SearchProtect deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader4@ftdownloader.com.xpi deleted C:\Users\alain\Desktop\ongebruikte progamma's\avg_free_stb_all_2014_4158_softonic.exe deleted "C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted "C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted "C:\PROGRA~2\AVG Secure Search" not deleted "C:\PROGRA~2\AVG Secure Search" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-04-07 09:13:32 50625CF1B2D2860E4BA7F96E15370A9A 457073076 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\alain\AppData\Local\Temp ==== 2014-04-11 06:04:54 E6AB3AED57555CB7942940597C0F90BE 126264 -c--a-w- C:\Users\alain\AppData\Local\Temp\TUUUninstallHelper.exe 2014-04-09 08:08:11 5F875FDDFFC4D7E91C2B10E895CC6F8C 354392 -c--a-r- C:\Users\alain\AppData\Local\Temp\uninstall.exe 2014-04-08 07:46:54 EC3943C1838A51246751AA9A2CACB6AC 601400 -c--a-w- C:\Users\alain\AppData\Local\Temp\UpdateWizard_25616\tulic.dll 2014-04-08 07:46:54 5D98C7A746137AE06D907D98E7882313 2163000 -c--a-w- C:\Users\alain\AppData\Local\Temp\UpdateWizard_25616\SilentUpdater.exe 2014-04-08 07:29:08 64AAADD364A6F0BA10673BC4274EC608 4096000 -c--a-w- C:\Users\alain\AppData\Local\Temp\Lang_nl-NL.msi 2014-04-08 07:20:08 9C8EE6D9827FFBE4DFA849883053F18D 3911680 -c--a-w- C:\Users\alain\AppData\Local\Temp\Lang_en-GB.msi 2014-04-08 05:25:47 FAB3371539E43959E10CB99647AFABAD 32056 -c--a-w- C:\Users\alain\AppData\Local\Temp\SDShelEx-win32.dll 2014-04-08 05:25:47 EF168DFDE45180C494D5F311CB9F6408 31544 -c--a-w- C:\Users\alain\AppData\Local\Temp\SDShelEx-x64.dll 2014-04-08 05:25:47 91D74E495517F8817F30C3F91F229904 28472 -c--a-w- C:\Users\alain\AppData\Local\Temp\DseShExt-x86.dll 2014-04-08 05:25:47 445DDF7EDBF92E9B641E811153ACB7F2 26424 -c--a-w- C:\Users\alain\AppData\Local\Temp\DseShExt-x64.dll 2014-04-06 08:24:56 22385EE33688B10B61DA1D8CA9549E4B 120192 -c--a-w- C:\Users\alain\AppData\Local\Temp\clear.fiClient\cabarc.exe ====== Java Cache ===== 2014-03-31 13:05:25 D41D8CD98F00B204E9800998ECF8427E 0 -c--a-w- C:\Users\alain\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-1d355db4 ====== C:\Windows\SysWOW64 ===== 2014-04-09 07:11:57 AA12D7A960DB78DD9690AB5B5DAE6586 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-04-09 07:11:53 CE6921D33682C6C3DB8A45853CC69402 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-04-09 07:11:44 A127D17C354B473B0F4C6265538F5A2C 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 07:11:36 7E9FE7DB43BC204E44F159F843E35C15 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-04-09 07:11:35 EDACA6C44D9CE200F899B7DB0F201DFF 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-04-09 07:11:35 EBC35FE64056910A84485BEEB6DCCAC6 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-04-09 07:11:35 34FC79C948EE2C5FD0CD699E7D7F91B7 244224 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-04-09 07:11:34 31385A6CAA31BE9D07B0B32E5AA99ABB 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-04-09 07:11:33 82287FCFFA4A2D60FD744E3FEB3192C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-04-09 07:11:33 21BF6759685FD193715B483F2B3F21B1 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-04-09 07:11:32 C9CA9803299EB6AFA34CB520BAAB083D 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-09 07:11:32 0FDC1A576A3F40420882C0F7C4A66EAD 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-04-09 07:11:28 BB185D4A9362AA17CBCEC0768CDBF249 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-04-09 07:11:28 6557B48D53D653CFCCE3CB1CFA53A8E1 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-09 07:11:28 0F4A295516781897FFB09B4CCF2E8798 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-04-09 07:11:25 05BD47136DE62FAFE9F95B40E4100144 2178048 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-04-09 07:11:24 E4E829EE073E046B0EB19B5FECB19B8C 1789440 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-04-09 07:11:24 76F58DB8F85C125E0D6B3AA42F3BF1D0 1143808 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-04-09 07:11:23 C4A383FD50FBD7E274DD41CF571DF898 1967104 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-04-09 07:11:21 2AFBB91BBD2378933B26E6D68C140D1B 11745792 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-04-09 07:11:20 EA85144F35EDE6EE25C484D4242FF2C8 17387008 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-04-09 07:11:18 8C46360D6EF9D4C563FE834C4F287DA3 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-04-09 04:02:23 76161B9D78A275F8F28DD67436013110 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2014-04-09 04:02:19 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2014-04-09 04:02:16 1F76F7CB3C690ACB985C2FD419383B49 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 04:02:13 1E886E327F37F34CC7465F1605D1F3CD 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2014-04-09 04:02:12 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2014-04-09 04:02:09 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2014-04-08 07:48:29 C33CA1A7B95318D945F96A794E3C0DE7 25400 -c--a-w- C:\Windows\SysWOW64\authuitu.dll 2014-04-08 07:48:19 A0265D720F0F4B0496A2D679D64C2E83 35640 -c--a-w- C:\Windows\SysWOW64\uxtuneup.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-04-09 07:11:58 7446786E7092ABE122D372F95E6ED74B 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-04-09 07:11:53 FFF555C177D9F2B79B5C3146BED09FB1 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-04-09 07:11:45 6A8AA25D37F89E40B834F34950E3B89B 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-04-09 07:11:41 D6067F7EE060C5D6D79008AD591B4E3B 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-04-09 07:11:41 3F498856C68725717195C16568FE19D0 586240 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-04-09 07:11:40 964C89BC8A52A260D68C90FDDEB862E2 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-04-09 07:11:40 72116CC377FF4281B0132C397026D911 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-04-09 07:11:37 3F547245C78F4847B73EDDFD4A2F7E12 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-04-09 07:11:36 E0D95345D1EBB54F28E958782B9C0CE0 453120 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-04-09 07:11:36 CFBA793F678EB3855052ECF99357A9A1 296960 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-04-09 07:11:35 E7161E2C66FF9B1E87C30FC9D2497ABB 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-04-09 07:11:35 CB57E934280D346AE0A9B053DAA284C5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-04-09 07:11:34 75AD355828187145A60E3DC7BAF7B0F3 628736 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-04-09 07:11:33 1BF215FF4DF6DE10D2F81A2CE85157D2 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-04-09 07:11:32 A3F9A9E46BDDBB8B20B7CF3EEDB990F2 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-04-09 07:11:31 37D0FB9E5E8EDA40B66FC3FB3D660261 23549440 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-04-09 07:11:28 EBAD8A4D048ED257E4A45F6356541F86 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-04-09 07:11:28 915D8A9E112C97C90C654F792B6B28B9 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-04-09 07:11:27 A3A132CBE48AF0324466469F2CAAE8A2 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-04-09 07:11:26 710FD0E362A1A5C087DB90C1BAC46411 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-04-09 07:11:25 1F8534A19A66275C863DE17645CB2A13 2767360 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-04-09 07:11:24 F220BA78AB542C70211D73AE4729B2CD 2260480 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-04-09 07:11:24 32417AE8280276968E5C551ED85D3525 1400832 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-04-09 07:11:22 A14BB2F5F6457738AAA11367F5172A05 13551104 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-04-09 07:11:22 1654093C8BD3342997D27B71684ACCE8 2043904 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-04-09 07:11:19 BF25489459C7A762DD7B3186C7E3984D 5784064 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-04-09 04:02:26 D2A513EE880D71BDE7F0257F38B9D019 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2014-04-09 04:02:24 2A107B611C91CD256466C58C0D776E9D 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2014-04-09 04:02:22 7434E01FBCA3CB86539C39412A31D5E1 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2014-04-09 04:02:16 74959C718FF4594369645F35B7DF19C4 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2014-04-09 04:02:15 0F090A77E664CB0F70AB8D3B230B760C 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2014-04-08 07:48:29 8BAC9B63A6F3864F5F973729014F6D7F 29496 -c--a-w- C:\Windows\Sysnative\authuitu.dll 2014-04-08 07:48:20 153C65961B92D0FF804644533E7F1100 42808 -c--a-w- C:\Windows\Sysnative\uxtuneup.dll ====== C:\Windows\Sysnative\drivers ===== 2014-04-09 04:02:34 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys 2014-04-09 04:02:34 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\Sysnative\drivers\storport.sys 2014-04-09 04:02:34 96BB922A0981BC7432C8CF52B5410FE6 274880 -c--a-w- C:\Windows\Sysnative\drivers\msiscsi.sys 2014-04-09 04:02:03 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys ====== C:\Windows\Tasks ====== 2014-03-21 17:11:32 772096B1533565D97B73C65131B7AA23 3694 -c--a-w- C:\Windows\Sysnative\Tasks\Adobe online update program 2014-03-21 15:59:20 FB0B54A2DCDE2E4CC4FCE0C703E9E57A 3292 -c--a-w- C:\Windows\Sysnative\Tasks\pricemeterdownloader ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-04-10 06:49:14 -------- dc----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-04-08 