antivirus.startpagina.nl

Rottigheid

  • Anonymous avatar

    rudi

    Mijne heren, ik heb rottigheid

    Vandaag zwaar op pad geweest en dankbaar gebruik gemaakt van gastnetwerken maar thuis bij een back-up online valt op dat dat erg traag gaat. Daarna bij IE komen er ineens onbekende pagina's naar voor “searchconduit” en dat soort toestanden.

    Een paar logjes:info.txt logfile of random's system information tool 1.09 2014-03-08 17:04:42

    ======Uninstall list======

    –>MsiExec /X{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}

    4Team Safe PST Backup Free Edition–>MsiExec.exe /X{07107403-9A40-449B-9CBC-5E64B7726D6E}

    Aangifte Buitenland 2007–>D:\Belastingdienst\2007\ca2007u.exe

    Aangifte inkomstenbelasting 2007–>D:\Belastingdienst\2007\ib2007u.exe

    Aangifte inkomstenbelasting 2008–>D:\Belastingdienst\2008\ib2008u.exe

    Aangifte inkomstenbelasting 2009–>D:\Belastingdienst\2009\ib2009u.exe

    Aangifte inkomstenbelasting 2010–>D:\Belastingdienst\2010\ib2010u.exe

    Aangifte inkomstenbelasting 2011–>C:\Program Files (x86)\Belastingdienst\Aangifte inkomstenbelasting\2011\ib2011u.exe

    Aangifte inkomstenbelasting 2012–>C:\Program Files (x86)\Belastingdienst\Aangifte inkomstenbelasting\2012\ib2012u.exe

    Aangifte inkomstenbelasting 2013–>C:\Program Files (x86)\Belastingdienst\Aangifte inkomstenbelasting\2013\ib2013u.exe

    Aangifte inkomstenbelasting voor ondernemers 2011–>C:\Program Files (x86)\Belastingdienst\Aangifte inkomstenbelasting voor ondernemers\2011\wa2011u.exe

    Aangifte vennootschapsbelasting 2011–>C:\Program Files (x86)\Belastingdienst\Aangifte vennootschapsbelasting\2011\vb2011u.exe

    Aangifte vennootschapsbelasting 2012–>C:\Program Files (x86)\Belastingdienst\Aangifte vennootschapsbelasting\2012\vb2012u.exe

    Aangifte voor buitenlandse belastingplichtigen 2008–>D:\Belastingdienst\2008\ca2008u.exe

    Aangifte voor buitenlandse belastingplichtigen 2009–>D:\Belastingdienst\2009\ca2009u.exe

    Aangifte voor buitenlandse belastingplichtigen 2010–>D:\Belastingdienst\2010\ca2010u.exe

    Aangifte voor buitenlandse belastingplichtigen 2011–>D:\Belastingdienst\2011\ca2011u.exe

    Administratieve software van Davilex–>“C:\Program Files (x86)\InstallShield Installation Information\{E475F460-DA74-4E7E-9941-64E5856F4214}\setup.exe” -runfromtemp -l0x0413 -removeonly

    Administratieve software van Davilex–>MsiExec.exe /I{E475F460-DA74-4E7E-9941-64E5856F4214}

    Adobe Flash Player 12 ActiveX–>C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe -maintain activex

    Adobe Flash Player 12 Plugin–>C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe -maintain plugin

    Adobe Reader XI (11.0.06) - Nederlands–>MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AB0000000001}

    Alcor Micro USB Card Reader–>C:\Program Files (x86)\InstallShield Installation Information\{7CFE1371-8710-4846-9772-1F9A09F8EF2F}\setup.exe

    ASUS AI Recovery–>MsiExec.exe /I{D39F0676-163E-4595-A917-E28F99BBD4D2}

    ASUS FaceLogon–>MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}

    ASUS Instant Connect–>MsiExec.exe /I{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}

    ASUS Instant Key–>MsiExec.exe /I{D97A1B80-131F-4692-9543-E652956D8B99}

    ASUS LifeFrame3–>MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}

    ASUS Live Update–>MsiExec.exe /X{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}

    ASUS Music Maker–>“C:\Program Files (x86)\ASUS Music Maker\ASUS_Music_Maker_setup.exe”

    ASUS Music Maker–>MsiExec.exe /I{DD47370C-E0F1-407F-9DB0-3FF98907F1BC}

    ASUS Photo Designer–>“C:\Program Files (x86)\Common Files\MAGIX Services\Uninstall\{2B962F32-78E6-4585-AF24-073AD36B6590}\ASUS_Photo_Designer_setup.exe”

    ASUS Photo Designer–>MsiExec.exe /I{2B962F32-78E6-4585-AF24-073AD36B6590}

    ASUS Photo Manager–>“C:\Program Files (x86)\Common Files\MAGIX Services\Uninstall\{2A3A883D-B2AB-427D-B094-27D6241E0944}\ASUS_Photo_Manager_setup.exe”

    ASUS Photo Manager–>MsiExec.exe /I{2A3A883D-B2AB-427D-B094-27D6241E0944}

    ASUS Splendid Video Enhancement Technology–>MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}

    ASUS USB Charger Plus–>MsiExec.exe /X{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}

    ASUS Video Magic–>“C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe” /z-uninstall

    ASUS Video Magic–>“C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe” /z-uninstall

    ASUS Virtual Camera–>MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}

    ASUS Virtual Touch–>MsiExec.exe /I{938CFBD4-0652-49E5-BB8B-153948865941}

    ASUS WebStorage–>C:\Program Files (x86)\ASUS\ASUS WebStorage\uninst.exe

    ASUSDVD–>“C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe” /z-uninstall

    ASUSDVD–>“C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe” /z-uninstall

    AsusScr_N6 Series_ENG–>C:\Windows\AsusScr_N6 Series_ENG Uninstaller.exe

    AsusVibe2.0–>C:\Program Files (x86)\Asus\AsusVibe\unins000.exe

    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver–>“C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe” -runfromtemp -removeonly

    ATK Package–>MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}

    Bing Bar–>MsiExec.exe /X{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}

    Borland Database Engine 5.2.0.2–>“C:\ProgramData\{1658E2D6-AC14-4F9E-BC84-72EB08DF7C9D}\Borland Database Engine 5.2.0.2.exe” REMOVE=TRUE MODIFY=FALSE

    Borland Database Engine 5.2.0.2–>C:\ProgramData\{1658E2D6-AC14-4F9E-BC84-72EB08DF7C9D}\Borland Database Engine 5.2.0.2.exe

    Control ActiveX de Windows Live Mesh para conexiones remotas–>MsiExec.exe /I{04668DF2-D32F-4555-9C7E-35523DCD6544}

    Contrôle ActiveX Windows Live Mesh pour connexions à distance–>MsiExec.exe /I{55D003F4-9599-44BF-BA9E-95D060730DD3}

    Controlo ActiveX do Windows Live Mesh para Ligações Remotas–>MsiExec.exe /I{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}

    CyberLink LabelPrint–>“C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe” /z-uninstall

    CyberLink LabelPrint–>“C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe” /z-uninstall

    CyberLink MediaEspresso–>“C:\Program Files (x86)\InstallShield Installation Information\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe” /z-uninstall

    CyberLink MediaEspresso–>“C:\Program Files (x86)\InstallShield Installation Information\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe” /z-uninstall

    CyberLink Power2Go–>“C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe” /z-uninstall

    CyberLink Power2Go–>“C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe” /z-uninstall

    CyberLink PowerDirector–>“C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe” /z-uninstall

    CyberLink PowerDirector–>“C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe” /z-uninstall

    D3DX10–>MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

    Davilex BTW Conversie 2012–>MsiExec.exe /X{17B3B6E6-B2ED-4285-B215-3156CCDC9147}

    Davilex Patch 9.4.1.1040–>MsiExec.exe /X{F74C16C8-355A-43F0-867D-5EE112CEE369}

    Deadtime Stories–>“C:\Program Files (x86)\Asus\Game Park\Deadtime Stories\Uninstall.exe” “C:\Program Files (x86)\Asus\Game Park\Deadtime Stories\install.log”

    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{81FB7C60-565A-4869-9D90-3BE1D270E8B7}” “1043” “0”

    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{81FB7C60-565A-4869-9D90-3BE1D270E8B7}” “1043” “0”

    Dream Day First Home–>“C:\Program Files (x86)\Asus\Game Park\Dream Day First Home\Uninstall.exe” “C:\Program Files (x86)\Asus\Game Park\Dream Day First Home\install.log”

