Vraag & Antwoord

Beveiliging & privacy

Laptop hapert constant eventjes

Anoniem
None
102 antwoorden
  • Oei, foutje van mij.


    [b:01717d15c1]Welk programma[/b:01717d15c1]:
  • Hierbij het ComboFix log bestand:


    ComboFix 12-05-23.05 - Jordy 23-05-2012 18:24:34.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3948.2396 [GMT 2:00]
    Gestart vanuit: c:\users\Jordy\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-04-23 to 2012-05-23 ))))))))))))))))))))))))))))))
    .
    .
    2012-05-23 16:30 . 2012-05-23 16:30 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2012-05-23 16:30 . 2012-05-23 16:30 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-05-23 16:17 . 2012-05-23 16:17 0 —-a-w- c:\windows\SysWow64\sho52AA.tmp
    2012-05-23 06:03 . 2012-05-23 06:05 ——– d—–w- C:\TDSSStarter
    2012-05-22 10:33 . 2012-05-14 23:41 8955792 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A3340F4-0DE2-4EAB-865E-702FA2DF1F7D}\mpengine.dll
    2012-05-20 16:29 . 2012-03-06 23:04 337240 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2012-05-20 16:29 . 2012-03-06 23:01 24408 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-05-20 16:29 . 2012-03-06 23:15 258520 —-a-w- c:\windows\system32\aswBoot.exe
    2012-05-20 16:29 . 2012-03-06 23:04 819032 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-05-20 16:29 . 2012-03-06 23:02 53080 —-a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-05-20 16:29 . 2012-03-06 23:01 59224 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-05-20 16:29 . 2012-03-06 23:01 69976 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-05-20 16:29 . 2012-03-06 23:15 41184 —-a-w- c:\windows\avastSS.scr
    2012-05-20 16:29 . 2012-03-06 23:15 201352 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2012-05-20 16:29 . 2012-05-20 16:29 ——– d—–w- c:\programdata\AVAST Software
    2012-05-20 16:29 . 2012-05-20 16:29 ——– d—–w- c:\program files\AVAST Software
    2012-05-20 16:22 . 2012-05-20 16:22 ——– d—–w- c:\windows\SysWow64\drivers\AVG
    2012-05-20 15:53 . 2012-05-20 15:53 ——– d—–w- c:\users\Jordy\AppData\Roaming\Malwarebytes
    2012-05-20 15:53 . 2012-05-20 15:53 ——– d—–w- c:\programdata\Malwarebytes
    2012-05-20 10:51 . 2012-03-11 00:17 121344 —-a-w- c:\windows\system32\IntelOpenCL64.dll
    2012-05-20 10:51 . 2012-03-11 00:09 86528 —-a-w- c:\windows\SysWow64\IntelOpenCL32.dll
    2012-05-20 10:39 . 2012-05-20 10:39 ——– d—–w- c:\program files\Microsoft Silverlight
    2012-05-20 10:39 . 2012-05-20 10:39 ——– d—–w- c:\program files (x86)\Microsoft Silverlight
    2012-05-20 10:01 . 2012-05-20 10:01 12872 —-a-w- c:\windows\system32\bootdelete.exe
    2012-05-20 09:53 . 2012-05-20 10:01 ——– d—–w- c:\programdata\HitmanPro
    2012-05-20 09:16 . 2012-05-20 11:26 ——– d—–w- c:\program files (x86)\Spybot - Search & Destroy
    2012-05-20 09:16 . 2012-05-20 11:26 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-19 21:44 . 2012-03-19 21:44 5888792 —-a-w- c:\windows\system32\GfxUI.exe
    2012-03-19 21:44 . 2012-03-19 21:44 509720 —-a-w- c:\windows\system32\igfxsrvc.exe
    2012-03-19 21:44 . 2012-03-19 21:44 439064 —-a-w- c:\windows\system32\igfxpers.exe
    2012-03-19 21:44 . 2012-03-19 21:44 398616 —-a-w- c:\windows\system32\hkcmd.exe
    2012-03-19 21:44 . 2012-03-19 21:44 276248 —-a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
    2012-03-19 21:44 . 2012-03-19 21:44 250136 —-a-w- c:\windows\system32\igfxext.exe
    2012-03-19 21:44 . 2012-03-19 21:44 184600 —-a-w- c:\windows\system32\difx64.exe
    2012-03-19 21:44 . 2012-03-19 21:44 170264 —-a-w- c:\windows\system32\igfxtray.exe
    2012-03-19 21:42 . 2012-03-19 21:42 90112 —-a-w- c:\windows\system32\igfxCoIn_v2696.dll
    2012-03-19 21:32 . 2012-03-19 21:32 14745600 —-a-w- c:\windows\system32\drivers\igdkmd64.sys
    2012-03-19 21:31 . 2012-03-19 21:31 8087040 —-a-w- c:\windows\system32\igdumd64.dll
    2012-03-19 21:31 . 2012-03-19 21:31 963912 —-a-w- c:\windows\system32\igkrng600.bin
    2012-03-19 21:31 . 2012-03-19 21:31 261208 —-a-w- c:\windows\system32\igfcg600m.bin
    2012-03-19 21:31 . 2012-03-19 21:31 79360 —-a-w- c:\windows\system32\igdde64.dll
    2012-03-19 21:26 . 2010-12-09 05:50 6120960 —-a-w- c:\windows\SysWow64\igdumd32.dll
    2012-03-19 21:25 . 2012-03-19 21:25 58880 —-a-w- c:\windows\SysWow64\igdde32.dll
    2012-03-19 21:22 . 2010-12-09 05:50 9605632 —-a-w- c:\windows\system32\igd10umd64.dll
    2012-03-19 21:11 . 2012-03-19 21:11 7795200 —-a-w- c:\windows\SysWow64\igd10umd32.dll
    2012-03-19 20:31 . 2012-03-19 20:31 18137088 —-a-w- c:\windows\system32\ig4icd64.dll