07:23:12 -------- dc----w- C:\PROGRA~2\TuneUp Utilities 2014 ======= C: ===== ====== C:\Users\alain\AppData\Roaming ====== 2014-04-09 07:45:35 -------- dcsh--w- C:\Users\alain\AppData\Locallow\EmieUserList 2014-04-09 07:45:30 -------- dcsh--w- C:\Users\alain\AppData\Local\EmieUserList 2014-04-09 07:45:30 -------- dcsh--w- C:\Users\alain\AppData\Local\EmieSiteList 2014-04-09 07:30:54 -------- dcsh--w- C:\Users\alain\AppData\Locallow\EmieSiteList 2014-04-08 07:24:18 -------- dc----w- C:\Users\alain\AppData\Local\TuneUp Software 2014-03-27 15:14:27 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\AVG 2014-03-26 11:01:09 -------- dc----w- C:\Users\alain\AppData\Local\AVG 2014-03-23 06:38:56 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG 2014-03-22 06:37:19 -------- dc----w- C:\Users\alain\AppData\Roaming\AVG 2014-03-21 15:59:30 -------- dc----w- C:\Users\alain\AppData\Local\PriceMeterLiveUpdate ====== C:\Users\alain ====== 2014-04-10 06:57:19 662C39FC1E27131551D557862CEC47F0 935175 -c--a-w- C:\Users\alain\Desktop\RSITx64.exe 2014-04-09 08:40:10 -------- dc-h--w- C:\ProgramData\CanonIJMyPrinter 2014-04-09 08:37:52 -------- dc----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikersregistratie voor Canon MG5500 series 2014-04-09 08:13:34 -------- dc-h--w- C:\ProgramData\CanonIJMIG 2014-04-07 08:24:11 -------- dc----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher 2014-04-01 07:54:07 -------- dc----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-03-22 06:33:34 -------- dc----w- C:\ProgramData\AVG ====== C: exe-files == 2014-04-11 06:04:54 E6AB3AED57555CB7942940597C0F90BE 126264 -c--a-w- C:\Users\alain\AppData\Local\Temp\TUUUninstallHelper.exe 2014-04-10 06:57:19 662C39FC1E27131551D557862CEC47F0 935175 -c--a-w- C:\Users\alain\Desktop\RSITx64.exe 2014-04-10 06:49:14 9A2347903D6EDB84C10F288BC0578C1C 388608 -c--a-w- C:\Program Files\trend micro\alain.exe 2014-04-10 06:48:58 662C39FC1E27131551D557862CEC47F0 935175 -c--a-w- C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LD1L210\RSITx64.exe 2014-04-09 08:37:52 EA2DFB3E298DE43E77EC4E70C9B3B8BD 69712 -c----w- C:\Program Files (x86)\Canon\IJEREG\MG5500 series\IJRMF.exe 2014-04-09 08:37:52 57B2DC0F38E830D98C5D5323F0F3C262 72784 -c----w- C:\Program Files (x86)\Canon\IJEREG\MG5500 series\UNINST.EXE 2014-04-09 08:29:46 9FA2DA695795766CB2CF977DAB3D44D6 56424 -c----w- C:\Program Files\CanonBJ\IJPrinter\Canon MG5500 series\IJDIA6.exe 2014-04-09 08:11:54 204B2B393B0A41E394C08EE3285C4BD1 94344 -c--a-r- C:\Program Files (x86)\Canon\IJPLM\setup.exe 2014-04-09 08:11:17 0767866EC60D7505DEF5B27288022351 124496 -c--a-w- C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe 2014-04-09 08:11:15 DE4445CFBBFC40A407D7C0DC96A66691 94288 -c--a-w- C:\Program Files (x86)\Canon\IJ Scan Utility\MAPI.exe 2014-04-09 08:11:15 1254E2F94611C48090EA705879818560 1112656 -c--a-w- C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe 2014-04-09 08:11:11 D692DF2EE9EAF76E45E391FB1EF71153 421032 -c-ha-w- C:\Program Files (x86)\Canon\IJ Scan Utility\MAINT.exe 2014-04-09 08:08:11 5F875FDDFFC4D7E91C2B10E895CC6F8C 354392 -c--a-r- C:\Users\alain\AppData\Local\Temp\uninstall.exe 2014-04-09 07:11:50 F972DDD19A10F53D74021DDEAC07CCA6 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-04-09 07:11:50 E0155A11B26C7D5347069AB7ACB62D02 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-04-09 07:11:50 BEA4E0C0BA936E8A3DB24D1A37BF70BE 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-04-09 07:11:49 C5C7E33308BAE18BD9F59F9A93E85D33 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-04-09 07:11:41 3F498856C68725717195C16568FE19D0 586240 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-04-09 07:11:33 21BF6759685FD193715B483F2B3F21B1 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-04-09 07:11:33 1BF215FF4DF6DE10D2F81A2CE85157D2 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-04-09 07:11:27 A3A132CBE48AF0324466469F2CAAE8A2 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-04-09 07:11:26 710FD0E362A1A5C087DB90C1BAC46411 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-04-09 07:11:24 EA8386CA87165460D39A1D29FF11080B 809680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-04-09 07:11:23 0667ED9F8E905E1F73DB60ACCEDCBCA7 811728 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-04-09 04:02:19 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2014-04-09 04:02:12 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2014-04-09 04:02:09 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2014-04-08 07:46:54 5D98C7A746137AE06D907D98E7882313 2163000 -c--a-w- C:\Users\alain\AppData\Local\Temp\UpdateWizard_25616\SilentUpdater.exe 2014-04-08 07:24:48 54D079901CD1BA5363085919304C1C2C 223264 -c--a-w- C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QX60JT6\FreeZipSetup-2zR274lz.exe 2014-04-08 07:14:10 09FD43536D7488FE5B2F99CCA8B80DFA 46908840 -c--a-w- C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIN4CC3J\TuneUpUtilities2014_en-US.exe 2014-04-08 06:41:53 09FD43536D7488FE5B2F99CCA8B80DFA 46908840 -c--a-w- C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LD1L210\TuneUpUtilities2014_en-US.exe 2014-04-07 08:24:55 FFEAB08AE0C438B404D0CFD0D1C31F22 114376 -c--a-w- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\uninstall.exe 2014-04-07 08:22:26 51A688A1FE54CDB1BB25DD5040F82FA6 17282640 -c--a-w- C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYE6FI3T\aTubeCatcher.exe 2014-04-06 08:24:56 22385EE33688B10B61DA1D8CA9549E4B 120192 -c--a-w- C:\Users\alain\AppData\Local\Temp\clear.fiClient\cabarc.exe === C: other files == 2014-04-09 04:02:34 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2014-04-09 04:02:34 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\System32\drivers\storport.sys 2014-04-09 04:02:34 96BB922A0981BC7432C8CF52B5410FE6 274880 -c--a-w- C:\Windows\System32\drivers\msiscsi.sys 2014-04-09 04:02:03 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2014-04-08 07:46:53 148126672BDB54DAA2C3088C307A7464 2568528 -c--a-w- C:\Users\alain\AppData\Local\Temp\UpdateWizard_25616\package_14.0.1001.380_to_14.0.1001.392.zip 2014-04-07 08:23:10 D6073A3FA57E22B82F13FCBAD71EDC92 1705 -c--a-w- C:\Users\alain\AppData\Local\Temp\oc_23D5\upgrade.zip 2014-04-04 18:34:29 A11B1B816B3452EA73970B3F53C73827 1033965 -c--a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_162a846a-f23a-47d2-9b00-6939b26c8628.zip 2014-04-04 17:25:28 8FF3C38C142ADD1AC13B98E18C092665 1017052 -c--a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_4a3ea14a-f224-47d2-9b27-6939b26c8628.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver " "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe " "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon " "IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE " "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver " "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe " "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe " "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "SkyDrive"="\"C:\\Users\\alain\\AppData\\Local\\Microsoft\\SkyDrive\\SkyDrive.exe\" /background" "NTRedirect"="C:\\Windows\\SysWOW64\\rundll32.exe \"C:\\Users\\alain\\AppData\\Roaming\\BabSolution\\Shared\\enhancedNT.dll\",Run" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "vProt"="\"C:\\Program Files (x86)\\AVG Secure Search\\vprot.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeMovieService" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer\\clear.fi\\Movie\\clear.fiMovieService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Advanced Audio v2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dolby Advanced Audio v2" "hkey"="HKLM" "command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EEventManager" "hkey"="HKLM" "command"="C:\\PROGRA~2\\EPSONS~1\\EVENTM~1\\EEventManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecPMMUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX210 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EPSON SX210 Series" "hkey"="HKCU" "command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIFDE.EXE /FU \"C:\\Users\\alain\\AppData\\Local\\Temp\\E_S145B.tmp\" /EF \"HKCU\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LManager" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileBroadband] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MobileBroadband" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Vodafone\\Vodafone Mobile Broadband\\Bin\\MobileBroadband.exe /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE4" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SuiteTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^alain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "item"="Dropbox" "path"="C:\\Users\\alain\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\alain\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_EB_RPCV4_01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_PM_RPCV4_01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VmbService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "MSC"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" ==== Startup Folders ====================== 2013-08-18 11:35:31 1053 -c-ha-w- C:\Users\alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a--c--- [undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core.job --a--c--- C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/02/2013 14:13] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA.job --a--c--- C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/02/2013 14:13] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/10/2012 07:53] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/10/2012 07:53] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\0" [c:\program files\internet explorer\iexplore.