    Dream Vacation Solitaire–>“C:\Program Files (x86)\Asus\Game Park\Dream Vacation Solitaire\Uninstall.exe” “C:\Program Files (x86)\Asus\Game Park\Dream Vacation Solitaire\install.log”

    Elsevier BAS Programma 2013 Database–>C:\PROGRA~2\Elsevier\2013\BASWIN~1\UNWISE.EXE C:\PROGRA~2\Elsevier\2013\BASWIN~1\INSTALL.LOG

    Elsevier BAS Programma 2014 Database–>C:\PROGRA~2\Elsevier\2014\BASWIN~1\UNWISE.EXE C:\PROGRA~2\Elsevier\2014\BASWIN~1\INSTALL.LOG

    Elsevier CAS Programma 2014 Database–>C:\PROGRA~2\Elsevier\2014\CASWIN~1\UNWISE.EXE C:\PROGRA~2\Elsevier\2014\CASWIN~1\INSTALL.LOG

    Elsevier Communicatie Module –>C:\PROGRA~1\Elsevier\Ecm\UNWISE.EXE C:\PROGRA~1\Elsevier\Ecm\INSTALL.LOG

    Elsevier DAS Programma –>C:\PROGRA~2\Elsevier\DasWin\UNWISE.EXE C:\PROGRA~2\Elsevier\DasWin\INSTALL.LOG

    ESET Online Scanner v3–>C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

    Farm Frenzy 3 - Madagascar–>“C:\Program Files (x86)\Asus\Game Park\Farm Frenzy 3 - Madagascar\Uninstall.exe” “C:\Program Files (x86)\Asus\Game Park\Farm Frenzy 3 - Madagascar\install.log”

    Firebird SQL Server - MAGIX Edition–>MsiExec.exe /X{6C5F8503-55D2-4398-858C-362B7A7AF51C}

    Galapago–>“C:\Program Files (x86)\Asus\Game Park\Galapago\Uninstall.exe” “C:\Program Files (x86)\Asus\Game Park\Galapago\install.log”

    Galeria de Fotografias do Windows Live–>MsiExec.exe /X{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}

    Galería fotográfica de Windows Live–>MsiExec.exe /X{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}

    Galerie de photos Windows Live–>MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710}

    Game Park Console–>C:\Program Files (x86)\Asus\Game Park\GameConsole\Uninstall.exe

    Go Go Gourmet Chef of the Year–>“C:\Program Files (x86)\Asus\Game Park\Go Go Gourmet Chef of the Year\Uninstall.exe” “C:\Program Files (x86)\Asus\Game Park\Go Go Gourmet Chef of the Year\install.log”

    InstantOn for NB–>MsiExec.exe /I{749F674B-2674-47E8-879C-5626A06B2A91}

    Intel(R) Manageability Engine Firmware Recovery Agent–>MsiExec.exe /X{A6C48A9F-694A-4234-B3AA-62590B668927}

    Intel(R) Management Engine Components–>C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall

    Intel(R) OpenCL CPU Runtime–>C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall

    Intel(R) Processor Graphics–>C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall

    Intel(R) USB 3.0 eXtensible Host Controller Driver–>C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall

    Intel(R) WiDi–>MsiExec.exe /X{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}

    Junk Mail filter update–>MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

    Mahjong Memoirs–>“C:\Program Files (x86)\Asus\Game Park\Mahjong Memoirs\Uninstall.exe” “C:\Program Files (x86)\Asus\Game Park\Mahjong Memoirs\install.log”

    Malwarebytes Anti-Malware versie 1.75.0.1300–>“C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe”

    Mesh Runtime–>MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}

    Microloon 2012–>“C:\ProgramData\{CB17D3E5-FB99-4E14-8A79-08E34276177B}\Setup.exe” REMOVE=TRUE MODIFY=FALSE

    Microloon 2012–>MsiExec.exe /I{A7CE89BA-543C-4AF5-8D57-5B5A2E3DD405}

    Microloon 2013–>“C:\ProgramData\{60DDF087-751A-4FF1-8938-1F443130BCE9}\Setup.exe” REMOVE=TRUE MODIFY=FALSE

    Microloon 2013–>MsiExec.exe /I{9A340990-0BE1-47AB-92DB-9405E73A6C33}

    Microloon 2014–>“C:\ProgramData\{34CB5522-9D78-4A04-AFBF-49AECC57C33E}\Setup.exe” REMOVE=TRUE MODIFY=FALSE

    Microloon 2014–>MsiExec.exe /I{F8D0B698-1EA9-47CC-9308-C7BDFAC0358D}

    Microloon Connect–>“C:\ProgramData\{66BB03B7-8C5F-4257-9E5F-4235A42B6BB9}\Setup.exe” REMOVE=TRUE MODIFY=FALSE

    Microloon Connect–>C:\ProgramData\{66BB03B7-8C5F-4257-9E5F-4235A42B6BB9}\Setup.exe

    Microsoft Office Access MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0015-0413-0000-0000000FF1CE}

    Microsoft Office Excel MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0016-0413-0000-0000000FF1CE}

    Microsoft Office File Validation Add-In–>MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

    Microsoft Office Home and Student 2010–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe” /uninstall SINGLEIMAGE /dll OSETUP.DLL

    Microsoft Office OneNote MUI (Dutch) 2010–>MsiExec.exe /X{90140000-00A1-0413-0000-0000000FF1CE}

    Microsoft Office Outlook 2010–>MsiExec.exe /X{91140000-001A-0000-0000-0000000FF1CE}

    Microsoft Office Outlook MUI (Dutch) 2010–>MsiExec.exe /X{90140000-001A-0413-0000-0000000FF1CE}

    Microsoft Office PowerPoint MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0018-0413-0000-0000000FF1CE}

    Microsoft Office Proof (Dutch) 2010–>MsiExec.exe /X{90140000-001F-0413-0000-0000000FF1CE}

    Microsoft Office Proof (English) 2010–>MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}

    Microsoft Office Proof (French) 2010–>MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}

    Microsoft Office Proof (German) 2010–>MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}

    Microsoft Office Proofing (Dutch) 2010–>MsiExec.exe /X{90140000-002C-0413-0000-0000000FF1CE}

    Microsoft Office Publisher MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0019-0413-0000-0000000FF1CE}

    Microsoft Office Shared MUI (Dutch) 2010–>MsiExec.exe /X{90140000-006E-0413-0000-0000000FF1CE}

    Microsoft Office Single Image 2010–>MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}

    Microsoft Office Word MUI (Dutch) 2010–>MsiExec.exe /X{90140000-001B-0413-0000-0000000FF1CE}

    Microsoft Outlook 2010–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe” /uninstall OUTLOOKR /dll OSETUP.DLL

    Microsoft Outlook Reservekopie van persoonlijke mappen–>MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}

    Microsoft SQL Server 2005 Compact Edition –>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

    Microsoft SQL Server 2008 R2 RsFx Driver–>MsiExec.exe /I{93968FB2-C67A-4A9B-80C2-5D4D9393058E}

    Microsoft SQL Server 2008 R2 Setup (English)–>MsiExec.exe /X{48B08845-0CB0-45EC-893C-15319ADDA312}

    Microsoft SQL Server 2008 R2–>“C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\SetupARP.exe” /X86

    Microsoft SQL Server 2008 R2–>“C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\SetupARP.exe” /x86

    Microsoft SQL Server 2008 Setup Support Files –>MsiExec.exe /X{D441BD04-E548-4F8E-97A4-1B66135BAAA8}

    Microsoft SQL Server Browser–>MsiExec.exe /X{BF9BF038-FE03-429D-9B26-2FA0FD756052}

    Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17–>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161–>MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219–>MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

    Mozilla Firefox 27.0.1 (x86 nl)–>“C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe”

    Mozilla Maintenance Service–>“C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe”

    MSVCRT_amd64–>MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

    MSVCRT–>MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

    MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

    MSXML 4.0 SP2 (KB973688)–>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

    Norton Internet Security–>“C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\21.1.0.18\InstStub.exe” /X /ARP

    NVIDIA PhysX–>MsiExec.exe /X{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}

    NVIDIA Stereoscopic 3D Driver–>“C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe” /uninstall /ask

    Plants vs Zombies–>“C:\Program Files (x86)\Asus\Game Park\Plants vs Zombies\Uninstall.exe” “C:\Program Files (x86)\Asus\Game Park\Plants vs Zombies\install.log”

    Raccolta foto di Windows Live–>MsiExec.exe /X{ED16B700-D91F-44B0-867C-7EB5253CA38D}

    RealDownloader–>MsiExec.exe /X{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}

    RealNetworks - Microsoft Visual C++ 2008 Runtime–>MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}