    2012-03-19 20:21 . 2012-03-19 20:21 13212672 —-a-w- c:\windows\SysWow64\ig4icd32.dll
    2012-03-19 20:18 . 2012-03-19 20:18 439296 —-a-w- c:\windows\system32\igfxrrom.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438784 —-a-w- c:\windows\system32\igfxrhrv.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438272 —-a-w- c:\windows\system32\igfxrsky.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437760 —-a-w- c:\windows\system32\igfxrslv.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 439808 —-a-w- c:\windows\system32\igfxresn.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 439296 —-a-w- c:\windows\system32\igfxrrus.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438784 —-a-w- c:\windows\system32\igfxrptg.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438784 —-a-w- c:\windows\system32\igfxrplk.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437760 —-a-w- c:\windows\system32\igfxrtrk.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437760 —-a-w- c:\windows\system32\igfxrsve.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437760 —-a-w- c:\windows\system32\igfxrptb.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437248 —-a-w- c:\windows\system32\igfxrtha.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 440320 —-a-w- c:\windows\system32\igfxrell.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438784 —-a-w- c:\windows\system32\igfxrita.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438272 —-a-w- c:\windows\system32\igfxrhun.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437760 —-a-w- c:\windows\system32\igfxrnor.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 435712 —-a-w- c:\windows\system32\igfxrheb.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 432128 —-a-w- c:\windows\system32\igfxrjpn.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 430592 —-a-w- c:\windows\system32\igfxrkor.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 439808 —-a-w- c:\windows\system32\igfxrfra.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438784 —-a-w- c:\windows\system32\igfxrnld.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438784 —-a-w- c:\windows\system32\igfxrdeu.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438272 —-a-w- c:\windows\system32\igfxrfin.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438272 —-a-w- c:\windows\system32\igfxrcsy.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437248 —-a-w- c:\windows\system32\igfxrdan.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 429056 —-a-w- c:\windows\system32\igfxrcht.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 435712 —-a-w- c:\windows\system32\igfxrara.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 428544 —-a-w- c:\windows\system32\igfxrchs.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 126976 —-a-w- c:\windows\system32\igfxcpl.cpl
    2012-03-19 20:18 . 2012-03-19 20:18 386560 —-a-w- c:\windows\system32\igfxpph.dll
    2012-03-19 20:18 . 2012-03-19 20:18 410624 —-a-w- c:\windows\system32\igfxTMM.dll
    2012-03-19 20:17 . 2010-12-09 05:50 28672 —-a-w- c:\windows\system32\igfxexps.dll
    2012-03-19 20:17 . 2010-12-09 05:50 63488 —-a-w- c:\windows\system32\igfxsrvc.dll
    2012-03-19 20:17 . 2010-12-09 05:50 110592 —-a-w- c:\windows\system32\hccutils.dll
    2012-03-19 20:17 . 2012-03-19 20:17 9216 —-a-w- c:\windows\system32\IGFXDEVLib.dll
    2012-03-19 20:17 . 2012-03-19 20:17 172032 —-a-w- c:\windows\system32\gfxSrvc.dll
    2012-03-19 20:17 . 2010-12-09 05:50 434688 —-a-w- c:\windows\system32\igfxdev.dll
    2012-03-19 20:16 . 2012-03-19 20:16 286208 —-a-w- c:\windows\system32\igfxrenu.lrc
    2012-03-19 20:16 . 2012-03-19 20:16 142336 —-a-w- c:\windows\system32\igfxdo.dll
    2012-03-19 20:16 . 2010-12-09 05:50 9007616 —-a-w- c:\windows\system32\igfxress.dll
    2012-03-19 20:12 . 2012-03-19 20:12 25088 —-a-w- c:\windows\SysWow64\igfxexps32.dll
    2012-03-19 20:11 . 2012-03-19 20:11 325120 —-a-w- c:\windows\SysWow64\igfxdv32.dll
    2012-03-19 20:09 . 2012-03-19 20:09 524800 —-a-w- c:\windows\system32\iglhsip64.dll
    2012-03-19 20:09 . 2012-03-19 20:09 519680 —-a-w- c:\windows\SysWow64\iglhsip32.dll
    2012-03-19 20:09 . 2012-03-19 20:09 2967040 —-a-w- c:\windows\system32\igfxcmjit64.dll
    2012-03-19 20:09 . 2012-03-19 20:09 237056 —-a-w- c:\windows\SysWow64\igfxcmrt32.dll
    2012-03-19 20:09 . 2012-03-19 20:09 2321408 —-a-w- c:\windows\SysWow64\igfxcmjit32.dll
    2012-03-19 20:09 . 2012-03-19 20:09 213504 —-a-w- c:\windows\system32\iglhcp64.dll
    2012-03-19 20:09 . 2012-03-19 20:09 193024 —-a-w- c:\windows\system32\igfxcmrt64.dll