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"] "C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core" [C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA" [C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\alain\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\pricemeterdownloader" [C:\Users\alain\AppData\Local\PriceMeter\pricemeterd.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{97AA51C9-AC69-4524-B564-DB6C5E236309}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{1137D312-D604-40E6-80D4-64945D0C9DCB}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{1E86B152-0279-4C4A-B3F7-BF4C47CCD9C2}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{37415A4E-3F55-412F-A600-E2EE497A832D}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{831227B2-235C-419D-A532-F99F94993806}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{8E2D9D37-81B1-438C-93A9-B73D30E01F35}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{AF454F46-4C32-4E2E-BCF4-563D25CB09BC}" [C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE] "C:\Windows\SysNative\tasks\{BAF2D979-D8DC-47F1-A257-4EAB52E461BF}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{CA4BF9A3-5B8D-473D-8610-5639D3C97E87}" [C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE] "C:\Windows\SysNative\tasks\{CADF8D62-B9C9-4A4D-A65D-35A3A9705C6E}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\{CDDEFDED-A3AD-41AD-B8CC-3802F4328783}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{E7E3EE23-A1FA-496C-B7CF-DC47F484AFB9}" [C:\Program Files (x86)\Mobistar Internet Everywhere\Mobistar Internet Everywhere.exe] "C:\Windows\SysNative\tasks\{E9764320-6B91-4284-B9B7-3184EBBE7639}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{EA946BB5-03C2-4352-8CD3-C37E263CBB05}" [D:\AUTORUN.EXE] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "discountfinder@moneymillionaire.com"="C:\ProgramData\Kortingzoeker\FFExtension20131010193222" [12/10/2013 16:05] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e77d8ca6-3a60-4ae9-8461-53b22fa3125b}"="C:\Program Files (x86)\Re-markit\135.xpi" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\i4emk1mu.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\i4emk1mu.default 506C758195FD6F4F1594C0F1B1E32A15 - C:\ProgramData\Kortingzoeker\FFExtension20131010193222\plugins\npdf.dll - MoneyMillionaire plugin 4F26678A032868EA584431944FB2E6C7 - C:\Users\alain\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll - Microsoft Office 2013 FF0D6F82A0EC13952E83B9439100E45D - C:\Users\alain\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bebnnlollpcjnfpkafhoclljaojgnfok - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx[] dcpfhaghaadpjpgocojgnlhjcieeooel - C:\Program Files (x86)\Re-markit\135.crx[] fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Bing" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Bing" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{20711F84-BDC0-4ABF-84DA-B974A90FDD74}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {20711F84-BDC0-4ABF-84DA-B974A90FDD74} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\mozilla\Firefox\Extensions\{e77d8ca6-3a60-4ae9-8461-53b22fa3125b} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EF4A5F14-7108-05E7-076F-1458E406D2E6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bebnnlollpcjnfpkafhoclljaojgnfok deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Cody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Cody\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\alain\AppData\Local\Mozilla\Firefox\Profiles\i4emk1mu.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1109 folders=241 161090291 bytes) ==== Empty Temp Folders ====================== C:\Users\alain\AppData\Local\Temp will be emptied at reboot C:\Users\Cody\AppData\Local\Temp emptied successfully C:\Users\Gast\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\alain\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~2\AVG Secure Search" not found "C:\PROGRA~2\AVG Secure Search" not found ==== EOF on vr 11/04/2014 at 8:45:55,93 ======================

Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by alain on vr 11/04/2014 at 8:03:19,59. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\alain\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used] ===== Runcheck 8:09:45,22 ===== --- Create Environment Variables 8:09:47,15 --- Create System Restore Point 8:09:56,39 --- Checking Input 8:10:14,43 --- AU AppData Check 8:10:23,59 --- Remove From Windows Installer 8:10:35,26

Logfile of random's system information tool 1.09 (written by random/random) Run by alain at 2014-04-10 09:02:59 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 474 GB (80%) free of 595 GB Total RAM: 3563 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:03:02, on 10/04/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17041) Boot mode: Normal Running processes: C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files\trend micro\alain.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file) R3 - URLSearchHook: (no name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: IEToolbar.BHO - {1d970ed5-3eda-438d-bffd-715931e2775b} - mscoree.dll (file missing) O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file) O3 - Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file) O3 - Toolbar: MoneyMillionaire Toolbar - {d28c7e56-2cc6-415c-8727-d71334085926} - mscoree.dll (file missing) O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: (no name) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - (no file) O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon O4 - HKLM\..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE O4 - HKCU\..\Run: [Facebook Update] "C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Startup: Dropbox.lnk = alain\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file) O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater18.0.5 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12414 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe C:\PROGRA~2\AVG\AVG2014\avgrsa.exe /boot C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=0129af38-5e22-455a-94df-3306ff814536 /coreSdkOptions=4382 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\4314ca15-9532-4d47-bddb-210507bbdf62-188-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\" %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "c:\Program Files\Microsoft Security Client\MsMpEng.exe" C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup atieclxx C:\Windows\System32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe" "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe" "C:\Program Files (x86)\Launch Manager\dsiwmis.exe" "C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE" "C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window "C:\Program Files\Acer\Acer Updater\UpdaterService.exe" "C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe" "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe" "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" "C:\Program Files (x86)\AVG\AVG2014\avgemca.exe" "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" WLIDSvcM.exe 2900 "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe" 72648 "C:\ProgramData\AVG Secure Search\Logger\logger.properties" \??\C:\Windows\system32\conhost.exe "1665374476-2110944395483270257-1470486880-571040242461591855-1192639441-1118629599 "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" C:\Windows\System32\alg.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "taskhost.exe" "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe" /TUStart /pid:2704 "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY taskeng.exe {D6FE293C-8B84-4755-A8F4-543817D9DB73} "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe" "C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe" "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe" "C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt "C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt "c:\Program Files\Microsoft Security Client\NisSrv.exe" "C:\Users\alain\Desktop\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF} ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-21 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12 1154720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] DVDVideoSoft WebPageAdjuster Class [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775b}] IEToolbar.BHO - C:\Windows\system32\mscoree.dll [2010-11-21 444752] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14 175776] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll [2014-03-21 3486232] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-21 194128] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12 1431712] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] DVDVideoSoft WebPageAdjuster Class [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12 1154720] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-21 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} {d28c7e56-2cc6-415c-8727-d71334085926} - MoneyMillionaire Toolbar - C:\Windows\system32\mscoree.dll [2010-11-21 444752] {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14 4372120] {48586425-6bb7-4f51-8dc6-38c88e3ebb58} {95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll [2014-03-21 3486232] {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12 1431712] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-21 194128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"=C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-12 138096] "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-03-05 39408] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584] ""=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [2011-02-18 177448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe [2011-02-03 506712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [2008-12-04 665424] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-09-18 407920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-09-18 201584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE [2008-11-06 223232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [2011-03-31 1092688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-03-21 2207848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-04-07 11788392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-25 336384] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2010-09-28 340336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-03-05 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^alain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] C:\Users\alain\AppData\Roaming\Dropbox\bin\Dropbox.exe [2014-01-03 30714328] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-03-19 4971024] "CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2013-05-02 1282120] "IJNetworkScannerSelectorEX"=C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2013-02-19 453736] C:\Users\alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\alain\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe] "Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-04-10 08:49:14 ----DC---- C:\Program Files\trend micro 2014-04-10 08:49:13 ----DC---- C:\rsit 2014-04-09 10:40:10 ----HDC---- C:\ProgramData\CanonIJMyPrinter 2014-04-09 10:13:34 ----HDC---- C:\ProgramData\CanonIJMIG 2014-04-09 09:11:58 ----A---- C:\Windows\system32\ieui.dll 2014-04-09 09:11:57 ----A---- C:\Windows\SYSWOW64\ieui.dll 2014-04-09 09:11:53 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2014-04-09 09:11:53 ----A---- C:\Windows\system32\vbscript.dll 2014-04-09 09:11:41 ----A---- C:\Windows\system32\iernonce.dll 2014-04-09 09:11:41 ----A---- C:\Windows\system32\ie4uinit.exe 2014-04-09 09:11:40 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-09 09:11:40 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2014-04-09 09:11:37 ----A---- C:\Windows\system32\jscript9diag.dll 2014-04-09 09:11:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2014-04-09 09:11:36 ----A---- C:\Windows\system32\dxtrans.dll 2014-04-09 09:11:36 ----A---- C:\Windows\system32\dxtmsft.dll 2014-04-09 09:11:35 ----A---- C:\Windows\SYSWOW64\msrating.dll 2014-04-09 09:11:35 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2014-04-09 09:11:35 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2014-04-09 09:11:35 ----A---- C:\Windows\system32\msrating.dll 2014-04-09 09:11:35 ----A---- C:\Windows\system32\jsproxy.dll 2014-04-09 09:11:34 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2014-04-09 09:11:34 ----A---- C:\Windows\system32\msfeeds.dll 2014-04-09 09:11:33 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2014-04-09 09:11:33 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2014-04-09 09:11:33 ----A---- C:\Windows\system32\ieUnatt.exe 2014-04-09 09:11:32 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2014-04-09 09:11:32 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2014-04-09 09:11:32 ----A---- C:\Windows\system32\iesetup.dll 2014-04-09 09:11:31 ----A---- C:\Windows\system32\mshtml.dll 2014-04-09 09:11:28 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2014-04-09 09:11:28 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2014-04-09 09:11:28 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2014-04-09 09:11:28 ----A---- C:\Windows\system32\ieetwproxystub.dll 2014-04-09 09:11:28 ----A---- C:\Windows\system32\ieapfltr.dll 2014-04-09 09:11:27 ----A---- C:\Windows\system32\ieetwcollector.exe 2014-04-09 09:11:26 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-09 09:11:25 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2014-04-09 09:11:25 ----A---- C:\Windows\system32\iertutil.dll 2014-04-09 09:11:24 ----A---- C:\Windows\SYSWOW64\wininet.dll 2014-04-09 09:11:24 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2014-04-09 09:11:24 ----A---- C:\Windows\system32\wininet.dll 2014-04-09 09:11:24 ----A---- C:\Windows\system32\urlmon.dll 2014-04-09 09:11:22 ----A---- C:\Windows\system32\ieframe.dll 2014-04-09 09:11:21 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2014-04-09 09:11:20 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2014-04-09 09:11:19 ----A---- C:\Windows\system32\jscript9.dll 2014-04-09 09:11:18 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2014-04-09 06:02:34 ----AC---- C:\Windows\system32\drivers\msiscsi.sys 2014-04-09 06:02:34 ----A---- C:\Windows\system32\drivers\storport.sys 2014-04-09 06:02:34 ----A---- C:\Windows\system32\drivers\Diskdump.sys 2014-04-09 06:02:33 ----A---- C:\Windows\SYSWOW64\iologmsg.dll 2014-04-09 06:02:33 ----A---- C:\Windows\system32\iologmsg.dll 2014-04-09 06:02:26 ----A---- C:\Windows\system32\kernel32.dll 2014-04-09 06:02:24 ----A---- C:\Windows\system32\wow64.dll 2014-04-09 06:02:23 ----A---- C:\Windows\SYSWOW64\kernel32.dll 2014-04-09 06:02:22 ----A---- C:\Windows\system32\wow64win.dll 2014-04-09 06:02:19 ----A---- C:\Windows\SYSWOW64\setup16.exe 2014-04-09 06:02:16 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll 2014-04-09 06:02:16 ----A---- C:\Windows\system32\ntvdm64.dll 2014-04-09 06:02:15 ----A---- C:\Windows\system32\wow64cpu.dll 2014-04-09 06:02:13 ----A---- C:\Windows\SYSWOW64\wow32.dll 2014-04-09 06:02:12 ----A---- C:\Windows\SYSWOW64\instnm.exe 2014-04-09 06:02:09 ----A---- C:\Windows\SYSWOW64\user.exe 2014-04-09 06:02:03 ----A---- C:\Windows\system32\drivers\ntfs.sys 2014-04-08 09:48:29 ----AC---- C:\Windows\SYSWOW64\authuitu.dll 2014-04-08 09:48:29 ----AC---- C:\Windows\system32\authuitu.dll 2014-04-08 09:48:20 ----AC---- C:\Windows\system32\uxtuneup.dll 2014-04-08 09:48:19 ----AC---- C:\Windows\SYSWOW64\uxtuneup.dll 2014-04-08 09:34:01 ----AC---- C:\Windows\system32\TURegOpt.exe 2014-04-08 09:23:12 ----DC---- C:\Program Files (x86)\TuneUp Utilities 2014 2014-03-22 08:37:19 ----DC---- C:\Users\alain\AppData\Roaming\AVG 2014-03-22 08:33:34 ----DC---- C:\ProgramData\AVG 2014-03-22 08:33:11 ----SHDC---- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-03-21 17:59:30 ----DC---- C:\ProgramData\PriceMeterLiveUpdate 2014-03-21 17:59:30 ----DC---- C:\Program Files (x86)\PriceMeterLiveUpdate 2014-03-21 17:59:23 ----DC---- C:\Users\alain\AppData\Roaming\PriceMeterUpdater 2014-03-21 17:37:29 ----SHDC---- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-03-21 08:06:13 ----DC---- C:\ProgramData\AVG Secure Search 2014-03-12 09:41:15 ----A---- C:\Windows\system32\wwansvc.dll 2014-03-12 09:41:14 ----A---- C:\Windows\SYSWOW64\wer.dll 2014-03-12 09:41:14 ----A---- C:\Windows\system32\wer.dll 2014-03-12 09:41:13 ----A---- C:\Windows\system32\win32k.sys 2014-03-12 09:36:40 ----A---- C:\Windows\SYSWOW64\qedit.dll 2014-03-12 09:36:40 ----A---- C:\Windows\system32\qedit.dll 2014-03-12 09:36:39 ----A---- C:\Windows\system32\WindowsCodecs.dll 2014-03-12 09:36:38 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll ======List of files/folders modified in the last 1 month====== 2014-04-10 08:58:23 ----DC---- C:\Windows\Temp 2014-04-10 08:51:06 ----DC---- C:\Windows\system32\config 2014-04-10 08:49:14 ----RDC---- C:\Program Files 2014-04-10 08:39:06 ----DC---- C:\ProgramData\clear.fi 2014-04-10 08:38:42 ----DC---- C:\Windows\tracing 2014-04-10 08:23:34 ----DC---- C:\ProgramData\MFAData 2014-04-10 07:10:21 ----DC---- C:\Windows\SysWOW64 2014-04-09 11:10:00 ----DC---- C:\Windows\system32\Tasks 2014-04-09 10:51:30 ----DC---- C:\ProgramData\CanonIJPLM 2014-04-09 10:47:55 ----DC---- C:\Program Files (x86)\Canon 2014-04-09 10:40:10 ----HDC---- C:\ProgramData 2014-04-09 10:10:13 ----RSDC---- C:\Windows\Media 2014-04-09 10:09:55 ----DC---- C:\Windows\Prefetch 2014-04-09 09:29:04 ----D---- C:\Windows\winsxs 2014-04-09 09:21:31 ----DC---- C:\Program Files\Internet Explorer 2014-04-09 09:21:30 ----DC---- C:\Windows\SYSWOW64\nl-NL 2014-04-09 09:21:30 ----DC---- C:\Windows\SYSWOW64\en-US 2014-04-09 09:21:28 ----DC---- C:\Windows\system32\nl-NL 2014-04-09 09:21:28 ----DC---- C:\Windows\system32\en-US 2014-04-09 09:21:28 ----DC---- C:\Windows\System32 2014-04-09 09:21:28 ----DC---- C:\Windows\PolicyDefinitions 2014-04-09 09:21:27 ----DC---- C:\Program Files (x86)\Internet Explorer 2014-04-09 09:21:23 ----DC---- C:\Windows\system32\drivers 2014-04-09 09:21:23 ----DC---- C:\Windows\AppPatch 2014-04-09 09:21:21 ----D---- C:\Windows\system32\DriverStore 2014-04-09 09:21:04 ----DC---- C:\Windows\system32\drivers\UMDF 2014-04-09 09:12:57 ----DC---- C:\Windows\system32\catroot 2014-04-09 09:12:56 ----DC---- C:\Windows\system32\catroot2 2014-04-09 09:11:00 ----SHD---- C:\System Volume Information 2014-04-09 09:06:24 ----SHDC---- C:\Windows\Installer 2014-04-09 09:06:23 ----SHDC---- C:\Config.Msi 2014-04-09 09:05:54 ----DC---- C:\Windows\system32\MRT 2014-04-09 09:01:48 ----A---- C:\Windows\system32\MRT.exe 2014-04-09 08:58:02 ----DC---- C:\Users\alain\AppData\Roaming\vlc 2014-04-09 08:06:28 ----DC---- C:\Windows\inf 2014-04-09 08:06:28 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-04-08 09:53:19 ----DC---- C:\Windows\Tasks 2014-04-08 09:32:20 ----DC---- C:\Program Files (x86)\AVG 2014-04-08 09:29:00 ----DC---- C:\Windows 2014-04-08 09:23:12 ----DC---- C:\Program Files (x86) 2014-04-07 11:13:38 ----DC---- C:\Windows\Minidump 2014-04-07 09:33:46 ----DC---- C:\Windows\system32\NDF 2014-04-06 08:45:28 ----DC---- C:\Program Files (x86)\Re-markit 2014-04-06 08:20:36 ----DC---- C:\Windows\system32\wfp 2014-04-06 08:20:36 ----DC---- C:\Program Files\Microsoft Security Client 2014-04-06 08:20:34 ----DC---- C:\Windows\system32\wbem 2014-04-06 08:18:57 ----DC---- C:\Windows\system32\drivers\etc 2014-04-06 08:18:57 ----DC---- C:\Windows\system32\CodeIntegrity 2014-04-06 08:18:57 ----DC---- C:\Windows\AppCompat 2014-04-06 08:18:51 ----HDC---- C:\ProgramData\CanonIJETV 2014-04-06 08:18:50 ----DC---- C:\Program Files\Windows Sidebar 2014-04-06 08:18:49 ----DC---- C:\Program Files (x86)\Realtek 2014-04-06 08:18:49 ----DC---- C:\Program Files (x86)\PC Speed Up 2014-04-06 08:18:49 ----DC---- C:\Program Files (x86)\Microsoft Security Client 2014-04-06 08:17:58 ----DC---- C:\Program Files (x86)\Ask.com 2014-04-06 08:17:08 ----D---- C:\Windows\registration 2014-04-06 08:15:14 ----HDC---- C:\Program Files\CanonBJ 2014-04-06 08:15:06 ----DC---- C:\Program Files\Canon 2014-04-06 08:15:04 ----DC---- C:\Program Files (x86)\Windows Sidebar 2014-04-05 16:21:19 ----DC---- C:\ProgramData\CanonIJWSpt 2014-04-01 11:22:35 ----DC---- C:\Users\alain\AppData\Roaming\Dropbox 2014-03-27 17:04:05 ----RDC---- C:\Users 2014-03-21 19:01:09 ----DC---- C:\ProgramData\TuneUp Software 2014-03-21 18:38:30 ----DC---- C:\ProgramData\Google 2014-03-21 18:12:10 ----DC---- C:\Users\alain\AppData\Roaming\TuneUp Software 2014-03-21 18:04:38 ----ADC---- C:\ProgramData\Temp 2014-03-21 08:05:35 ----DC---- C:\Program Files (x86)\AVG Secure Search 2014-03-12 10:31:58 ----AC---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2014-03-12 10:23:15 ----DC---- C:\Program Files\Microsoft Silverlight 2014-03-12 10:23:06 ----DC---- C:\Program Files (x86)\Microsoft Silverlight ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2013-11-25 196376] R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2013-10-31 294712] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2013-10-01 123704] R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2013-09-10 31544] R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2013-11-25 150808] R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2013-11-25 243480] R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2013-11-01 212280] R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2013-08-01 251192] R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2014-03-21 49952] R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2011-05-20 22912] R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2011-05-20 20328] R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-05-20 62584] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928] R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600] R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-21 146432] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-25 9257472] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-25 300544] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-03-17 2712064] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-04-12 2833256] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424] R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432] R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144] R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840] R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2014-02-10 14112] R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408] R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-15 47232] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 A38CCID;CCID USB Smart Card Reader; C:\Windows\system32\DRIVERS\a38ccid.sys [2013-01-30 46720] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-12-30 117248] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-09-12 57856] S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-06-10 98816] S3 huawei_cdcecm;huawei_cdcecm; C:\Windows\system32\DRIVERS\ew_jucdcecm.sys [2010-12-30 54784] S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-06-10 86016] S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2011-06-10 28672] S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2011-06-10 213504] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-09-10 117248] S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [] S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208] S3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista; C:\Windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-24 19456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-11-13 56832] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] S3 usbrndis6;USB RNDIS6-adapter; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 19968] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496] S3 WinUsb;WinUsb-stuurprogramma; C:\Windows\system32\drivers\WinUSB.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-25 204288] R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-02-23 3782672] R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-09-24 348008] R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504] R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-03-31 352848] R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2013-05-14 140936] R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808] R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832] R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944] R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2014-03-31 2183992] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [2014-03-21 1771032] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480] R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-12 247968] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528] S2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-12 193696] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 257928] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-03-04 655624] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-10-09 194032] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-04-09 111616] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe -d -f C:\Program Files (x86)\WinPcap\rpcapd.ini [] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-05 1255736] S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432] S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808] S4 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912] S4 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552] S4 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [2007-12-17 163840] S4 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464] S4 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-01-18 39528] S4 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 116648] S4 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 116648] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] -----------------EOF-----------------

Hallo, Sinds een week heb ik problemen met mijn laptop. 2 keer is hij al gecrasht. Ook kan ik met mijn printer (Canon MG 5550)niet meer afdrukken via WiFi. Heb verschillende keren een systeemherstel gedaan zonder enige verandering. Ik gebruik ook een Wlan-versterker (Medion MD 86464). ook deze kan ik niet meer gebruiken. Het internet dat ik gebruik is van Belgacom BB-3. Ik gebruik de versterker omdat ik via de modem van mijn zus gebruik. Ik woon in een appartement van 3 verdiepen. mijn zus woont op het 3de en ik op het 1ste. Voor de problemen begonnen had ik geen problemen om op het net te surfen in mijn kamer. Maar nu moet ik in de living al gaan om op het net te geraken, waar ik 2 à 3 blokjes heb voor de verbinding. In mijn kamer geen enkel blokje. Vroeger volledig bereik 5 blokjes. Nu ben ik echt ten einde raad. Mijn laptop is een Acer Aspire 7560. Hoop dat jullie mij kunnen helpen. Mvg Alain.

neen geen problemen met muis. heb een andere genomen.

Soms verspringt de muis zonder eraan te komen en op sommige momenten als ik op internet zit zie ik de muis bewegen en sluit mijn internet af. Ook heb ik de laatste maanden als ik op internet zit dat mijn laptop gewoon blokkeert. Dan kan mijn peiltje niet meer verplaatsen en moet ik hem sluiten en terug opstarten. Nadat ik terug ben opgestart doe ik een systeemherstel en dan gaat het weer beter voor een paar dagen. Na die paar dagen blokkeert hij weer en doe ik opnieuw de zelfde handelingen. Mijn anti-virus is Avira free. Regelmatig doe ik een scan min 1 maal per week. Ik heb Windows7. Acer laptop aspire 7560. Iedere dag vraagt hij ook om een programma te installeren met de naam: Jucheck.exe Uitgever: Oracle Amerika,inc. Locatie: "C:\program Files(x86)\Common Files\Java\Java update\Jucheck.exe" - auto -scheduled. Maar dit vertrouw ik niet en installeer ik dan ook niet. Wat zou het probleem kunnen volgens jullie? Mvg Alain.

