Laptop werkt super traag

Akini · 26 juli 2013

Waarschijnlijk is dit de duizendste zoveelste zelfde vraag. Wat te doen met een alsmaar trager lopende pc?

Laptop Samsung R719 met Windows 7 home versie. deze is wel al +/-4 jaar oud.

ik heb zo een HiJacklog uitgevoerd en vroeg me af of er zaken zijn die ik kan verbeteren?!? zie lijst hieronder.

er lopen enkele zaken al een hele tijd scheef; mijn wacomtablet pen & fun doet raar, ik krijg de software van expres server 2008 er niet van gedeinstaleerd. ik denk dat VMware ook ergens deels is nog blijven steken. enz.... (Ik heb enkele modules IT Programmeren gevolgd maar met mijn verouderde laptop ging het niet en ik kan niet investeren)

hopende op een beetje hulp. meestal trek ik mijn plan maar dit is me toch net iets te hoog gegrepen zonder kennis.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:07:13, on 26/07/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16635)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

--

End of file - 9014 bytes

iEscape · 26 juli 2013

@ Akini,

Van zodra 1 van de experts online is zal deze je zeker verder helpen aangaande je vraag/probleem.

jahewi · 26 juli 2013

Hoi Akini,

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Daarna:

Download AdwCleaner by Xplode naar het bureaublad.

Sluit alle openstaande vensters.
Dubbelklik op AdwCleaner om hem te starten.
Klik vervolgens op Verwijderen.
Klik bij AdwCleaner – Informatie op OK
Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.

Nadat de PC opnieuw is opgestart, opent een logfile.

Post aansluitend de inhoud van dit log in je volgende bericht.

sukses,

jahewi

Akini · 27 juli 2013

Hey Jahewi

super tof van de snelle reacties

Ik heb de Adwcleaner uitgevoerd en deze lijst hieronder geplakt.

tot u volgende orders ;-)

Grtz

Akini

# AdwCleaner v2.306 - Verslag gemaakt op 27/07/2013 om 17:04:39

# Geactualiseerd op 19/07/2013 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruiker : User - USER-PC

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\User\Downloads\adwcleaner.exe

# Optie [Zoeken]

***** [Diensten] *****

***** [Files / Mappen] *****

File Aanwezig : C:\END

Map Aanwezig : C:\Program Files (x86)\Conduit

Map Aanwezig : C:\Program Files (x86)\Yontoo

Map Aanwezig : C:\ProgramData\APN

Map Aanwezig : C:\ProgramData\Premium

Map Aanwezig : C:\ProgramData\Tarma Installer

***** [Register] *****

Sleutel Aanwezig : HKCU\Software\Conduit

Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Sleutel Aanwezig : HKCU\Software\Softonic

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Sleutel Aanwezig : HKLM\Software\Conduit

Sleutel Aanwezig : HKLM\Software\Freeze.com

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Sleutel Aanwezig : HKLM\Software\systweak

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Sleutel Aanwezig : HKLM\SOFTWARE\Tarma Installer

***** [browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v22.0 (nl)

-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

*************************

AdwCleaner[R1].txt - [3237 octets] - [27/07/2013 17:04:39]

########## EOF - C:\AdwCleaner[R1].txt - [3297 octets] ##########

- - - Updated - - -

oeps verkeerde log in de vorige post geplakt

hier is de juiste!

# AdwCleaner v2.306 - Verslag gemaakt op 27/07/2013 om 17:13:08

# Geactualiseerd op 19/07/2013 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruiker : User - USER-PC

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\User\Downloads\adwcleaner.exe

# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

File Verwijderd : C:\END

Map Verwijderd : C:\Program Files (x86)\Conduit

Map Verwijderd : C:\Program Files (x86)\Yontoo

Map Verwijderd : C:\ProgramData\APN

Map Verwijderd : C:\ProgramData\Premium

Map Verwijderd : C:\ProgramData\Tarma Installer

***** [Register] *****

Sleutel Verwijderd : HKCU\Software\Conduit

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Sleutel Verwijderd : HKCU\Software\Softonic

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Sleutel Verwijderd : HKLM\Software\Conduit

Sleutel Verwijderd : HKLM\Software\Freeze.com

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Sleutel Verwijderd : HKLM\Software\systweak

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Sleutel Verwijderd : HKLM\SOFTWARE\Tarma Installer