    2012-03-19 20:09 . 2012-03-19 20:09 177152 —-a-w- c:\windows\SysWow64\iglhcp32.dll
    2012-03-11 00:17 . 2010-12-29 08:19 20992 —-a-w- c:\windows\system32\OpenCL.dll
    2012-03-11 00:09 . 2010-12-29 08:19 17920 —-a-w- c:\windows\SysWow64\OpenCL.dll
    2012-03-01 06:46 . 2012-04-14 10:49 23408 —-a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 06:38 . 2012-04-14 10:49 220672 —-a-w- c:\windows\system32\wintrust.dll
    2012-03-01 06:33 . 2012-04-14 10:49 81408 —-a-w- c:\windows\system32\imagehlp.dll
    2012-03-01 06:28 . 2012-04-14 10:49 5120 —-a-w- c:\windows\system32\wmi.dll
    2012-03-01 05:37 . 2012-04-14 10:49 172544 —-a-w- c:\windows\SysWow64\wintrust.dll
    2012-03-01 05:33 . 2012-04-14 10:49 159232 —-a-w- c:\windows\SysWow64\imagehlp.dll
    2012-03-01 05:29 . 2012-04-14 10:49 5120 —-a-w- c:\windows\SysWow64\wmi.dll
    2012-02-28 12:44 . 2011-12-04 13:26 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2012-02-28 06:39 . 2012-04-11 16:32 1188864 —-a-w- c:\windows\system32\wininet.dll
    2012-02-28 05:38 . 2012-04-11 16:32 981504 —-a-w- c:\windows\SysWow64\wininet.dll
    2012-02-28 04:31 . 2012-04-11 16:32 1638912 —-a-w- c:\windows\system32\mshtml.tlb
    2012-02-28 03:52 . 2012-04-11 16:32 1638912 —-a-w- c:\windows\SysWow64\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spotify Web Helper"="c:\users\Jordy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-08 932528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
    "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
    "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
    "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-09 1025616]
    "MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-11-27 177448]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
    R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-12-09 311376]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-14 868224]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-01-13 103440]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-11-22 1993320]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
    S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]
    S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]
    S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x]
    S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - WS2IFSL
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-05-23 c:\windows\Tasks\FinalTorrent Update Checker.job
    - c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2011-03-17 15:50]
    .
    2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781743323-2443383540-730848164-1002Core.job
    - c:\users\Jordy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-16 16:55]
    .
    2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781743323-2443383540-730848164-1002UA.job
    - c:\users\Jordy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-16 16:55]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-26 11619432]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-26 2185832]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-14 860040]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://nl.woofi.info
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://webmail.saxion.nl/dwa85W.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    URLSearchHooks-{51fcf544-34e1-47e6-b661-fbc5280c2e74} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-Browser companion helper - c:\program files (x86)\BrowserCompanion\BCHelper.exe
    Toolbar-Locked - (no file)
    WebBrowser-{51FCF544-34E1-47E6-B661-FBC5280C2E74} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-FreeFileViewer_is1 - c:\program files (x86)\FreeFileViewer\unins000.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    AddRemove-Trusted Software Assistant_is1 - c:\program files (x86)\File Type Assistant\unins000.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-1781743323-2443383540-730848164-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1781743323-2443383540-730848164-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-1781743323-2443383540-730848164-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    c:\program files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-05-23 18:38:12 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-05-23 16:38
    .
    Pre-Run: 499.295.760.384 bytes beschikbaar
    Post-Run: 498.958.819.328 bytes beschikbaar
    .
    - - End Of File - - 0CDDA06218A847E3861306F28A29D1CE
  • We gebruiken ComboFix opnieuw - maar nu met script.

    Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:2f7fd46159]Kladblok (of Notepad)[/b:2f7fd46159]".

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:2f7fd46159]
  • Hier het log bestandje naar het volgen van de gegeven stappen:


    ComboFix 12-05-23.05 - Jordy 23-05-2012 19:54:42.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3948.2400 [GMT 2:00]
    Gestart vanuit: c:\users\Jordy\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Jordy\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\SysWow64\sho52AA.tmp"
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-04-23 to 2012-05-23 ))))))))))))))))))))))))))))))
    .
    .
    2012-05-23 18:02 . 2012-05-23 18:02 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2012-05-23 18:02 . 2012-05-23 18:02 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-05-23 18:02 . 2012-05-23 18:02 ——– d—–w- c:\users\Administrator\AppData\Local\temp
    2012-05-23 16:17 . 2012-05-23 16:17 0 —-a-w- c:\windows\SysWow64\sho52AA.tmp
    2012-05-23 06:03 . 2012-05-23 06:05 ——– d—–w- C:\TDSSStarter
    2012-05-22 10:33 . 2012-05-14 23:41 8955792 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A3340F4-0DE2-4EAB-865E-702FA2DF1F7D}\mpengine.dll
    2012-05-20 16:29 . 2012-03-06 23:04 337240 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2012-05-20 16:29 . 2012-03-06 23:01 24408 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-05-20 16:29 . 2012-03-06 23:15 258520 —-a-w- c:\windows\system32\aswBoot.exe
    2012-05-20 16:29 . 2012-03-06 23:04 819032 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-05-20 16:29 . 2012-03-06 23:02 53080 —-a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-05-20 16:29 . 2012-03-06 23:01 59224 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-05-20 16:29 . 2012-03-06 23:01 69976 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-05-20 16:29 . 2012-03-06 23:15 41184 —-a-w- c:\windows\avastSS.scr
    2012-05-20 16:29 . 2012-03-06 23:15 201352 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2012-05-20 16:29 . 2012-05-20 16:29 ——– d—–w- c:\programdata\AVAST Software
    2012-05-20 16:29 . 2012-05-20 16:29 ——– d—–w- c:\program files\AVAST Software
    2012-05-20 16:22 . 2012-05-20 16:22 ——– d—–w- c:\windows\SysWow64\drivers\AVG
    2012-05-20 15:53 . 2012-05-20 15:53 ——– d—–w- c:\users\Jordy\AppData\Roaming\Malwarebytes
    2012-05-20 15:53 . 2012-05-20 15:53 ——– d—–w- c:\programdata\Malwarebytes
    2012-05-20 10:51 . 2012-03-11 00:17 121344 —-a-w- c:\windows\system32\IntelOpenCL64.dll
    2012-05-20 10:51 . 2012-03-11 00:09 86528 —-a-w- c:\windows\SysWow64\IntelOpenCL32.dll
    2012-05-20 10:39 . 2012-05-20 10:39 ——– d—–w- c:\program files\Microsoft Silverlight
    2012-05-20 10:39 . 2012-05-20 10:39 ——– d—–w- c:\program files (x86)\Microsoft Silverlight
    2012-05-20 10:01 . 2012-05-20 10:01 12872 —-a-w- c:\windows\system32\bootdelete.exe
    2012-05-20 09:53 . 2012-05-20 10:01 ——– d—–w- c:\programdata\HitmanPro
    2012-05-20 09:16 . 2012-05-20 11:26 ——– d—–w- c:\program files (x86)\Spybot - Search & Destroy
    2012-05-20 09:16 . 2012-05-20 11:26 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-19 21:44 . 2012-03-19 21:44 5888792 —-a-w- c:\windows\system32\GfxUI.exe
    2012-03-19 21:44 . 2012-03-19 21:44 509720 —-a-w- c:\windows\system32\igfxsrvc.exe
    2012-03-19 21:44 . 2012-03-19 21:44 439064 —-a-w- c:\windows\system32\igfxpers.exe
    2012-03-19 21:44 . 2012-03-19 21:44 398616 —-a-w- c:\windows\system32\hkcmd.exe
    2012-03-19 21:44 . 2012-03-19 21:44 276248 —-a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
    2012-03-19 21:44 . 2012-03-19 21:44 250136 —-a-w- c:\windows\system32\igfxext.exe
    2012-03-19 21:44 . 2012-03-19 21:44 184600 —-a-w- c:\windows\system32\difx64.exe
    2012-03-19 21:44 . 2012-03-19 21:44 170264 —-a-w- c:\windows\system32\igfxtray.exe
    2012-03-19 21:42 . 2012-03-19 21:42 90112 —-a-w- c:\windows\system32\igfxCoIn_v2696.dll
    2012-03-19 21:32 . 2012-03-19 21:32 14745600 —-a-w- c:\windows\system32\drivers\igdkmd64.sys
    2012-03-19 21:31 . 2012-03-19 21:31 8087040 —-a-w- c:\windows\system32\igdumd64.dll
    2012-03-19 21:31 . 2012-03-19 21:31 963912 —-a-w- c:\windows\system32\igkrng600.bin
    2012-03-19 21:31 . 2012-03-19 21:31 261208 —-a-w- c:\windows\system32\igfcg600m.bin
    2012-03-19 21:31 . 2012-03-19 21:31 79360 —-a-w- c:\windows\system32\igdde64.dll
    2012-03-19 21:26 . 2010-12-09 05:50 6120960 —-a-w- c:\windows\SysWow64\igdumd32.dll
    2012-03-19 21:25 . 2012-03-19 21:25 58880 —-a-w- c:\windows\SysWow64\igdde32.dll
    2012-03-19 21:22 . 2010-12-09 05:50 9605632 —-a-w- c:\windows\system32\igd10umd64.dll
    2012-03-19 21:11 . 2012-03-19 21:11 7795200 —-a-w- c:\windows\SysWow64\igd10umd32.dll
    2012-03-19 20:31 . 2012-03-19 20:31 18137088 —-a-w- c:\windows\system32\ig4icd64.dll
    2012-03-19 20:21 . 2012-03-19 20:21 13212672 —-a-w- c:\windows\SysWow64\ig4icd32.dll