Zoek.exe Version 4.0.0.2 Updated 02-March-2013 Tool run by alain on ma 04/03/2013 at 9:33:00,21. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\alain\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\System32\alg.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_171_ActiveX.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\program files (x86)\avira\antivir desktop\avcenter.exe C:\Users\alain\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Installed Programs ====================== ???? ???? ????? ???? Windows Live ????? Windows Live ?????? ??????? ???????? ?????????? Windows Live ?????????? ?????????? (????????????? ??????) ??????????? ABBYY FineReader 6.0 Sprint Acer Backup Manager Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer GameZone Console Acer Registration Acer ScreenSaver Acer Updater Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.5.4 MUI AMD System Monitor AMD VISION Engine Control Center Argazki Galeria Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Avira Free Antivirus Backup Manager V3 Bing Bar Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish clear.fi clear.fi Client D3DX10 Dolby Advanced Audio v2 Epson Easy Photo Print 2 Epson Event Manager EPSON Scan Epson Stylus SX210_SX410_TX210_TX410 Handboek Facebook Video Calling 1.2.0.287 Fotogal‚ria Fotogalerie Fotogalerija Fotogalleri Fotogalleriet Fotograf Galerisi Fot¢t r Free YouTube to MP3 Converter version 3.10.17.221 Galeria de Fotografias Galeria de Fotos Galer¡a de fotos Galeria fotogr…fica Galeria fotografii Galerie de photos Galerie foto Galerija fotografija Google Toolbar for Internet Explorer Google Update Helper HiJackThis HUAWEI 3G Data Card Management Identity Card Java 7 Update 10 Java Auto Updater Junk Mail filter update Launch Manager MediaEspresso Microsoft Office 2010 Microsoft Office Klik-en-Klaar 2010 Microsoft Office Starter 2010 - Nederlands Microsoft PowerPoint Viewer Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MyWinLocker 4 MyWinLocker Suite NTI Media Maker 9 Photo Common Photo Gallery Poczta uslugi Windows Live Podstawowe programy Windows Live Posta Windows Live Raccolta foto Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader S?????? f?t???af??? Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Shredder Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Valokuvavalikoima Welcome Center Windows Live ??? Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalleri Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Par‡alar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven peruspaketti Windows Liven s„hk”posti ==== Deleting Files \ Folders ====================== "C:\user.js" deleted "C:\Program Files (x86)\Ask.com" deleted "C:\Users\alain\AppData\Roaming\Babylon" deleted "C:\Users\alain\AppData\Roaming\Systweak" deleted "C:\ProgramData\Babylon" deleted "C:\Users\alain\AppData\Local\AskToolbar" deleted "C:\Users\alain\AppData\Local\Babylon" deleted "C:\Users\alain\AppData\LocalLow\AskToolbar" deleted "C:\Users\alain\AppData\LocalLow\BabylonToolbar" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\alain\AppData\Local\Temp ==== ====== C:\Windows\SysWOW64 ===== 2013-02-28 08:07:19 82FF919E9236B0137B5C7455B0E1418A 3913064 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2013-02-28 08:07:19 660100CB90F344040EF57F52FC0681C3 3967848 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2013-02-28 08:01:05 990702DB35E3698AFB298D8743DACF53 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2013-02-28 08:01:05 61386FEAEFAD1AF971578602130A22B6 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2013-02-28 08:01:01 E7A4DE9232E097829F62755BC0ABE0F2 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2013-02-28 08:01:01 79FCCC6662CA3DB6E6D2F1FCF3060FB5 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2013-02-28 08:01:01 4F0C624E8E2BE4A8DB0820337B15395D 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2013-02-27 13:45:11 84AC80FCD61D389948B8C0E47623B79B 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-02-27 13:45:11 0402BFC25AB49E02256BC24E32829773 185344 ----a-w- C:\Windows\SysWOW64\elshyph.dll 2013-02-27 13:45:10 EC68C565EFEE1AAE6174C17F826C9384 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-02-27 13:45:10 E3FA8AEAA2F40EC1BB00FEFB2C4F3AD9 14317568 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-02-27 13:45:10 C28A634CF127DA67D566B5E14D0A0170 719360 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2013-02-27 13:45:10 C225E5307D8D4982A1687F2702C37C78 158720 ----a-w- C:\Windows\SysWOW64\msls31.dll 2013-02-27 13:45:10 BA15504FA59A8DC304F1CBAEBA6252A1 1766912 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-02-27 13:45:10 B96C13B5C85AC4240FE95DE115945D59 38400 ----a-w- C:\Windows\SysWOW64\imgutil.dll 2013-02-27 13:45:10 B3D105459BBA576A763E8C061E49F5C5 1129984 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-02-27 13:45:10 AF0332E09DDBE0172237D1958A7DADB8 79872 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2013-02-27 13:45:10 A3DA36A9E63FD0F9B45781E326AC6501 39936 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-02-27 13:45:10 9DF7A7C74D8632CB5EBD37E3A374825E 204800 ----a-w- C:\Windows\SysWOW64\webcheck.dll 2013-02-27 13:45:10 96E0F0BED5D9EBABB899D8CA83C36A7E 523264 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2013-02-27 13:45:10 8A45166CD9874463AB76B552C9C2D3AD 110592 ----a-w- C:\Windows\SysWOW64\IEAdvpack.dll 2013-02-27 13:45:10 87E71F2A83681F41B796CA685818EF2D 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll 2013-02-27 13:45:10 87513A002B7B0F9C259F2431DFD008DC 137216 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2013-02-27 13:45:10 828B4A41BE891A7AEC07E693422B4A3A 117248 ----a-w- C:\Windows\SysWOW64\iepeers.dll 2013-02-27 13:45:10 81C4D657D37C3A5418B54BFECE821B84 57344 ----a-w- C:\Windows\SysWOW64\pngfilt.dll 2013-02-27 13:45:10 80B47F0F45C3EBF41C30E0BA367D25D3 125440 ----a-w- C:\Windows\SysWOW64\occache.dll 2013-02-27 13:45:10 66D8CDC28A0AADDA34133AE733934658 2046464 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-02-27 13:45:10 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe 2013-02-27 13:45:10 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\SysWOW64\wextract.exe 2013-02-27 13:45:10 4BF21D1946E8119D9C23F6F925D43F01 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-02-27 13:45:10 49C9634AD2516448A0250812B7F5325C 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-02-27 13:45:10 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\SysWOW64\mshta.exe 2013-02-27 13:45:10 338520304B99471BD0ED121954FE7863 82432 ----a-w- C:\Windows\SysWOW64\inseng.dll 2013-02-27 13:45:10 2D7A29C35D0894481A69FA3AC45F18F0 41984 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll 2013-02-27 13:45:10 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\SysWOW64\iexpress.exe 2013-02-27 13:45:09 F0D4AE074D9BC0741DC6E91C741F2F8C 23040 ----a-w- C:\Windows\SysWOW64\licmgr10.dll 2013-02-27 13:45:09 E14A07B768EC49D382CABCE2F078D576 232960 ----a-w- C:\Windows\SysWOW64\url.dll 2013-02-27 13:45:09 DEFB55D4FF094673DF31FA89A8A8A2F0 226816 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2013-02-27 13:45:09 C68FBBF01E86CB6CF0B797748FBD6C1A 357888 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2013-02-27 13:45:09 AFE08AAD4D0D54FE2EF44739255AAA0F 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-02-27 13:45:09 A7E8E3A9F92D9B0D495F636A1D282883 48640 ----a-w- C:\Windows\SysWOW64\mshtmler.dll 2013-02-27 13:45:09 9D9AC6CE9A9D951AC40DE91CD6F0A620 1441280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2013-02-27 13:45:09 932571EFF79B93F94E84ADF4989A277F 69120 ----a-w- C:\Windows\SysWOW64\icardie.dll 2013-02-27 13:45:09 826D75A36336858B004774792DC4CF4F 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2013-02-27 13:45:09 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-02-27 13:45:09 50EE6790FBBCE920FFABAD5D747F2788 391680 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-02-27 13:45:09 4A47CAEA8D3B82DE439A79771ECED4B1 361984 ----a-w- C:\Windows\SysWOW64\html.iec 2013-02-27 13:45:09 414A3D9AAE072CDEFE0B64C2EBEE18D2 61952 ----a-w- C:\Windows\SysWOW64\tdc.ocx 2013-02-27 13:45:09 404FAD93ABFBD86D1AAAB47D5DFA6505 242200 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2013-02-27 13:45:09 1DACF9167B6544536B6E9813EC026703 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-02-27 13:45:09 0F44172A5B34E8F208CD0F209EDD4A73 629248 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2013-02-27 13:45:09 06A2617B25C920887D80E8A79B7E48EA 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2013-02-27 13:45:09 059F9C59DAEDE8AF2C8C55BE278A99B0 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2013-02-27 13:40:37 FB3F036EF6A467F7AF46C821FF5D198D 220160 ----a-w- C:\Windows\SysWOW64\d3d10core.dll 2013-02-27 13:40:37 D4212AB475A3B25EC4DF574536C3EDC5 249856 ----a-w- C:\Windows\SysWOW64\d3d10_1core.dll 2013-02-27 13:40:37 C7A730AFB80B11F93EFC81B1D6F920D7 364544 ----a-w- C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-02-27 13:40:37 8504944851DF6175CC489A8F3328459E 1080832 ----a-w- C:\Windows\SysWOW64\d3d10.dll 2013-02-27 13:40:37 7ACDFB4CC67F4993DF0E0731576309B2 1504768 ----a-w- C:\Windows\SysWOW64\d3d11.dll 2013-02-27 13:40:37 6A7B5A3EFCCDB53DA41CF6838056990F 1158144 ----a-w- C:\Windows\SysWOW64\XpsPrint.dll 2013-02-27 13:40:37 6A13B4F3B3F575F1E24B877B9359AABA 10752 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-02-27 13:40:37 6951562DC4625EEFC6EACD52AD165866 9728 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-02-27 13:40:37 62A6EB5771580CAE445804389F3F7432 207872 ----a-w- C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-02-27 