    RealNetworks - Microsoft Visual C++ 2010 Runtime–>MsiExec.exe /X{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}

    RealPlayer–>C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|16.0

    Realtek High Definition Audio Driver–>RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe” -removeonly

    RealUpgrade 1.1–>MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}

    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {BD0F9F7E-62B2-3971-9E2E-B87B832CE89D}

    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {513BC47F-0560-33C2-A029-C5387642233A}

    Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{DC8EDDCF-2031-4C8D-916C-64058A3ACA95}” “1043” “0”

    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-006E-0413-0000-0000000FF1CE}” “{63EF0C85-5B63-410F-ACE4-C1D4E6769E7A}” “1043” “0”

    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-006E-0413-0000-0000000FF1CE}” “{63EF0C85-5B63-410F-ACE4-C1D4E6769E7A}” “1043” “0”

    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}” “1043” “0”

    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}” “1043” “0”

    Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0413-0000-0000000FF1CE}” “{9A854864-23D5-4FD5-8357-F4602A2A7CC4}” “1043” “0”

    Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0413-0000-0000000FF1CE}” “{9A854864-23D5-4FD5-8357-F4602A2A7CC4}” “1043” “0”

    Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{EC2CA755-17D8-4392-A91E-FD4D2DD31072}” “1043” “0”

    Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{EC2CA755-17D8-4392-A91E-FD4D2DD31072}” “1043” “0”

    Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{0241FB40-015F-42AC-A711-1AE59E346B51}” “1043” “0”

    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{7AC3F78E-ECA0-45F4-A9CC-3E885DA23662}” “1043” “0”

    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{7AC3F78E-ECA0-45F4-A9CC-3E885DA23662}” “1043” “0”

    Service Pack 1 for SQL Server 2008 R2 (KB2528583)–>“C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2528583\ServicePack\setup.exe” /Action=RemovePatch /AllInstances /x86

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0015-0413-0000-0000000FF1CE}” “{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0016-0413-0000-0000000FF1CE}” “{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0018-0413-0000-0000000FF1CE}” “{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0019-0413-0000-0000000FF1CE}” “{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001A-0413-0000-0000000FF1CE}” “{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001A-0413-0000-0000000FF1CE}” “{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001B-0413-0000-0000000FF1CE}” “{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0407-0000-0000000FF1CE}” “{8925227F-C7B5-4C95-AB58-4FCF2433DAEE}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0407-0000-0000000FF1CE}” “{8925227F-C7B5-4C95-AB58-4FCF2433DAEE}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0409-0000-0000000FF1CE}” “{09A9DF49-DA06-4093-A2FD-F339211E39EA}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0409-0000-0000000FF1CE}” “{09A9DF49-DA06-4093-A2FD-F339211E39EA}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-040C-0000-0000000FF1CE}” “{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-040C-0000-0000000FF1CE}” “{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0413-0000-0000000FF1CE}” “{2C2D6CA0-1F04-4551-A82A-E0800CD616FA}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0413-0000-0000000FF1CE}” “{2C2D6CA0-1F04-4551-A82A-E0800CD616FA}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0000-1000-0000000FF1CE}” “{E4D76E88-C65F-4003-9C71-EC4306679D17}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0000-1000-0000000FF1CE}” “{E4D76E88-C65F-4003-9C71-EC4306679D17}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0413-1000-0000000FF1CE}” “{8218F3D1-A3CE-483C-819B-855338E4397C}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0413-1000-0000000FF1CE}” “{8218F3D1-A3CE-483C-819B-855338E4397C}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002C-0413-0000-0000000FF1CE}” “{0B17C286-F7CC-4605-80D0-B465D5A44152}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002C-0413-0000-0000000FF1CE}” “{0B17C286-F7CC-4605-80D0-B465D5A44152}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-006E-0413-0000-0000000FF1CE}” “{07466203-7D4B-49A0-85BC-85CCC297AD9E}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-006E-0413-0000-0000000FF1CE}” “{07466203-7D4B-49A0-85BC-85CCC297AD9E}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-00A1-0413-0000-0000000FF1CE}” “{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}” “1043” “0”

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}” “1043” “0”

    SpywareBlaster 5.0–>“C:\Program Files (x86)\SpywareBlaster\unins000.exe”

    SQL Server 2008 R2 SP1 Common Files–>MsiExec.exe /I{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}

    SQL Server 2008 R2 SP1 Common Files–>MsiExec.exe /I{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}

    SQL Server 2008 R2 SP1 Database Engine Services–>MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}

    SQL Server 2008 R2 SP1 Database Engine Services–>MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}

    SQL Server 2008 R2 SP1 Database Engine Shared–>MsiExec.exe /I{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}

    SQL Server 2008 R2 SP1 Database Engine Shared–>MsiExec.exe /I{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}

    Sql Server Customer Experience Improvement Program–>MsiExec.exe /I{93998800-1608-403F-9A51-420A77D23C25}

    Turbo Fiesta–>“C:\Program Files (x86)\Asus\Game Park\Turbo Fiesta\Uninstall.exe” “C:\Program Files (x86)\Asus\Game Park\Turbo Fiesta\install.log”

    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}” “1043” “0”

    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0000-1000-0000000FF1CE}” “{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}” “1043” “0”

    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0000-1000-0000000FF1CE}” “{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}” “1043” “0”

    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}” “1043” “0”

    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}” “1043” “0”

    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}” “1043” “0”

    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}” “1043” “0”

    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}” “1043” “0”

    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0000-1000-0000000FF1CE}” “{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}” “1043” “0”

    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0000-1000-0000000FF1CE}” “{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}” “1043” “0”

    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}” “1043” “0”

    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}” “1043” “0”

    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{287A1E92-9E41-4BC1-8920-B3D0E9220800}” “1043” “0”

    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{287A1E92-9E41-4BC1-8920-B3D0E9220800}” “1043” “0”

    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{9D69691D-823D-4C3E-9B12-563A3F520366}” “1043” “0”

    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{9D69691D-823D-4C3E-9B12-563A3F520366}” “1043” “0”

    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0000-1000-0000000FF1CE}” “{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}” “1043” “0”

    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0000-1000-0000000FF1CE}” “{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}” “1043” “0”

    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}” “1043” “0”

    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}” “1043” “0”

    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{35698CB7-AAA2-4577-B505-DBFF504AEF23}” “1043” “0”

    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{35698CB7-AAA2-4577-B505-DBFF504AEF23}” “1043” “0”

    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{5AA578BB-759C-40FD-9661-A737C0884541}” “1043” “0”

    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{5AA578BB-759C-40FD-9661-A737C0884541}” “1043” “0”

    Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{E21274CE-CA0C-49FA-93F4-DC292A052264}” “1043” “0”

    Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{E21274CE-CA0C-49FA-93F4-DC292A052264}” “1043” “0”

    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0407-0000-0000000FF1CE}” “{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}” “1043” “0”

    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0407-0000-0000000FF1CE}” “{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}” “1043” “0”

    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0409-0000-0000000FF1CE}” “{B5C70C99-B109-42FD-B219-FF12CA543F19}” “1043” “0”

    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0409-0000-0000000FF1CE}” “{B5C70C99-B109-42FD-B219-FF12CA543F19}” “1043” “0”

    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-040C-0000-0000000FF1CE}” “{82F87E28-B18E-46D6-A399-E2F19CF5949B}” “1043” “0”

    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-040C-0000-0000000FF1CE}” “{82F87E28-B18E-46D6-A399-E2F19CF5949B}” “1043” “0”

    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0000-1000-0000000FF1CE}” “{51CCA922-A0CC-47C4-8910-6936D97CAC2E}” “1043” “0”

    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0000-1000-0000000FF1CE}” “{51CCA922-A0CC-47C4-8910-6936D97CAC2E}” “1043” “0”

    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{51CCA922-A0CC-47C4-8910-6936D97CAC2E}” “1043” “0”

    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001A-0413-0000-0000000FF1CE}” “{2CDD05C4-26E6-4125-8499-EB6D800614EE}” “1043” “0”

    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001A-0413-0000-0000000FF1CE}” “{2CDD05C4-26E6-4125-8499-EB6D800614EE}” “1043” “0”

    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{2AB483F1-C86E-427A-83B4-23889B03512D}” “1043” “0”

    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{2AB483F1-C86E-427A-83B4-23889B03512D}” “1043” “0”

    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0018-0413-0000-0000000FF1CE}” “{01C54C3F-EF56-4753-A0EC-6B3938822923}” “1043” “0”

    Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}” “1043” “0”