    2012-03-19 20:18 . 2012-03-19 20:18 439296 —-a-w- c:\windows\system32\igfxrrom.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438784 —-a-w- c:\windows\system32\igfxrhrv.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438272 —-a-w- c:\windows\system32\igfxrsky.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437760 —-a-w- c:\windows\system32\igfxrslv.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 439808 —-a-w- c:\windows\system32\igfxresn.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 439296 —-a-w- c:\windows\system32\igfxrrus.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438784 —-a-w- c:\windows\system32\igfxrptg.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438784 —-a-w- c:\windows\system32\igfxrplk.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437760 —-a-w- c:\windows\system32\igfxrtrk.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437760 —-a-w- c:\windows\system32\igfxrsve.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437760 —-a-w- c:\windows\system32\igfxrptb.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437248 —-a-w- c:\windows\system32\igfxrtha.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 440320 —-a-w- c:\windows\system32\igfxrell.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438784 —-a-w- c:\windows\system32\igfxrita.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438272 —-a-w- c:\windows\system32\igfxrhun.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437760 —-a-w- c:\windows\system32\igfxrnor.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 435712 —-a-w- c:\windows\system32\igfxrheb.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 432128 —-a-w- c:\windows\system32\igfxrjpn.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 430592 —-a-w- c:\windows\system32\igfxrkor.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 439808 —-a-w- c:\windows\system32\igfxrfra.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438784 —-a-w- c:\windows\system32\igfxrnld.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438784 —-a-w- c:\windows\system32\igfxrdeu.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438272 —-a-w- c:\windows\system32\igfxrfin.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 438272 —-a-w- c:\windows\system32\igfxrcsy.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 437248 —-a-w- c:\windows\system32\igfxrdan.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 429056 —-a-w- c:\windows\system32\igfxrcht.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 435712 —-a-w- c:\windows\system32\igfxrara.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 428544 —-a-w- c:\windows\system32\igfxrchs.lrc
    2012-03-19 20:18 . 2012-03-19 20:18 126976 —-a-w- c:\windows\system32\igfxcpl.cpl
    2012-03-19 20:18 . 2012-03-19 20:18 386560 —-a-w- c:\windows\system32\igfxpph.dll
    2012-03-19 20:18 . 2012-03-19 20:18 410624 —-a-w- c:\windows\system32\igfxTMM.dll
    2012-03-19 20:17 . 2010-12-09 05:50 28672 —-a-w- c:\windows\system32\igfxexps.dll
    2012-03-19 20:17 . 2010-12-09 05:50 63488 —-a-w- c:\windows\system32\igfxsrvc.dll
    2012-03-19 20:17 . 2010-12-09 05:50 110592 —-a-w- c:\windows\system32\hccutils.dll
    2012-03-19 20:17 . 2012-03-19 20:17 9216 —-a-w- c:\windows\system32\IGFXDEVLib.dll
    2012-03-19 20:17 . 2012-03-19 20:17 172032 —-a-w- c:\windows\system32\gfxSrvc.dll
    2012-03-19 20:17 . 2010-12-09 05:50 434688 —-a-w- c:\windows\system32\igfxdev.dll
    2012-03-19 20:16 . 2012-03-19 20:16 286208 —-a-w- c:\windows\system32\igfxrenu.lrc
    2012-03-19 20:16 . 2012-03-19 20:16 142336 —-a-w- c:\windows\system32\igfxdo.dll
    2012-03-19 20:16 . 2010-12-09 05:50 9007616 —-a-w- c:\windows\system32\igfxress.dll
    2012-03-19 20:12 . 2012-03-19 20:12 25088 —-a-w- c:\windows\SysWow64\igfxexps32.dll
    2012-03-19 20:11 . 2012-03-19 20:11 325120 —-a-w- c:\windows\SysWow64\igfxdv32.dll
    2012-03-19 20:09 . 2012-03-19 20:09 524800 —-a-w- c:\windows\system32\iglhsip64.dll
    2012-03-19 20:09 . 2012-03-19 20:09 519680 —-a-w- c:\windows\SysWow64\iglhsip32.dll
    2012-03-19 20:09 . 2012-03-19 20:09 2967040 —-a-w- c:\windows\system32\igfxcmjit64.dll
    2012-03-19 20:09 . 2012-03-19 20:09 237056 —-a-w- c:\windows\SysWow64\igfxcmrt32.dll
    2012-03-19 20:09 . 2012-03-19 20:09 2321408 —-a-w- c:\windows\SysWow64\igfxcmjit32.dll
    2012-03-19 20:09 . 2012-03-19 20:09 213504 —-a-w- c:\windows\system32\iglhcp64.dll
    2012-03-19 20:09 . 2012-03-19 20:09 193024 —-a-w- c:\windows\system32\igfxcmrt64.dll
    2012-03-19 20:09 . 2012-03-19 20:09 177152 —-a-w- c:\windows\SysWow64\iglhcp32.dll
    2012-03-11 00:17 . 2010-12-29 08:19 20992 —-a-w- c:\windows\system32\OpenCL.dll
    2012-03-11 00:09 . 2010-12-29 08:19 17920 —-a-w- c:\windows\SysWow64\OpenCL.dll
    2012-03-01 06:46 . 2012-04-14 10:49 23408 —-a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 06:38 . 2012-04-14 10:49 220672 —-a-w- c:\windows\system32\wintrust.dll
    2012-03-01 06:33 . 2012-04-14 10:49 81408 —-a-w- c:\windows\system32\imagehlp.dll
    2012-03-01 06:28 . 2012-04-14 10:49 5120 —-a-w- c:\windows\system32\wmi.dll
    2012-03-01 05:37 . 2012-04-14 10:49 172544 —-a-w- c:\windows\SysWow64\wintrust.dll
    2012-03-01 05:33 . 2012-04-14 10:49 159232 —-a-w- c:\windows\SysWow64\imagehlp.dll
    2012-03-01 05:29 . 2012-04-14 10:49 5120 —-a-w- c:\windows\SysWow64\wmi.dll
    2012-02-28 12:44 . 2011-12-04 13:26 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2012-02-28 06:39 . 2012-04-11 16:32 1188864 —-a-w- c:\windows\system32\wininet.dll
    2012-02-28 05:38 . 2012-04-11 16:32 981504 —-a-w- c:\windows\SysWow64\wininet.dll
    2012-02-28 04:31 . 2012-04-11 16:32 1638912 —-a-w- c:\windows\system32\mshtml.tlb