13:40:37 60F4AEFA103D421EA4A40E31409B4756 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-02-27 13:40:37 600A65F922CCDCBB2D11467914241556 2284544 ----a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-02-27 13:40:37 589CBC4989F750E1DA35625AB481CF43 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-02-27 13:40:37 545F1BAAADD0BF1F4FE4586293FCA07D 417792 ----a-w- C:\Windows\SysWOW64\WMPhoto.dll 2013-02-27 13:40:37 49ACA548B2423F1C67898E6AC719A9A6 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-02-27 13:40:37 4277F5164DE9B7C665BB928B9145BEE0 1247744 ----a-w- C:\Windows\SysWOW64\DWrite.dll 2013-02-27 13:40:37 3C1936A12C62254F914A01BBC6A8DC69 161792 ----a-w- C:\Windows\SysWOW64\d3d10_1.dll 2013-02-27 13:40:37 3BE0D923AA45A4DBE091C2D84F0B4FE7 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-02-27 13:40:37 3BCECD87AB4E6743BFB45B352AD1A529 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll 2013-02-27 13:40:37 2E33DFD10F28F86C3FC40EE123CC3904 2560 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-02-27 13:40:37 1C60E09CA1C3A045BC4D367F67C915B7 5632 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-02-27 13:40:37 007863E45F25AA47A4C30D0930BBFD85 5632 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-02-27 13:40:36 D4F264FE23F8953D840904418220C15E 293376 ----a-w- C:\Windows\SysWOW64\dxgi.dll 2013-02-27 13:40:36 B3170CCC779B682C3341873EA60CF084 1988096 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll 2013-02-27 13:40:36 9FF8F684BACF326082E5562F7C104A79 3419136 ----a-w- C:\Windows\SysWOW64\d2d1.dll 2013-02-27 13:40:36 8B285BDAB7735FDFB18E6F7122923B77 187392 ----a-w- C:\Windows\SysWOW64\UIAnimation.dll 2013-02-27 13:40:36 4FF3EC04CD47DD62181894B71B004E40 604160 ----a-w- C:\Windows\SysWOW64\d3d10level9.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-02-28 08:07:21 6B0D9CF92C08D42533C12FC1A0B5403F 5553512 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2013-02-28 08:06:50 59E21156113E438D1D91AF4FC0C3B19F 3153408 ----a-w- C:\Windows\Sysnative\win32k.sys 2013-02-27 13:45:11 5051BB40FFB2BA4870C0A059CA03294F 1054720 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2013-02-27 13:45:11 3531FA12A76A32ECECD972196775DF7C 226304 ----a-w- C:\Windows\Sysnative\elshyph.dll 2013-02-27 13:45:08 FC6B4D5450871A4D5CB344AFF6C090EF 281600 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2013-02-27 13:45:08 F651D95B5043EFC20A6108A853553984 92160 ----a-w- C:\Windows\Sysnative\SetIEInstalledDate.exe 2013-02-27 13:45:08 EC08E38751854C5B8899139B7DD29FF9 197120 ----a-w- C:\Windows\Sysnative\msrating.dll 2013-02-27 13:45:08 EBA7F74ACC7FF61FF92C2072C92CEF14 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-02-27 13:45:08 E965529C43D25F2BDA77D705098BF777 135680 ----a-w- C:\Windows\Sysnative\IEAdvpack.dll 2013-02-27 13:45:08 E1055A7FAD39F1F7C44F6152044056EA 905728 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2013-02-27 13:45:08 D9C10A4A0B3411146E6FC8936B079934 167424 ----a-w- C:\Windows\Sysnative\iexpress.exe 2013-02-27 13:45:08 D8DD5CBB9668EEE98915EA49C72F78FA 441856 ----a-w- C:\Windows\Sysnative\html.iec 2013-02-27 13:45:08 D8076F8A3C34064582035AE6696DC34A 27648 ----a-w- C:\Windows\Sysnative\licmgr10.dll 2013-02-27 13:45:08 D6FCE28376454CDED6E9B144B6EF309A 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-02-27 13:45:08 D2685013EEF64BB5DCD252BAB5C5FAD0 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2013-02-27 13:45:08 D0F66CFAED5B85543216EF526D380B8B 270848 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2013-02-27 13:45:08 D0D4CE6C6CE87269A34A184356475D17 149504 ----a-w- C:\Windows\Sysnative\occache.dll 2013-02-27 13:45:08 CF1387441D1096DBD4A23E155F1EE958 173568 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2013-02-27 13:45:08 C6EEC6399077E12FA902BD31F009699E 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2013-02-27 13:45:08 C2F21E3059AFF5E616F3E361D9FA10CD 62976 ----a-w- C:\Windows\Sysnative\pngfilt.dll 2013-02-27 13:45:08 C28A152C8F971B209C685F1B34B0CBF4 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-02-27 13:45:08 BC0D4AFBE94D8E1F81C8926D805C3366 247296 ----a-w- C:\Windows\Sysnative\webcheck.dll 2013-02-27 13:45:08 B3B0F58C489048D8DC1927164402EA31 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-02-27 13:45:08 ADE73A865A5F136E84F49BB6B1627C6E 1509376 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2013-02-27 13:45:08 9D8B838E173E6C69A735ADEF3C55D31D 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-02-27 13:45:08 96938C3BA9C09CEF29A7B909E3881538 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-02-27 13:45:08 942E110384668EEFF44751A02EDDF5E4 48640 ----a-w- C:\Windows\Sysnative\mshtmler.dll 2013-02-27 13:45:08 82D602EBBBA6D08E4691F32269FD3494 12800 ----a-w- C:\Windows\Sysnative\msfeedssync.exe 2013-02-27 13:45:08 7EC25F7ABF7CE6B0FE93787524EE537B 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2013-02-27 13:45:08 7539E5B4A9763C22CE5CACE3E9A6246F 19221504 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-02-27 13:45:08 69F1D418B4C4EC23033D598E4CBC6B73 2240512 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-02-27 13:45:08 658E8FEC79A4AB5BFDE032627B5C9667 13824 ----a-w- C:\Windows\Sysnative\mshta.exe 2013-02-27 13:45:08 63CAE56FE4215F98FEB0188748A99378 52224 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll 2013-02-27 13:45:08 62077020B3106089469922A93EF3ECE1 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-02-27 13:45:08 5B64B732BD620A873A2FD74862CC9018 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-02-27 13:45:08 5B15164486C66B76699E1CD2CD2F3A2A 51200 ----a-w- C:\Windows\Sysnative\imgutil.dll 2013-02-27 13:45:08 4E426A67C46379B75A5E671B46FC07F6 102912 ----a-w- C:\Windows\Sysnative\inseng.dll 2013-02-27 13:45:08 4CFBEC37E4FAD530E623E1541E1EA958 599552 ----a-w- C:\Windows\Sysnative\vbscript.dll 2013-02-27 13:45:08 40738329209CBE2C9B48F7E30F7C1414 144896 ----a-w- C:\Windows\Sysnative\wextract.exe 2013-02-27 13:45:08 402D797A7905DC3C6FE11E75CD5252EB 235008 ----a-w- C:\Windows\Sysnative\url.dll 2013-02-27 13:45:08 364D3FB12030D214433E794A67CD4C41 526848 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-02-27 13:45:08 2AAE2B8FED8390879C2369FC63F7001F 97280 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2013-02-27 13:45:08 23C80181B93AA17DACB08A7474A8558B 2647552 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-02-27 13:45:08 23556D116D5FB93395B2A648EEB24251 81408 ----a-w- C:\Windows\Sysnative\icardie.dll 2013-02-27 13:45:08 18A94D6E9D27D169D38DAB91F6A97518 136192 ----a-w- C:\Windows\Sysnative\iepeers.dll 2013-02-27 13:45:08 1456EECCB5CF6B91513200F95D61706E 762368 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2013-02-27 13:45:08 112183DF91C9BAECB498E4A86ECDE598 216064 ----a-w- C:\Windows\Sysnative\msls31.dll 2013-02-27 13:45:08 0524F299A1C79CBB537AA03376C552B7 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-02-27 13:45:07 A4DC3CD413A4D0E7CE805CAEC39CE724 15407616 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-02-27 13:45:07 440104AEB9DAF8AC9842080AE59740FA 77312 ----a-w- C:\Windows\Sysnative\tdc.ocx 2013-02-27 13:40:37 FB4045578F5180BDB1963AB352B78548 5632 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-02-27 13:40:37 FA428BDBCFAB9DC3D58F0BD2CCD50EA2 1682432 ----a-w- C:\Windows\Sysnative\XpsPrint.dll 2013-02-27 13:40:37 F5CEF064C7E6D95DA86B9D064A56A969 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-02-27 13:40:37 F49E92B50CED5C9F1725D3C0329FD933 10752 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-02-27 13:40:37 E8EEA503870CB6A6DC4E09A2433DF33E 2776576 ----a-w- C:\Windows\Sysnative\msmpeg2vdec.dll 2013-02-27 13:40:37 C4C183E6551084039EC862DA1C945E3D 1175552 ----a-w- C:\Windows\Sysnative\FntCache.dll 2013-02-27 13:40:37 C498EF41B93986BCBD483597573EB96D 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll 2013-02-27 13:40:37 AFC3DB5C6EB8CA8017DDB81D6C0AD02A 9728 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-02-27 13:40:37 9108540E866F75C7AF2B91DD921A8091 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-02-27 13:40:37 9094039A00485F71C4DE64BF51F64C46 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-version-l1-1-0.dll 2013-02-27 13:40:37 8DFB5752FCE145A6B295093C0A8BE131 363008 ----a-w- C:\Windows\Sysnative\dxgi.dll 2013-02-27 13:40:37 893E8C1E4A1263EDDB1A6922D0E32201 465920 ----a-w- C:\Windows\Sysnative\WMPhoto.dll 2013-02-27 13:40:37 7E8A672B7B06A6EB11960C22E0360C59 3928064 ----a-w- C:\Windows\Sysnative\d2d1.dll 2013-02-27 13:40:37 72723D3E4781BADC62C3180C137E7B23 4096 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-user32-l1-1-0.dll 2013-02-27 13:40:37 6F623BD09CBB4C3F97374F12976E5EA5 522752 ----a-w- C:\Windows\Sysnative\XpsGdiConverter.dll 2013-02-27 13:40:37 64A4AB126E24FD3F58EBE64852773DB5 2560 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-02-27 13:40:37 63BB89DED1E9104E68D33E54DE4D340D 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll 2013-02-27 13:40:37 0E6FBF19D9DFBB77316C23DF91F8A101 5632 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-02-27 13:40:36 F1C19F0AA151B90A7416FA1D50DDB582 245248 ----a-w- C:\Windows\Sysnative\WindowsCodecsExt.dll 2013-02-27 13:40:36 BDDF242A49E7B7DC5CCEC291BCE53ACB 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll 2013-02-27 13:40:36 B2CA1AC17E78D986B22FD6C2261CD84F 1238528 ----a-w- C:\Windows\Sysnative\d3d10.dll 2013-02-27 13:40:36 AFB73882AE41E1629A63E6713FE30FB9 296960 ----a-w- C:\Windows\Sysnative\d3d10core.dll 2013-02-27 13:40:36 9AE80F6A66B30E3ED8CDF858CF28B11B 194560 ----a-w- C:\Windows\Sysnative\d3d10_1.dll 2013-02-27 13:40:36 63F72417CA38D8FC8F53709649B589E3 