    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0000-1000-0000000FF1CE}” “{F9F5A080-AF38-4966-9A6B-C43DCA465035}” “1043” “0”

    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002A-0000-1000-0000000FF1CE}” “{F9F5A080-AF38-4966-9A6B-C43DCA465035}” “1043” “0”

    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{8C55AA83-54C2-4236-A622-78440A411DC5}” “1043” “0”

    Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-003D-0000-0000-0000000FF1CE}” “{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}” “1043” “0”

    Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{91140000-001A-0000-0000-0000000FF1CE}” “{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}” “1043” “0”

    VeryPDF PDFcamp Printer v2.3–>“C:\Program Files (x86)\VeryPDF PDFcamp Printer v2.3\unins000.exe”

    Windows Live Communications Platform–>MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

    Windows Live Essentials–>C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

    Windows Live Essentials–>MsiExec.exe /I{17F99FCE-8F03-4439-860A-25C5A5434E18}

    Windows Live Essentials–>MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073}

    Windows Live Essentials–>MsiExec.exe /I{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}

    Windows Live Essentials–>MsiExec.exe /I{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}

    Windows Live Essentials–>MsiExec.exe /I{ABD534B7-E951-470E-92C2-CD5AF1735726}

    Windows Live Essentials–>MsiExec.exe /I{B618C3BF-5142-4630-81DD-F96864F97C7E}

    Windows Live Essentials–>MsiExec.exe /I{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}

    Windows Live Essentials–>MsiExec.exe /I{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}

    Windows Live Essentials–>MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

    Windows Live Fotogalerie–>MsiExec.exe /X{B113D18C-67B0-4FB7-B329-E89B66194AE6}

    Windows Live Installer–>MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

    Windows Live Mail–>MsiExec.exe /I{0D261C88-454B-46FE-B43B-640E621BDA11}

    Windows Live Mail–>MsiExec.exe /I{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}

    Windows Live Mail–>MsiExec.exe /I{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}

    Windows Live Mail–>MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

    Windows Live Mail–>MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}

    Windows Live Mail–>MsiExec.exe /I{A0B91308-6666-4249-8FF6-1E11AFD75FE1}

    Windows Live Mail–>MsiExec.exe /I{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}

    Windows Live Mail–>MsiExec.exe /I{B1239994-A850-44E2-BED8-E70A21124E16}

    Windows Live Mail–>MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

    Windows Live Mail–>MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C}

    Windows Live Mail–>MsiExec.exe /I{DBAA2B17-D596-4195-A169-BA2166B0D69B}

    Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen–>MsiExec.exe /I{C32CE55C-12BA-4951-8797-0967FDEF556F}

    Windows Live Mesh ActiveX Control for Remote Connections–>MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}

    Windows Live Mesh ActiveX control for remote connections–>MsiExec.exe /I{C5398A89-516C-4DAF-BA07-EE7949090E56}

    Windows Live Mesh ActiveX Control for Remote Connections–>MsiExec.exe /I{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}

    Windows Live Mesh–>MsiExec.exe /I{039480EE-6933-4845-88B8-77FD0C3D059D}

    Windows Live Mesh–>MsiExec.exe /I{2C865FB0-051E-4D22-AC62-428E035AEAF0}

    Windows Live Mesh–>MsiExec.exe /I{3F4143A1-9C21-4011-8679-3BC1014C6886}

    Windows Live Mesh–>MsiExec.exe /I{46872828-6453-4138-BE1C-CE35FBF67978}

    Windows Live Mesh–>MsiExec.exe /I{7496FD31-E5CB-4AE4-82D3-31099558BF6A}

    Windows Live Mesh–>MsiExec.exe /I{78DAE910-CA72-450E-AD22-772CB1A00678}

    Windows Live Mesh–>MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}

    Windows Live Mesh–>MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}

    Windows Live Mesh–>MsiExec.exe /I{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}

    Windows Live Mesh–>MsiExec.exe /I{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}

    Windows Live Mesh–>MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}

    Windows Live Mesh–>MsiExec.exe /I{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}

    Windows Live Mesh–>MsiExec.exe /I{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}

    Windows Live Messenger–>MsiExec.exe /X{062E4D94-8306-46D5-81B6-45E6AD09C799}

    Windows Live Messenger–>MsiExec.exe /X{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}

    Windows Live Messenger–>MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}

    Windows Live Messenger–>MsiExec.exe /X{48294D95-EE9A-4377-8213-44FC4265FB27}

    Windows Live Messenger–>MsiExec.exe /X{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}

    Windows Live Messenger–>MsiExec.exe /X{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}

    Windows Live Messenger–>MsiExec.exe /X{8FF3891F-01B5-4A71-BFCD-20761890471C}

    Windows Live Messenger–>MsiExec.exe /X{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}

    Windows Live Messenger–>MsiExec.exe /X{B2E90616-C50D-4B89-A40D-92377AC669E5}

    Windows Live Messenger–>MsiExec.exe /X{BAEE89D5-6E87-4F89-9603-A1C100479181}

    Windows Live Messenger–>MsiExec.exe /X{C95A5A77-622F-45CA-9540-84468FCB18B1}

    Windows Live Messenger–>MsiExec.exe /X{CBFD061C-4B27-4A89-ADD8-210316EEFA11}

    Windows Live Messenger–>MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}

    Windows Live Movie Maker–>MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

    Windows Live Movie Maker–>MsiExec.exe /X{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}

    Windows Live Movie Maker–>MsiExec.exe /X{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}

    Windows Live Movie Maker–>MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}

    Windows Live Movie Maker–>MsiExec.exe /X{7465A996-0FCA-4D2D-A52C-F833B0829B5B}

    Windows Live Movie Maker–>MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

    Windows Live Movie Maker–>MsiExec.exe /X{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}

    Windows Live Movie Maker–>MsiExec.exe /X{BF022D76-9F72-4203-B8FA-6522DC66DFDA}

    Windows Live Movie Maker–>MsiExec.exe /X{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}

    Windows Live Movie Maker–>MsiExec.exe /X{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}

    Windows Live Movie Maker–>MsiExec.exe /X{E4E88B54-4777-4659-967A-2EED1E6AFD83}

    Windows Live Movie Maker–>MsiExec.exe /X{FF105207-8423-4E13-B0B1-50753170B245}

    Windows Live Movie Maker–>MsiExec.exe /X{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}

    Windows Live Photo Common–>MsiExec.exe /X{168E7302-890A-4138-9109-A225ACAF7AD1}

    Windows Live Photo Common–>MsiExec.exe /X{29373E24-AC72-424E-8F2A-FB0F9436F21F}

    Windows Live Photo Common–>MsiExec.exe /X{370F888E-42A7-4911-9E34-7D74632E17EB}

    Windows Live Photo Common–>MsiExec.exe /X{4D83F339-5A5C-4B21-8FD3-5D407B981E72}

    Windows Live Photo Common–>MsiExec.exe /X{73FC3510-6421-40F7-9503-EDAE4D0CF70D}

    Windows Live Photo Common–>MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B}

    Windows Live Photo Common–>MsiExec.exe /X{A41A708E-3BE6-4561-855D-44027C1CF0F8}

    Windows Live Photo Common–>MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

    Windows Live Photo Common–>MsiExec.exe /X{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}

    Windows Live Photo Common–>MsiExec.exe /X{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}

    Windows Live Photo Common–>MsiExec.exe /X{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}

    Windows Live Photo Common–>MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70}

    Windows Live Photo Common–>MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

    Windows Live Photo Gallery–>MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

    Windows Live Photo Gallery–>MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

    Windows Live Photo Gallery–>MsiExec.exe /X{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}

    Windows Live PIMT Platform–>MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}

    Windows Live SOXE Definitions–>MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

    Windows Live SOXE–>MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

    Windows Live UX Platform Language Pack–>MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF}

    Windows Live UX Platform Language Pack–>MsiExec.exe /I{128133D3-037A-4C62-B1B7-55666A10587A}

    Windows Live UX Platform Language Pack–>MsiExec.exe /I{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}

    Windows Live UX Platform Language Pack–>MsiExec.exe /I{37B33B16-2535-49E7-8990-32668708A0A3}

    Windows Live UX Platform Language Pack–>MsiExec.exe /I{40BFD84C-64CD-42CC-9909-8734C50429C6}

    Windows Live UX Platform Language Pack–>MsiExec.exe /I{506FC723-8E6C-4417-9CFF-351F99130425}

    Windows Live UX Platform Language Pack–>MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

    Windows Live UX Platform Language Pack–>MsiExec.exe /I{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}

    Windows Live UX Platform Language Pack–>MsiExec.exe /I{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}