***** [browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v22.0 (nl)

-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

*************************

AdwCleaner[R1].txt - [3358 octets] - [27/07/2013 17:04:39]

AdwCleaner[R2].txt - [3418 octets] - [27/07/2013 17:10:27]

AdwCleaner[R3].txt - [3478 octets] - [27/07/2013 17:12:39]

AdwCleaner[s1].txt - [3490 octets] - [27/07/2013 17:13:08]

########## EOF - C:\AdwCleaner[s1].txt - [3550 octets] ##########

kape · 27 juli 2013

Je hebt bij AdwCleaner gekozen voor "zoeken", maar daarmee worden de besmettingen niet verwijderd. Laat AdwCleaner nog eens scannen en kies nu voor "verwijderen". Op basis van de resultaten kan Jahewi je dan verder helpen.

jahewi · 27 juli 2013

Hoi Akini,

Dat ruimt aardig op.

Ik laat je nu een uitgebreider log maken om te zien of er nog meer malware te vinden is:

Download zoek.exe naar het bureaublad.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe

(hier of hier) kan je lezen hoe je dat doet.

Dubbelklik op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

 
emptyclsid;
autoclean;
standardsearch;

Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht.

sukses,

jahewi

Akini · 28 juli 2013

HOI Jahewi

hier dat zoeken.exe log. ben curieuz wat er al inzit!?

Zoek.exe Version 4.0.0.4 Updated 26-07-2013

Tool run by User on zo 28/07/2013 at 12:21:55,26.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\User\Desktop\zoek(1).exe [script inserted]

==== System Restore Info ======================

28/07/2013 12:22:46 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-599483926-3434182497-1491414450-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

C:\Program Files\Tablet\Pen\WacomHost.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Users\User\Desktop\zoek(1).exe

C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v4ojihtp.default-1354100876108

user.js not found

---- Lines enabledAddons" removed from prefs.js ----

---- Lines enabledAddons" modified from prefs.js ----

user_pref("extensions.enabledAddons", "newtaburl%40sogame.cat:2.2.3,belgiumeid%40eid.belgium.be:1.0.18,donottrackplus%40abine.com:2.2.9.618,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0");

---- Lines installCache" removed from prefs.js ----

---- Lines installCache" modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\WebRep\\\\FF\",\"mtime\":1370801045892,\"rdfTime\":1368089726000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1372850462936,\"rdfTime\":1372850462319}}},{\"name\":\"app-profile\",\"addons\":{\"belgiumeid@eid.belgium.be\":{\"descriptor\":\"C:\\\\Users\\\\User\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\v4ojihtp.default-1354100876108\\\\extensions\\\\belgiumeid@eid.belgium.be.xpi\",\"mtime\":1370861300997},\"donottrackplus@abine.com\":{\"descriptor\":\"C:\\\\Users\\\\User\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\v4ojihtp.default-1354100876108\\\\extensions\\\\donottrackplus@abine.com\",\"mtime\":1374998736113,\"rdfTime\":1371744235000},\"newtaburl@sogame.cat\":{\"descriptor\":\"C:\\\\Users\\\\User\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\v4ojihtp.default-1354100876108\\\\extensions\\\\newtaburl@sogame.cat.xpi\",\"mtime\":1355737382382}}}]");

---- FireFox user.js and prefs.js backups ----

prefs_20132807_1226_.backup

==== Deleting Files \ Folders ======================

"C:\Windows\SysNative\roboot64.exe" deleted

"C:\Users\User\AppData\Roaming\Systweak" deleted

"C:\ProgramData\InstallMate" deleted

"C:\Users\User\AppData\Local\Conduit" deleted

"C:\Users\User\AppData\LocalLow\Conduit" deleted

"C:\Windows\SysWow64\AI_RecycleBin" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 4061 MB

CPU Info: Intel® Core2 Duo CPU T6500 @ 2.10GHz

CPU Speed: 2139,3 MHz

Sound Card: Luidsprekers (Realtek High Defi |

Display Adapters: NVIDIA GeForce G105M | NVIDIA GeForce G105M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Algemeen PnP-beeldscherm |

Screen Resolution: 1600 X 900 - 32 bit

Network: Network Present

Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR9285 Wireless Network Adapter | Realtek PCIe FE Family Controller

CD / DVD Drives: 2x (E: | F: | ) E: TSSTcorpCDDVDW TS-L633C | F: ELBY CLONEDRIVE

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 5 Button Wheel Mouse Present

Hard Disks: C: 225,3GB | D: 225,3GB

Hard Disks - Free: C: 79,0GB | D: 52,0GB

Manufacturer *: Phoenix Technologies Ltd.