    2012-02-28 03:52 . 2012-04-11 16:32 1638912 —-a-w- c:\windows\SysWow64\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-23_16.32.22 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-05-23 16:31 . 2012-05-23 16:31 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2012-05-23 18:03 . 2012-05-23 18:03 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2009-07-14 04:54 . 2012-05-23 16:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-05-23 18:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-05-23 18:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-05-23 16:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-23 18:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-05-23 16:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-06 09:39 . 2012-05-23 17:51 48220 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-05-23 17:51 32104 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-03-16 16:28 . 2012-05-23 17:51 13008 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1781743323-2443383540-730848164-1002_UserData.bin
    + 2010-12-29 08:45 . 2012-05-23 18:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-29 08:45 . 2012-05-23 16:31 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-05-21 07:19 . 2012-05-23 18:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2012-05-21 07:19 . 2012-05-23 16:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-05-23 16:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-23 18:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-03-16 16:25 . 2012-05-23 16:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-16 16:25 . 2012-05-23 17:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-03-16 16:25 . 2012-05-23 16:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-03-16 16:25 . 2012-05-23 17:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-12-29 08:28 . 2012-05-23 16:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-29 08:28 . 2012-05-23 17:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-12-29 08:28 . 2012-05-23 16:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-29 08:28 . 2012-05-23 17:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-29 08:28 . 2012-05-23 17:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-12-29 08:28 . 2012-05-23 16:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-05-23 16:31 . 2012-05-23 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-05-23 18:03 . 2012-05-23 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-05-23 18:03 . 2012-05-23 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-05-23 16:31 . 2012-05-23 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:01 . 2012-05-23 16:31 399516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-05-23 18:03 399516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spotify Web Helper"="c:\users\Jordy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-08 932528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
    "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
    "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
    "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-09 1025616]
    "MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-11-27 177448]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
    R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-12-09 311376]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-14 868224]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-01-13 103440]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-11-22 1993320]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
    S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]
    S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]
    S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x]
    S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-05-23 c:\windows\Tasks\FinalTorrent Update Checker.job
    - c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2011-03-17 15:50]
    .
    2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781743323-2443383540-730848164-1002Core.job
    - c:\users\Jordy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-16 16:55]
    .
    2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781743323-2443383540-730848164-1002UA.job
    - c:\users\Jordy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-16 16:55]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-26 11619432]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-26 2185832]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-14 860040]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://webmail.saxion.nl/dwa85W.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-1781743323-2443383540-730848164-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1781743323-2443383540-730848164-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-1781743323-2443383540-730848164-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    c:\program files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-05-23 20:09:34 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-05-23 18:09
    ComboFix2.txt 2012-05-23 16:38
    .
    Pre-Run: 499.003.469.824 bytes beschikbaar
    Post-Run: 498.911.985.664 bytes beschikbaar
    .
    - - End Of File - - 223F0F8F6AA8A817413D256BFC718B1A
  • Mooi zo, goed gedaan.
    Hoe gaat het nu?
  • probleem blijft bestaan, zelfs terwijl ik deze tekst intyp gebeurt het. Telkens blijft hij een paar tellen hangen.
  • Vreemd.
    Indien je Taakbeheer opstart, hoeveel processen lopen er en wat is het CPU-gebruik.
  • Processen: 92
    Processorgebruik: 0% - 1%
    Fysiek geheugen: 38%
  • Wow, bijna dubbel zoveel als in mijn Windows 7!