    Windows Live UX Platform Language Pack–>MsiExec.exe /I{77477AEA-5757-47D8-8B33-939F43D82218}

    Windows Live UX Platform Language Pack–>MsiExec.exe /I{D299197D-CDEA-41A6-A363-F532DE4114FD}

    Windows Live UX Platform Language Pack–>MsiExec.exe /I{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}

    Windows Live UX Platform–>MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

    Windows Live Writer Resources–>MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218}

    Windows Live Writer Resources–>MsiExec.exe /X{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}

    Windows Live Writer Resources–>MsiExec.exe /X{2511AAD7-82DF-4B97-B0B3-E1B933317010}

    Windows Live Writer Resources–>MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194}

    Windows Live Writer Resources–>MsiExec.exe /X{6807427D-8D68-4D30-AF5B-0B38F8F948C8}

    Windows Live Writer Resources–>MsiExec.exe /X{7FF11E53-C002-4F40-8D68-6BE751E5DD62}

    Windows Live Writer Resources–>MsiExec.exe /X{93E464B3-D075-4989-87FD-A828B5C308B1}

    Windows Live Writer Resources–>MsiExec.exe /X{C29FC15D-E84B-4EEC-8505-4DED94414C59}

    Windows Live Writer Resources–>MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

    Windows Live Writer Resources–>MsiExec.exe /X{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}

    Windows Live Writer Resources–>MsiExec.exe /X{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}

    Windows Live Writer Resources–>MsiExec.exe /X{F52C5BE7-3F57-464E-8A54-908402E43CE8}

    Windows Live Writer–>MsiExec.exe /X{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}

    Windows Live Writer–>MsiExec.exe /X{1A82AE99-84D3-486D-BAD6-675982603E14}

    Windows Live Writer–>MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F}

    Windows Live Writer–>MsiExec.exe /X{48C0DC5E-820A-44F2-890E-29B68EDD3C78}

    Windows Live Writer–>MsiExec.exe /X{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}

    Windows Live Writer–>MsiExec.exe /X{7E017923-16F8-4E32-94EF-0A150BD196FE}

    Windows Live Writer–>MsiExec.exe /X{804DE397-F82C-4867-9085-E0AA539A3294}

    Windows Live Writer–>MsiExec.exe /X{859D4022-B76D-40DE-96EF-C90CDA263F44}

    Windows Live Writer–>MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

    Windows Live Writer–>MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

    Windows Live Writer–>MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

    Windows Live Writer–>MsiExec.exe /X{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}

    Windows Live Writer–>MsiExec.exe /X{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}

    Windows Live Writer–>MsiExec.exe /X{E62E0550-C098-43A2-B54B-03FB1E634483}

    Windows Live 影像中心–>MsiExec.exe /X{EEF99142-3357-402C-B298-DEC303E12D92}

    Windows Live 程式集–>MsiExec.exe /I{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}

    Windows Live–>MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}

    WinFlash–>MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}

    Wireless Console 3–>MsiExec.exe /I{19EA33FB-B34E-40EA-8B8A-61743AEB795A}

    World of Goo–>“C:\Program Files (x86)\Asus\Game Park\World of Goo\Uninstall.exe” “C:\Program Files (x86)\Asus\Game Park\World of Goo\install.log”

    Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις–>MsiExec.exe /I{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}

    Συλλογή φωτογραφιών του Windows Live–>MsiExec.exe /X{C00C2A91-6CB3-483F-80B3-2958E29468F1}

    Основные компоненты Windows Live–>MsiExec.exe /I{E83DC314-C926-4214-AD58-147691D6FE9F}

    Почта Windows Live–>MsiExec.exe /I{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}

    Фотоальбом Windows Live–>MsiExec.exe /X{77F69CA1-E53D-4D77-8BA3-FA07606CC851}

    Элемент управления Windows Live Mesh ActiveX для удаленных подключений–>MsiExec.exe /I{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}

    גלריית התמונות של Windows Live–>MsiExec.exe /X{CE929F09-3853-4180-BD90-30764BFF7136}

    פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים–>MsiExec.exe /I{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}

    بريد Windows Live–>MsiExec.exe /I{0A4C4B29-5A9D-4910-A13C-B920D5758744}

    عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة–>MsiExec.exe /I{E18B30AA-6E2D-480C-B918-AF61009F4010}

    معرض صور Windows Live–>MsiExec.exe /X{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}

    適用遠端連線的 Windows Live Mesh ActiveX 控制項–>MsiExec.exe /I{622DE1BE-9EDE-49D3-B349-29D64760342A}

    ======System event log======

    Computer Name: RAdelerhof-PC

    Event Code: 7036

    Message: De Distributed Link Tracking Client-service heeft nu de status gestopt.

    Record Number: 339260

    Source Name: Service Control Manager

    Time Written: 20140115164559.515638-000

    Event Type: Informatie

    User:

    Computer Name: RAdelerhof-PC

    Event Code: 7036

    Message: De Office Software Protection Platform-service heeft nu de status gestopt.

    Record Number: 339259

    Source Name: Service Control Manager

    Time Written: 20140115164559.515638-000

    Event Type: Informatie

    User:

    Computer Name: RAdelerhof-PC

    Event Code: 7036

    Message: De Desktop Window Manager Session Manager-service heeft nu de status gestopt.

    Record Number: 339258

    Source Name: Service Control Manager

    Time Written: 20140115164559.500038-000

    Event Type: Informatie

    User:

    Computer Name: RAdelerhof-PC

    Event Code: 7036

    Message: De SSDP Discovery-service heeft nu de status gestopt.

    Record Number: 339257

    Source Name: Service Control Manager

    Time Written: 20140115164559.500038-000

    Event Type: Informatie

    User:

    Computer Name: RAdelerhof-PC

    Event Code: 7036

    Message: De NVIDIA Stereoscopic 3D Driver Service-service heeft nu de status gestopt.

    Record Number: 339256

    Source Name: Service Control Manager

    Time Written: 20140115164559.484438-000

    Event Type: Informatie

    User:

    =====Application event log=====

    Computer Name: RAdelerhof-PC

    Event Code: 8194

    Message: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.

    . Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.

    Bewerking:

    Schrijvergegevens verzamelen

    Context:

    Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}

    Naam van schrijver: System Writer

    Instantie-id van schrijver: {45b52039-40f9-4f0a-9030-5043a6682df8}

    Record Number: 349574

    Source Name: VSS

    Time Written: 20140219103152.000000-000

    Event Type: Fout

    User:

    Computer Name: RAdelerhof-PC

    Event Code: 8225

    Message: De VSS-service is afgesloten vanwege een gebeurtenis voor afsluiten in Servicebeheer.

    Record Number: 349573

    Source Name: VSS

    Time Written: 20140219103151.000000-000

    Event Type: Informatie

    User:

    Computer Name: RAdelerhof-PC

    Event Code: 903

    Message: De Software Protection-service is gestopt.

    Record Number: 349572

    Source Name: Microsoft-Windows-Security-SPP

    Time Written: 20140219102832.000000-000

    Event Type: Informatie

    User:

    Computer Name: RAdelerhof-PC

    Event Code: 8194

    Message: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.

    . Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.

    Bewerking:

    Schrijvergegevens verzamelen

    Context:

    Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}

    Naam van schrijver: System Writer

    Instantie-id van schrijver: {45b52039-40f9-4f0a-9030-5043a6682df8}

    Record Number: 349571

    Source Name: VSS

    Time Written: 20140219102704.000000-000

    Event Type: Fout

    User:

    Computer Name: RAdelerhof-PC

    Event Code: 8225

    Message: De VSS-service is afgesloten vanwege een gebeurtenis voor afsluiten in Servicebeheer.

    Record Number: 349570

    Source Name: VSS

    Time Written: 20140219102703.000000-000

    Event Type: Informatie

    User:

    =====Security event log=====

    Computer Name: RAdelerhof-PC

    Event Code: 5061

    Message: Cryptografische bewerking.

    Onderwerp:

    Beveiligings-id: S-1-5-19

    Accountnaam: LOCAL SERVICE

    Accountdomein: NT AUTHORITY

    Aanmeldings-id: 0x3e5

    Cryptografieparameters:

    Naam provider: Microsoft Software Key Storage Provider

    Naam algoritme: RSA

    Sleutelnaam: fdb4526f-9027-4d10-b442-ff23c9ff8097

    Sleuteltype: Computersleutel.

    Cryptografische bewerking:

    Bewerking: Sleutel openen.