BIOS Info: AT/AT COMPATIBLE | 04/01/10 | SECCSD - 6040000

Time Zone: Romance (standaardtijd)

Motherboard *: SAMSUNG ELECTRONICS CO., LTD. R519/R719

Internet Explorer Version: 10.0.9200.16635

Sun Java version: 1.6.0_31

Country: Belgi‰

Language: NLB

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\User\AppData\Local\Temp ====

2013-07-27 19:15:18 0E771375445E13429E68CAE720A48B72 35224 ----a-w- C:\Users\User\AppData\Local\Temp\i4jdel0.exe

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-07-26 09:42:47 FECFAAE5E8FF245ABDD46EFA1A4D4F6C 1652 ----a-w- C:\Windows\Sysnative\ASOROSet.bin

2013-07-26 09:12:31 68C265DA4A26B3E85803CEB1D18E42AE 5087992 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT

====== C:\Windows\Sysnative\drivers =====

====== C:\Windows\Tasks ======

2013-07-28 10:17:36 06C7C315FE70AD511A5FCBAB267DD4FA 3108 ----a-w- C:\Windows\Sysnative\Tasks\{5E457EB7-E61D-45E2-9224-2D65865C3529}

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\Program Files (x86) =====

2013-07-26 17:20:53 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-07-26 10:13:00 -------- d-----w- C:\Program Files (x86)\CPU Speed Pro

======= C: =====

2013-07-27 15:13:08 B0F0B5AB03525EE342AE9902EF0E6CE6 3611 ----a-w- C:\AdwCleaner[s1].txt

2013-07-27 15:12:39 4944DC3342AA3F50880B5DF48ED549CD 3478 ----a-w- C:\AdwCleaner[R3].txt

2013-07-27 15:10:27 9D89B13FF26CB980D6B7B35ECD9BC25D 3418 ----a-w- C:\AdwCleaner[R2].txt

2013-07-27 15:04:39 E94CB492161ED86FE894C490866E7570 3358 ----a-w- C:\AdwCleaner[R1].txt

2013-07-06 13:15:57 074206AF7889E3EEAE2D5CD3658ACF70 4096 --sha-w- C:\{9A0FF2C0-9789-45D1-870D-7488939D1E7C}.CBM

====== C:\Users\User\AppData\Roaming ======

2013-07-26 10:13:03 BF7DE8D2EFB79F2A4BE278635E3B790A 134952 ----a-w- C:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT

2013-07-26 09:37:29 -------- d-----w- C:\users\User\AppData\Local\Programs

====== C:\Users\User ======

2013-07-27 18:10:02 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo

2013-07-26 10:13:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU Speed Professional

2013-07-26 09:37:54 363A4A68A86441777924DF8219AEB72C 489392 ----a-w- C:\Users\User\Documents\APNSetup.exe

====== C: exe-files ==

2013-07-27 19:15:18 0E771375445E13429E68CAE720A48B72 35224 ----a-w- C:\Users\User\AppData\Local\Temp\i4jdel0.exe

2013-07-27 18:22:34 65E68E4CEC0A64E89997C0C9978320DE 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$IN8D6V8.exe

2013-07-27 18:22:25 9B4A4EAD6BBD1C22E4B134F2804C4848 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$IP2N65M.exe

2013-07-27 18:22:15 D6B97ACD5C3E705B50F525F2CF64E8FD 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$IOOACDQ.exe

2013-07-27 18:22:09 0E51B4B520B6A24F9D3722BE2DB4B262 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$I9JNJ1X.exe

2013-07-27 18:21:52 8123F29E10A8ACE5D26EA7652F1B00A2 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$IF7OQT3.exe

2013-07-27 18:21:40 6C30251F4D06962B81A26DF2C12940E9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$ISHIMWF.exe

2013-07-27 18:21:31 206D30376BA984E893AB284C85E9C697 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$IR4BA84.exe

2013-07-27 18:21:25 98090D0ED5A5FC8A69B8F2FF129D1216 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$IQTQ87V.exe

2013-07-27 18:08:57 387989BC9F82341D77ED5DB93632AD45 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$IJ3Q2EH.exe

2013-07-27 18:08:49 39635435AB857A63679BB08C4197CAAF 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$IF1YYSS.exe