    [b:9f54581c4a]Welk programma[/b:9f54581c4a]:
  • Hier de log OTL:

    OTL logfile created on: 5/23/2012 8:57:01 PM - Run 1
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Jordy\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3.86 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 58.80% Memory free
    7.71 Gb Paging File | 5.92 Gb Available in Paging File | 76.74% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.07 Gb Total Space | 464.75 Gb Free Space | 79.98% Space Free | Partition Type: NTFS

    Computer Name: JORDY-PC | User Name: Jordy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

  • En hier de Extras.. :


    OTL logfile created on: 5/23/2012 8:57:01 PM - Run 1
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Jordy\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3.86 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 58.80% Memory free
    7.71 Gb Paging File | 5.92 Gb Available in Paging File | 76.74% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.07 Gb Total Space | 464.75 Gb Free Space | 79.98% Space Free | Partition Type: NTFS

    Computer Name: JORDY-PC | User Name: Jordy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

  • Sorry, er ontbreekt toch nog een deel maar heb dat te laat gezien waardoor ik het logje al afgesloten heb…
  • Je hebt een Acer.

    Dus de Windows in die PC van jouw zit volgestopt met Acer crapware, waarvan het overgrote deel nutteloos aktieve processen in Windows zet.

    Wat je kan doen is het volgende:

    Behalve E-Powermanagent en E-Recovery mag je de rest van alle Acer software via Start\Configuratiescherm\Programma's en onderdelen verwijderen.

    Daarna herstart jij de PC en laat je weten hoeveel processen er dan nog over zijn.
  • Processen: 90 (was trouwens 82, voordat ik internet opstartte)
    Processorgebruik: 0%
    Fysiek geheugen: 40%

    P.s. bij de bestanden van Acer die ik heb verwijderd zag ik ook een hele lijst met bestanden van Oberon Media staan. Volgens mij is dat ook allemaal onzin van Acer, maar heb geprobeerd ze te verwijderen maar dat wou op de één of andere manier niet lukken.
  • Processen zijn nu overigens weer gezakt naar 85.
  • Processen is nog steeds hoog hoor.