    Retourcode: 0x0

    Record Number: 63776

    Source Name: Microsoft-Windows-Security-Auditing

    Time Written: 20131104135554.291664-000

    Event Type: Controle geslaagd

    User:

    Computer Name: RAdelerhof-PC

    Event Code: 5058

    Message: Bewerking sleutelbestand.

    Onderwerp:

    Beveiligings-id: S-1-5-19

    Accountnaam: LOCAL SERVICE

    Accountdomein: NT AUTHORITY

    Aanmeldings-id: 0x3e5

    Cryptografieparameters:

    Naam provider: Microsoft Software Key Storage Provider

    Naam algoritme: Niet beschikbaar

    Sleutelnaam: fdb4526f-9027-4d10-b442-ff23c9ff8097

    Sleuteltype: Computersleutel.

    Gegevens over bewerking:

    Pad naar bestand: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8fa9dce3519c410edc249a7dae99719c_71d45e7f-87ae-49da-b561-44bac590b852

    Bewerking: Blijvende sleutel uit bestand lezen.

    Retourcode: 0x0

    Record Number: 63775

    Source Name: Microsoft-Windows-Security-Auditing

    Time Written: 20131104135554.291664-000

    Event Type: Controle geslaagd

    User:

    Computer Name: RAdelerhof-PC

    Event Code: 4672

    Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

    Onderwerp:

    Beveiligings-id: S-1-5-18

    Accountnaam: SYSTEM

    Accountdomein: NT AUTHORITY

    Aanmeldings-id: 0x3e7

    Bevoegdheden: SeAssignPrimaryTokenPrivilege

    SeTcbPrivilege

    SeSecurityPrivilege

    SeTakeOwnershipPrivilege

    SeLoadDriverPrivilege

    SeBackupPrivilege

    SeRestorePrivilege

    SeDebugPrivilege

    SeAuditPrivilege

    SeSystemEnvironmentPrivilege

    SeImpersonatePrivilege

    Record Number: 63774

    Source Name: Microsoft-Windows-Security-Auditing

    Time Written: 20131104135538.950037-000

    Event Type: Controle geslaagd

    User:

    Computer Name: RAdelerhof-PC

    Event Code: 4624

    Message: Er is een account aangemeld.

    Onderwerp:

    Beveiligings-id: S-1-5-18

    Accountnaam: RADELERHOF-PC$

    Accountdomein: WORKGROUP

    Aanmeldings-id: 0x3e7

    Aanmeldingstype: 5

    Nieuwe aanmelding:

    Beveiligings-id: S-1-5-18

    Accountnaam: SYSTEM

    Accountdomein: NT AUTHORITY

    Aanmeldings-id: 0x3e7

    Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

    Procesgegevens:

    Proces-id: 0x314

    Naam proces: C:\Windows\System32\services.exe

    Netwerkgegevens:

    Naam van werkstation:

    Netwerkadres van bron: -

    Poort van bron: -

    Gedetailleerde verificatiegegevens:

    Aanmeldingsproces: Advapi

    Verificatiepakket: Negotiate

    Doorgezette services: -

    Pakketnaam (alleen NTLM): -

    Sleutellengte: 0

    Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

    De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

    In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

    Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

    In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

    De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

    - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

    - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

    - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

    - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

    Record Number: 63773

    Source Name: Microsoft-Windows-Security-Auditing

    Time Written: 20131104135538.950037-000

    Event Type: Controle geslaagd

    User:

    Computer Name: RAdelerhof-PC

    Event Code: 4672

    Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

    Onderwerp:

    Beveiligings-id: S-1-5-18

    Accountnaam: SYSTEM

    Accountdomein: NT AUTHORITY

    Aanmeldings-id: 0x3e7

    Bevoegdheden: SeAssignPrimaryTokenPrivilege

    SeTcbPrivilege

    SeSecurityPrivilege

    SeTakeOwnershipPrivilege

    SeLoadDriverPrivilege

    SeBackupPrivilege

    SeRestorePrivilege

    SeDebugPrivilege

    SeAuditPrivilege

    SeSystemEnvironmentPrivilege

    SeImpersonatePrivilege

    Record Number: 63772

    Source Name: Microsoft-Windows-Security-Auditing

    Time Written: 20131104135536.906434-000

    Event Type: Controle geslaagd

    User:

    ======Environment variables======

    “ComSpec”=%SystemRoot%\system32\cmd.exe

    “FP_NO_HOST_CHECK”=NO

    “OS”=Windows_NT

    “Path”=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\

    “PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

    “PROCESSOR_ARCHITECTURE”=AMD64

    “TEMP”=%SystemRoot%\TEMP

    “TMP”=%SystemRoot%\TEMP

    “USERNAME”=SYSTEM

    “windir”=%SystemRoot%

    “PSModulePath”=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

    “NUMBER_OF_PROCESSORS”=4

    “PROCESSOR_LEVEL”=6

    “PROCESSOR_IDENTIFIER”=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel

    “PROCESSOR_REVISION”=3a09

    “configsetroot”=%SystemRoot%\ConfigSetRoot

    —————–EOF—————–

  • Anonymous avatar

    rudi

    alwarebytes Anti-Malware 1.75.0.1300

    www.malwarebytes.org

    Databaseversie: v2014.03.08.05

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 11.0.9600.16518

    R. Adelerhof :: RADELERHOF-PC

    8-3-2014 15:44:32

    mbam-log-2014-03-08 (15-44-32).txt

    Scan type: Volledige scan (C:\|D:\|)

    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scan opties: P2P

    Objecten gescand: 469981

    Verstreken tijd: 35 minuut/minuten, 46 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 1

    HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.ConduitSearchProtect) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 1

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Slecht: (http://search.conduit.com/?ctid=ct3320133&octid=eb_original_ctid&searchsource=55&cui=&um=4&up=spb8b011fc-f8ee-4bbf-9cf5-c3cbde9f8575&sspv=) Goed: (http://www.google.com) -> Succesvol in quarantaine geplaatst en gerepareerd.

    Mappen gedetecteerd: 19

    C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 75

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Users\R. Adelerhof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGEYDQD\Allin1Convert.exe (PUP.Optional.MindSpark.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QSWX8C20\AdwCleaner.exe (PUP.Optional.BundleInstaller.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\Desktop\AdwCleaner.exe (PUP.Optional.BundleInstaller.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)

  • Anonymous avatar

    rudi

    alwarebytes Anti-Malware 1.75.0.1300

    www.malwarebytes.org

    Databaseversie: v2014.03.08.05

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 11.0.9600.16518

    R. Adelerhof :: RADELERHOF-PC

    8-3-2014 15:44:32

    mbam-log-2014-03-08 (15-44-32).txt

    Scan type: Volledige scan (C:\|D:\|)

    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scan opties: P2P

    Objecten gescand: 469981

    Verstreken tijd: 35 minuut/minuten, 46 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 1

    HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.ConduitSearchProtect) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 1

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Slecht: (http://search.conduit.com/?ctid=ct3320133&octid=eb_original_ctid&searchsource=55&cui=&um=4&up=spb8b011fc-f8ee-4bbf-9cf5-c3cbde9f8575&sspv=) Goed: (http://www.google.com) -> Succesvol in quarantaine geplaatst en gerepareerd.

    Mappen gedetecteerd: 19

    C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 75

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Geen actie ondernomen.

    C:\Users\R. Adelerhof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGEYDQD\Allin1Convert.exe (PUP.Optional.MindSpark.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QSWX8C20\AdwCleaner.exe (PUP.Optional.BundleInstaller.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\Desktop\AdwCleaner.exe (PUP.Optional.BundleInstaller.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)

    Malwarebytes Anti-Malware 1.75.0.1300

    www.malwarebytes.org

    Databaseversie: v2014.03.08.05

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 11.0.9600.16518

    R. Adelerhof :: RADELERHOF-PC

    8-3-2014 16:22:01

    mbam-log-2014-03-08 (16-22-01).txt

    Scan type: Volledige scan (C:\|D:\|)

    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scan opties: P2P

    Objecten gescand: 470250

    Verstreken tijd: 31 minuut/minuten, 34 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 2

    C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    Bestanden gedetecteerd: 14

    C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\$RECYCLE.BIN\S-1-5-21-3085899422-3526582053-2542983109-1001\$RVPSNAU.exe (PUP.Optional.BundleInstaller.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\nsa1410.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\nsb42B3.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\nsg16EF.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\nsq4581.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\n595\s595.exe (PUP.Optional.Rapiddown) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\n595\searchprotect_2111-1a12a8ce.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\nsv88B2\SpSetup.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)

    Malwarebytes Anti-Malware 1.75.0.1300

    www.malwarebytes.org

    Databaseversie: v2014.03.08.05

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 11.0.9600.16518

    R. Adelerhof :: RADELERHOF-PC

    8-3-2014 16:22:01

    mbam-log-2014-03-08 (16-22-01).txt

    Scan type: Volledige scan (C:\|D:\|)

    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scan opties: P2P

    Objecten gescand: 470250

    Verstreken tijd: 31 minuut/minuten, 34 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 2

    C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Zal worden verwijderd tijdens het herstarten.