2013-07-27 18:08:03 633189C5BAF60E459F3AA643A4494A38 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$IPHUR9P.exe

2013-07-27 18:07:49 7A5165EA12CE23C33DD70509BF6DCA67 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$I4BE199.exe

2013-07-27 18:07:17 3066CFDDDB2AF7E57D2DBD651CA93FAE 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$IYFK8MD.exe

2013-07-27 18:07:08 9DFF019953EC9914A29D4BCF4732B438 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$IK9W4PH.exe

2013-07-27 18:07:01 121D6DD17C677866BE6334CD33A19284 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$IGMYQXB.exe

2013-07-27 15:04:01 4C47469F47FD9F8437B62A86F6E0874F 666633 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$ROOACDQ.exe

2013-07-26 10:13:00 DCDC2C649A59C6180B595404251862C1 715038 ----a-w- C:\Program Files (x86)\CPU Speed Pro\unins000.exe

2013-07-26 10:13:00 020624B4E4498A51E4B8BF20283FEEAD 3951616 ----a-w- C:\Program Files (x86)\CPU Speed Pro\CPUSpeedPro.exe

2013-07-26 09:40:23 0A17B95EDEF89DA20E0AE594F71DADFC 1593865 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$RJ3Q2EH.exe

2013-07-26 09:37:54 363A4A68A86441777924DF8219AEB72C 489392 ----a-w- C:\Users\User\Documents\APNSetup.exe

2013-07-26 09:34:49 89975FFF183B403C7A414B404FCC65D0 4884880 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$RP2N65M.exe

2013-07-26 09:26:22 0A8655152C01512CB7DD9B8C35F229A1 4327208 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$RF1YYSS.exe

2013-07-21 20:44:18 E768474DDA31DA03F47C6AC57C50174A 2440680 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$R9JNJ1X.exe

=== C: other files ==

2013-07-27 18:23:40 82532820520C243214C54462A74B1EB9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-599483926-3434182497-1491414450-1000\$IAATPFQ.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-599483926-3434182497-1491414450-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5ServiceManager]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeCS5ServiceManager"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS5ServiceManager\\CS5ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="APSDaemon"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CanonMyPrinter"

"hkey"="HKLM"

"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenuEx]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CanonSolutionMenuEx"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Canon\\Solution Menu EX\\CNSEMAIN.EXE /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Tray]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EaseUs Tray"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\TrayNotify.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Watch]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EaseUs Watch"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\EuWatch.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Family Tree Builder Update]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Family Tree Builder Update"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\MyHeritage\\Bin\\FTBCheckUpdates.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GrooveMonitor"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IAAnotif"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IJNetworkScanUtility]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IJNetworkScanUtility"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NvCplDaemon"

"hkey"="HKLM"

"command"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PMBVolumeWatcher"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Sony\\PMB\\PMBVolumeWatcher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QuickTime Task"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Sidebar"

"hkey"="HKCU"

"command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoMud]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SoMud"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\SoMud\\somud.exe\" /bg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Spotify Web Helper"

"hkey"="HKCU"

"command"="\"C:\\Users\\User\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SwitchBoard"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirtualCloneDrive]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="VirtualCloneDrive"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vmware-tray.exe]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="vmware-tray.exe"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware-tray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^aveosti.exe.lnk]

"item"="aveosti.exe"

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\aveosti.exe.lnk"

"backup"="C:\\Windows\\pss\\aveosti.exe.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~2\\AVEO\\AVEOUV~1\\AveoSTI.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]

"item"="OneNote 2007 Schermopname en Snel starten"

"path"="C:\\Users\\User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Schermopname en Snel starten.lnk"

"backup"="C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~2\\MICROS~1\\Office12\\ONENOTEM.EXE"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v4ojihtp.default-1354100876108

- DoNotTrackMe - %ProfilePath%\extensions\donottrackplus@abine.com

- Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi

- NewTabURL - %ProfilePath%\extensions\newtaburl@sogame.cat.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Undetermined - %AppDir%\extensions\belgiumeid@eid.belgium.be

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v4ojihtp.default-1354100876108

0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash

2147C8ED020B1CE3B82BBDD3C49C8F81 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll - WacomTabletPlugin

==== Chrome Look ======================

Docs - User - Default\Extensions\aohghmighlieiainnegkcijnfilokake

Gmail - User - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{BB15F356-0F17-497D-B753-937719F84553} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== HijackThis Entries ======================