    Maar we gaan kijken waar dat Oberon Media precies zit!

    [b:2f1d03b3bc]Welk programma[/b:2f1d03b3bc]: Zoek.exe
    [b:2f1d03b3bc]Waarvoor/waarom[/b:2f1d03b3bc]: multifunktioneel tool
    [b:2f1d03b3bc]Moeilijkheidsgraad[/b:2f1d03b3bc]: geen.
    [b:2f1d03b3bc]Download[/b:2f1d03b3bc]: [b:2f1d03b3bc]zoek.exe[/b:2f1d03b3bc]

    [b:2f1d03b3bc]"Zoek.exe" gebruiken[/b:2f1d03b3bc]:
    [list:2f1d03b3bc][*:2f1d03b3bc] [b:2f1d03b3bc]
  • Het is niet veel, maar hier de resultaten van het logje:



    Zoek.exe Version 3.0.0.2 Updated 15-05-2012
    Tool run by Jordy on wo 23-05-2012 at 22:25:54,48.
    Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
    Running from: C:\Users\Jordy\Downloads\zoek.exe

    ==== Folders Found ======================



    ==== Files Found ======================
  • Het is trouwens ook niet mogelijk om Clear.fi van Acer te verwijderen..
  • We gaan even wat anders doen:

    [b:1ccdb4047b]Welk programma[/b:1ccdb4047b]: Trend Micro [b:1ccdb4047b]Hijack This Versie 2.0.4[/b:1ccdb4047b]
    [b:1ccdb4047b]Waarvoor/waarom[/b:1ccdb4047b]: maakt een duidelijk overzicht van Windows door middel van een scan.
    [b:1ccdb4047b]Moeilijkheidsgraad[/b:1ccdb4047b]: geen, enkel Vista- en Win 7 gebruikers dienen even extra aandacht te geven.

    [b:1ccdb4047b]Download[/b:1ccdb4047b] de [b:1ccdb4047b]HijackThis Installer[/b:1ccdb4047b]

    [b:1ccdb4047b]Installatie[/b:1ccdb4047b]:
    [list:1ccdb4047b][*:1ccdb4047b]Installeer HijackThis op de aangegeven lokatie - daarmee wordt voorkomen dat eventuele back-ups niet terugvindbaar zijn![/list:u:1ccdb4047b]
    Gebruikers van [b:1ccdb4047b]Windows Vista[/b:1ccdb4047b] en [b:1ccdb4047b]Windows 7[/b:1ccdb4047b] gaan daarna naar de installatielokatie van HijackThis.
    [list:1ccdb4047b][*:1ccdb4047b]Vervolgens met rechts hijackthis.exe aanklikken en dan Eigenschappen kiezen.
    [*:1ccdb4047b]Klik nu op de tab Comptabiliteit en zet dan een vinkje bij Als Administrator uitvoeren.
    [*:1ccdb4047b]Als laatste wordt dan nog op [b:1ccdb4047b]Toepassen[/b:1ccdb4047b] en [b:1ccdb4047b]OK[/b:1ccdb4047b] geklikt[/list:u:1ccdb4047b]
    [b:1ccdb4047b]Hijack This gebruiken[/b:1ccdb4047b]:
    [list:1ccdb4047b][*:1ccdb4047b]Sluit eerst alle openstaande programma's en de webbrowsers.
    [*:1ccdb4047b]Start nu 'Hijack This' en klik vervolgens op de knop 'Do a system scan and save a logfile'
    [list:1ccdb4047b][*:1ccdb4047b]Start HijackThis op met het scanvenster, klik dan eerst op de knop 'Main Menu'[/list:u:1ccdb4047b]
    [*:1ccdb4047b]Sluit nu alle openstaande vensters en start vervolgens 'HijackThis' en kies voor 'Do a system scan and save a logfile'.
    [*:1ccdb4047b]Kopieer en plak de inhoud van het Hijack This-logfile in je volgende bericht.
    [*:1ccdb4047b]Hierna mag je Hijack This weer sluiten[/list:u:1ccdb4047b]
  • Hier het logje:


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:46:03, on 23-5-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Users\Jordy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
    O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Jordy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O4 - HKUS\S-1-5-21-1781743323-2443383540-730848164-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1781743323-2443383540-730848164-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1781743323-2443383540-730848164-1000\..\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1781743323-2443383540-730848164-1000\..\RunOnce: [AVG search provider] "C:\Program Files (x86)\AVG\AVG10\SearchProvider.exe" /AFTERINST (User 'UpdatusUser')
    O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} (IBM Lotus iNotes 8.5 Control) - https://webmail.saxion.nl/dwa85W.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file)
    O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file)
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file)
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 11887 bytes

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.