    Bestanden gedetecteerd: 14

    C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Zal worden verwijderd tijdens het herstarten.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\$RECYCLE.BIN\S-1-5-21-3085899422-3526582053-2542983109-1001\$RVPSNAU.exe (PUP.Optional.BundleInstaller.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\nsa1410.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\nsb42B3.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\nsg16EF.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\nsq4581.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\n595\s595.exe (PUP.Optional.Rapiddown) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\n595\searchprotect_2111-1a12a8ce.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\R. Adelerhof\AppData\Local\Temp\nsv88B2\SpSetup.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)

  • Anonymous avatar

    rudi

    # AdwCleaner v3.020 - Report created 08/03/2014 at 17:00:36

    # Updated 27/02/2014 by Xplode

    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

    # Username : R. Adelerhof - RADELERHOF-PC

    # Running from : C:\Users\R. Adelerhof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EHZH6SG\adwcleaner.exe

    # Option : Clean

    ***** *****

    ***** *****

    Folder Deleted : C:\Users\R. Adelerhof\AppData\Local\SearchProtect

    File Deleted : C:\Users\R. Adelerhof\AppData\Roaming\Mozilla\Firefox\Profiles\dusbzwjy.default\searchplugins\conduit-search.xml

    ***** *****

    ***** *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

    Key Deleted : HKLM\Software\SearchProtect

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

    ***** *****

    -\\ Internet Explorer v11.0.9600.16518

    -\\ Mozilla Firefox v27.0.1 (nl)

    Line Deleted : user_pref(“browser.newtab.url”, “hxxp://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SPB8B011FC-F8EE-4BBF-9CF5-C3CBDE9F8575”);

    Line Deleted : user_pref(“browser.search.defaultenginename”, “Conduit Search”);

    Line Deleted : user_pref(“browser.search.selectedEngine”, “Conduit Search”);

    Line Deleted : user_pref(“browser.startup.homepage”, “hxxp://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPB8B011FC-F8EE-4BBF-9CF5-C3CBDE9F8575&SSPV=”);

    *************************

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    ########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########

  • Anonymous avatar

    rudi

    Dank voor het meekijken!!!!

  • Anonymous avatar

    rudi

    Overigens…na alle acties ( logjes) ..zijn de klachten wel weg, maar ik heb zo'n vermoeden dat jullie nog wel een paar schoonmaakacties in petto hebben.;)

  • Anonymous avatar

    Ben

    Hallo,

    Wil je het andere logje van RSIT plaatsen "Log.txt"

  • Anonymous avatar

    rudi

    Deze???

    Logfile of random's system information tool 1.09 (written by random/random)

    Run by R. Adelerhof at 2014-03-08 18:24:22

    Microsoft Windows 7 Home Premium Service Pack 1

    System drive C: has 119 GB (59%) free of 203 GB

    Total RAM: 8078 MB (58% free)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 18:24:28, on 8-3-2014

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.16518)

    Boot mode: Normal

    Running processes:

    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

    C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe

    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

    C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

    C:\Users\R. Adelerhof\AppData\Roaming\Dropbox\bin\Dropbox.exe

    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

    C:\Windows\SysWOW64\ACEngSvr.exe

    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

    C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

    C:\Windows\AsScrPro.exe

    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

    C:\Windows\SysWOW64\DllHost.exe

    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\trend micro\R. Adelerhof.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://antivirus.startpagina.nl/prikbord/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    F2 - REG:system.ini: UserInit=userinit.exe,

    O2 - BHO: (no name) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - (no file)

    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll

    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll

    O3 - Toolbar: (no name) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - (no file)

    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll

    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll

    O4 - HKLM\..\Run: “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe”

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\Cyberlink\DVD Suite” UpdateWithCreateOnce “Software\CyberLink\PowerStarter”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe” /DelayServices

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe” -osboot

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-21-3085899422-3526582053-2542983109-1000\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)

    O4 - HKUS\S-1-5-21-3085899422-3526582053-2542983109-1000\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)

    O4 - Startup: Dropbox.lnk = R. Adelerhof\AppData\Roaming\Dropbox\bin\Dropbox.exe

    O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

    O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

    O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe

    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

    O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

    O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

    O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

    O23 - Service: GoodSync Server (GsServer) - Unknown owner - C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

    O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    O23 - Service: OnlineBackupService - CloudBackup - C:\Program Files\ArgewebBackup\OnlineBackupService.exe

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    End of file - 16667 bytes

    ======Listing Processes======

    \SystemRoot\System32\smss.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    wininit.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    C:\Windows\system32\services.exe

    C:\Windows\system32\lsass.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    “C:\Windows\system32\nvvsvc.exe”

    winlogon.exe

    “C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe”

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\svchost.exe -k NetworkService

    “C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe”

    C:\Windows\system32\nvvsvc.exe -session -first

    “C:\Windows\system32\FBAgent.exe”

    C:\Windows\system32\WLANExt.exe 31869376

    /QuitInfo:0000000000000478;000000000000049C; /AddRef;

    \??\C:\Windows\system32\conhost.exe "-1421050014-2085690804-105482461730960623472250759659717636720149542611602128052

    “C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe”

    “C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe”

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”

    “C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe”

    “C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe”

    “taskhost.exe”

    “C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe”

    “C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe”

    “C:\Windows\system32\Dwm.exe”

    /QuitInfo:00000000000004F4;00000000000004F8; /AddRef;

    taskeng.exe {DF879802-6705-4162-8D9D-DDFA4454BF25}

    /QuitInfo:00000000000004D4;0000000000000508;

    C:\Windows\Explorer.EXE

    /loadhooks /Parent:00000000000008B4

    C:\Windows\system32\svchost.exe -k bthsvcs

    “C:\Program Files\ASUS\P4G\BatteryLife.exe”

    taskeng.exe {FC0DD947-FAFC-4ABD-A7BE-56680E2FCB9C}

    ATKOSD.exe

    “C:\Program Files\Intel\WiFi\bin\EvtEng.exe”

    “C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe”

    “C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe”

    “C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe” /service

    “C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe”

    “C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe”

    “C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe”

    KBFiltr.exe

    WDC.exe

    “C:\Program Files\Intel\iCLS Client\HeciServer.exe”

    “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe”

    “C:\Windows\System32\igfxtray.exe”

    “C:\Windows\System32\hkcmd.exe”

    “C:\Program Files\Elantech\ETDCtrl.exe”

    “C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe” /MAXX3

    “C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe”

    “C:\Windows\System32\rundll32.exe” “C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll”,TrayApp

    “C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe”

    “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe”

    “C:\Users\R. Adelerhof\AppData\Roaming\Dropbox\bin\Dropbox.exe” /systemstartup

    “C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE” /tsr

    “C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe” -sMSSQLSERVER

    “C:\Program Files (x86)\ASUS\Splendid\ACMON.exe”

    C:\Windows\SysWOW64\ACEngSvr.exe -Embedding

    “C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe”

    “C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe”

    C:\Windows\System32\svchost.exe -k HPZ12

    “C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe”

    “C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe” /s “NIS” /m “C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll” /prefetch:1

    “C:\Program Files\ArgewebBackup\OnlineBackupService.exe”

    “C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe”

    “C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe”

    “C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe” -osboot

    “C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe” /c /a /s UserSession2

    C:\Windows\System32\svchost.exe -k HPZ12

    “C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe”

    “C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe”

    “C:\Windows\AsScrPro.exe”

    “C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe”

    C:\Windows\system32\svchost.exe -k imgsvc

    “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”

    “C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe”

    “C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe”

    C:\Windows\system32\wbem\unsecapp.exe -Embedding

    WLIDSvcM.exe 4816

    C:\Windows\system32\wbem\wmiprvse.exe

    “C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe”

    “C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe”

    “C:/Program Files/NVIDIA Corporation/Display/nvtray.exe” -user_has_logged_in 1

    “C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”

    “C:\Program Files\Elantech\ETDCtrlHelper.exe”

    “C:\Program Files\Elantech\ETDGesture.exe”

    “C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe” -Embedding

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\SearchIndexer.exe /Embedding