333312 ----a-w- C:\Windows\Sysnative\d3d10_1core.dll 2013-02-27 13:40:36 448B02AD260EC3E1E892FCE6DFDDEEBD 1887232 ----a-w- C:\Windows\Sysnative\d3d11.dll 2013-02-27 13:40:36 3834316FE8A653227282196525E07DFE 648192 ----a-w- C:\Windows\Sysnative\d3d10level9.dll 2013-02-27 13:40:36 04CB7C8FDC6D9640DD82A527208F72C4 221184 ----a-w- C:\Windows\Sysnative\UIAnimation.dll 2013-02-26 12:41:21 0C27239FEA4DB8A2AAC9E502186B7264 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll ====== C:\Windows\Sysnative\drivers ===== 2013-02-28 08:00:43 41C67E4205C606A103DEC8651D0B6FE6 288088 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2013-02-28 08:00:42 B62A953F2BF3922C8764A29C34A22899 1913192 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\Program Files (x86) ===== 2013-03-02 08:26:53 -------- dc----w- C:\Program Files (x86)\Trend Micro ======= C: ===== ====== C:\Users\alain\AppData\Roaming ====== 2013-02-09 07:22:56 -------- dc----w- C:\users\alain\AppData\Local\DoNotTrackPlus 2013-02-09 07:22:49 -------- dc----w- C:\users\alain\AppData\Locallow\CallingID 2013-02-09 07:02:26 -------- dc----w- C:\users\alain\AppData\Roaming\Avira ====== C:\Users\alain ====== ====== C: exe-files == 2013-02-28 08:07:21 6B0D9CF92C08D42533C12FC1A0B5403F 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-28 08:07:19 82FF919E9236B0137B5C7455B0E1418A 3913064 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2013-02-28 08:07:19 660100CB90F344040EF57F52FC0681C3 3967848 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2013-02-28 08:01:05 990702DB35E3698AFB298D8743DACF53 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2013-02-28 08:01:01 E7A4DE9232E097829F62755BC0ABE0F2 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2013-02-28 08:01:01 4F0C624E8E2BE4A8DB0820337B15395D 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2013-02-27 14:06:32 74E337FFEB2B34043F8499D2F3DE03A8 59784 -c--atw- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe 2013-02-27 14:06:31 376ECCCE33C2C232112DE830E3C81763 59784 -c--atw- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleUpdateBroker.exe 2013-02-27 14:06:27 984CC93BB0EF86A0B4825269D8379D81 774424 -c--a-w- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleUpdateSetup.exe 2013-02-27 14:06:18 B676429E44F2F8ACC3BAE7C89F46B212 281480 -c--atw- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe 2013-02-27 14:06:17 BECDDA0990DEBD72A30096533521AD73 213384 -c--atw- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe 2013-02-27 14:06:13 506708142BC63DABA64F2D3AD1DCD5BF 116648 -c--atw- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleUpdate.exe 2013-02-27 14:06:12 984CC93BB0EF86A0B4825269D8379D81 774424 -c--a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.135\GoogleUpdateSetup.exe 2013-02-27 13:45:11 84AC80FCD61D389948B8C0E47623B79B 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-02-27 13:45:11 5051BB40FFB2BA4870C0A059CA03294F 1054720 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2013-02-27 13:45:10 87513A002B7B0F9C259F2431DFD008DC 137216 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2013-02-27 13:45:10 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe 2013-02-27 13:45:10 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\SysWOW64\wextract.exe 2013-02-27 13:45:10 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\SysWOW64\mshta.exe 2013-02-27 13:45:10 2859EBC065D2E1CCC94161CE28BAC085 770560 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2013-02-27 13:45:10 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\SysWOW64\iexpress.exe 2013-02-27 13:45:09 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-02-27 13:45:09 5397E32E882C0148CEC13D9EACFB7157 222208 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2013-02-27 13:45:09 3090B888E263E56744F8BFEF3A36D67D 467456 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2013-02-27 13:45:09 15CCEAC53648FF7C17AE98923BCD3D75 24576 ----a-w- C:\Program Files (x86)\Internet Explorer\ExtExport.exe 2013-02-27 13:45:08 F651D95B5043EFC20A6108A853553984 92160 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe 2013-02-27 13:45:08 D9C10A4A0B3411146E6FC8936B079934 167424 ----a-w- C:\Windows\System32\iexpress.exe 2013-02-27 13:45:08 D2685013EEF64BB5DCD252BAB5C5FAD0 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-02-27 13:45:08 CF1387441D1096DBD4A23E155F1EE958 173568 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-27 13:45:08 82D602EBBBA6D08E4691F32269FD3494 12800 ----a-w- C:\Windows\System32\msfeedssync.exe 2013-02-27 13:45:08 681B380492ACB571ED6CCC1F37F53343 775184 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-02-27 13:45:08 658E8FEC79A4AB5BFDE032627B5C9667 13824 ----a-w- C:\Windows\System32\mshta.exe 2013-02-27 13:45:08 5B64B732BD620A873A2FD74862CC9018 51712 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-02-27 13:45:08 40738329209CBE2C9B48F7E30F7C1414 144896 ----a-w- C:\Windows\System32\wextract.exe 2013-02-27 13:45:08 05277EDA27E5A55CA22AC37DAC47DD23 223744 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2013-02-27 13:45:07 D57BCCD989555B0D6E47AE0F364DD4D3 327680 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe 2013-02-27 13:45:07 4BA4770D890B320DAB575B07C7DAF59D 481280 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe === C: other files == 2013-02-28 08:06:50 59E21156113E438D1D91AF4FC0C3B19F 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-28 08:00:43 41C67E4205C606A103DEC8651D0B6FE6 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-28 08:00:42 B62A953F2BF3922C8764A29C34A22899 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "SkyDrive"="C:\Users\alain\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Facebook Update"="C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" "EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "SkyDrive"="C:\Users\alain\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Facebook Update"="C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeMovieService" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer\\clear.fi\\Movie\\clear.fiMovieService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Advanced Audio v2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dolby Advanced Audio v2" "hkey"="HKLM" "command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EEventManager" "hkey"="HKLM" "command"="C:\\PROGRA~2\\EPSONS~1\\EVENTM~1\\EEventManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX210 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EPSON SX210 Series" "hkey"="HKCU" "command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIFDE.EXE /FU \"C:\\Users\\alain\\AppData\\Local\\Temp\\E_S145B.tmp\" /EF \"HKCU\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileBroadband] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MobileBroadband" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Vodafone\\Vodafone Mobile Broadband\\Bin\\MobileBroadband.exe /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_EB_RPCV4_01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_PM_RPCV4_01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VmbService] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a--c--- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [03/03/2013 10:28] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000Core.job --a--c--- C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/02/2013 13:13] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241781761-3953431157-4087400376-1000UA.job --a--c--- C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/02/2013 13:13] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/10/2012 06:53] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/10/2012 06:53] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[18/02/2012 07:51] SiteAdvisor - alain - Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Bing" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Bing" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{20711F84-BDC0-4ABF-84DA-B974A90FDD74}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {20711F84-BDC0-4ABF-84DA-B974A90FDD74} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3241781761-3953431157-4087400376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\alain\Desktop\HiJackThis.lnk - C:\Users\alain\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe C:\Users\alain\Desktop\ongebruikte progamma's\Adobe Reader 9 (6).lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe ==== shortcuts in Users Start Menu ====================== C:\Users\alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\alain\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk - C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\SC_Reader.ico ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\users\alain\AppData\Local\Mozilla\Firefox\Profiles\slx6c20e.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\users\alain\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\alain\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\users\alain\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QL9YES8G\cdn1.static.keezmovies.phncdn.com" not found

Logfile of HijackThis v1.99.1 Scan saved at 9:53:23, on 2/03/2013 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v10.0 (10.00.9200.16521) Running processes: C:\Users\alain\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\alain\Downloads\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [skyDrive] "C:\Users\alain\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\alain\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\alain\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)