    “C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe” -s

    “C:\Program Files\Windows Media Player\wmpnetwk.exe”

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

    “C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe”

    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    “C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe”

    C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}

    “C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe”

    “C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe”

    “C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe” /DisableUI

    “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe”

    “C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe”

    “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe”

    “C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe”

    C:\Windows\system32\svchost.exe -k SDRSVC

    “C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe”

    “C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe” lng=1033

    “C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe” “/base-dir=C:\Program Files (x86)\ESET\ESET Online Scanner” /lang=1033 /as

    \??\C:\Windows\system32\conhost.exe "1739968633-13653897711662902892-197337939321694982-2119202849-2056405723-62831725

    C:\Windows\system32\vssvc.exe

    C:\Windows\System32\svchost.exe -k swprv

    “C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE”

    “C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe”

    “C:\Program Files\Internet Explorer\IEXPLORE.EXE”

    “C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:3284 CREDAT:267521 /prefetch:2

    “C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe” /bgrecordhelpersvc

    C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_70_ActiveX.exe -Embedding

    “C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:3284 CREDAT:3478885 /prefetch:2

    “C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:3284 CREDAT:2299181 /prefetch:2

    “C:\Users\R. Adelerhof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N6TWBRZY\RSITx64.exe”

    C:\Windows\system32\wbem\wmiprvse.exe

    ======Scheduled tasks folder======

    C:\Windows\tasks\Adobe Flash Player Updater.job

    C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

    C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

    =========Mozilla firefox=========

    ProfilePath - C:\Users\R. Adelerhof\AppData\Roaming\Mozilla\Firefox\Profiles\dusbzwjy.default

    prefs.js - “browser.search.useDBForOrder” - true

    “Description”=Adobe® Flash® Player 12.0.0.70 Plugin

    “Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

    “Description”=Intel IPT WebApi plugin

    “Path”=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

    “Description”=This plugin updates Intel WebAPI component

    “Path”=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

    “Description”=

    “Path”=disabled

    “Description”=Ag Player Plugin

    “Path”=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

    “Description”=Office Authorization plug-in for NPAPI browsers

    “Path”=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

    “Description”=Microsoft SharePoint Plug-in for Firefox

    “Path”=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

    “Description”=WLPG Install MIME type

    “Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    “Description”=WLPG Install MIME type

    “Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    “Description”=NVIDIA stereo images plugin for Mozilla browsers

    “Path”=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

    “Description”=NVIDIA 3D Vision Streaming plugin for Mozilla browsers

    “Path”=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

    “Description”=RealPlayer™ LiveConnect-Enabled Plug-In

    “Path”=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

    “Description”=RealNetworks™ RealDownloader Chrome Background Extension Plug-In

    “Path”=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

    “Description”=RealNetworks™ RealDownloader HTML5VideoShim Plug-In

    “Path”=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

    “Description”=RealNetworks™ RealDownloader Peppe rFlash Video Shim Plug-In

    “Path”=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

    “Description”=RealPlayer Download Plugin

    “Path”=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

    “Description”=RealDownloader Plugin

    “Path”=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

    “Description”=Handles PDFs in-place in Firefox

    “Path”=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

    “Description”=Adobe® Flash® Player 12.0.0.70 Plugin

    “Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll

    “Description”=

    “Path”=disabled

    “Description”=Ag Player Plugin

    “Path”=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

    “Description”=Office Authorization plug-in for NPAPI browsers

    “Path”=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

    ======Registry dump======

    Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll

    Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

    Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll

    RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

    Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll

    Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL

    Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll

    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll

    {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll

    {eec0f710-38b5-4aba-99bf-ec87564a4e13}

    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll

    {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll

    “IgfxTray”=C:\Windows\system32\igfxtray.exe

    “HotKeysCmds”=C:\Windows\system32\hkcmd.exe

    “ETDCtrl”=C:\Program Files\Elantech\ETDCtrl.exe

    “RtHDVBg”=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

    “BLEServicesCtrl”=C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe

    “BTMTrayAgent”=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll

    “AmIcoSinglun64”=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe

    C:\Windows\AsScrPro.exe

    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    C:\Users\RF0C2~1.ADE\AppData\Roaming\Dropbox\bin\Dropbox.exe

    “ASUSPRP”=C:\Program Files (x86)\ASUS\APRP\APRP.EXE

    “ASUSWebStorage”=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe

    “USB3MON”=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

    “ATKOSD2”=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

    “ATKMEDIA”=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

    “HControlUser”=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

    “ASUS InstantKey”=C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe

    “Wireless Console 3”=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

    “RemoteControl10”=C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe

    “UpdatePSTShortCut”=C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe

    “BCSSync”=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

    “TkBellExe”=C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

    “Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

    AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

    C:\Users\R. Adelerhof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

    Dropbox.lnk - C:\Users\R. Adelerhof\AppData\Roaming\Dropbox\bin\Dropbox.exe

    OneNote 2010 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

    “AppInit_DLLs”=“ C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\nvinit.dll,C:\Windows\system32\nvinitx.dll”

    C:\Windows\system32\igfxdev.dll

    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    “SecurityProviders”=credssp.dll

    “ConsentPromptBehaviorAdmin”=5

    “ConsentPromptBehaviorUser”=3

    “EnableUIADesktopToggle”=0

    “dontdisplaylastusername”=0

    “legalnoticecaption”=

    “legalnoticetext”=

    “shutdownwithoutlogon”=1

    “undockwithoutlogon”=1

    “NoActiveDesktop”=1

    “NoActiveDesktopChanges”=1

    “ForceActiveDesktopOn”=0

    “vidc.mrle”=msrle32.dll

    “vidc.msvc”=msvidc32.dll

    “msacm.imaadpcm”=imaadp32.acm

    “msacm.msg711”=msg711.acm

    “msacm.msgsm610”=msgsm32.acm

    “msacm.msadpcm”=msadp32.acm

    “midimapper”=midimap.dll

    “wavemapper”=msacm32.drv

    “VIDC.UYVY”=msyuv.dll

    “VIDC.YUY2”=msyuv.dll

    “VIDC.YVYU”=msyuv.dll

    “VIDC.IYUV”=iyuv_32.dll

    “vidc.i420”=iyuv_32.dll

    “VIDC.YVU9”=tsbyuv.dll

    “msacm.l3acm”=C:\Windows\System32\l3codeca.acm

    “MSVideo8”=VfWWDM32.dll

    “wave”=wdmaud.drv

    “midi”=wdmaud.drv

    “mixer”=wdmaud.drv

    “aux”=wdmaud.drv

    “wave1”=wdmaud.drv

    “midi1”=wdmaud.drv

    “mixer1”=wdmaud.drv

    “wave2”=wdmaud.drv

    “midi2”=wdmaud.drv

    “mixer2”=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    .js - open - C:\Windows\System32\WScript.exe “%1” %*

    ======List of files/folders created in the last 1 month======

    2014-03-08 17:04:34 —-D—- C:\Program Files (x86)\trend micro

    2014-03-08 17:04:33 —-D—- C:\rsit

    2014-03-08 16:07:33 —-D—- C:\Program Files (x86)\ESET

    2014-03-05 21:10:18 —-D—- C:\Nieuwe map (9)

    2014-03-05 18:39:51 —-D—- C:\Nieuwe map (8)

    2014-03-05 12:28:27 —-D—- C:\Nieuwe map (7)

    2014-03-05 12:18:10 —-D—- C:\Program Files (x86)\Mozilla Firefox

    2014-03-04 16:07:56 —-D—- C:\Nieuwe map (6)

    2014-03-03 22:29:46 —-D—- C:\Nieuwe map (5)

    2014-03-03 12:21:57 —-D—- C:\Nieuwe map (4)

    2014-02-28 16:30:14 —-D—- C:\Nieuwe map (3)

    2014-02-20 20:51:39 —-D—- C:\Nieuwe map (2)

    2014-02-19 11:35:25 —-D—- C:\Windows\pss

    2014-02-14 16:27:34 —-D—- C:\Users\R. Adelerhof\AppData\Roaming\DropboxMaster

    2014-02-14 16:27:01 —-D—- C:\Users\R. Adelerhof\AppData\Roaming\Dropbox

    2014-02-13 22:32:02 —-A—- C:\Windows\SYSWOW64\vbscript.dll

    2014-02-13 22:32:02 —-A—- C:\Windows\system32\vbscript.dll

    2014-02-13 22:31:39 —-A—- C:\Windows\SYSWOW64\msrating.dll

    2014-02-13 22:31:39 —-A—- C:\Windows\system32\msrating.dll

    2014-02-13 22:31:38 —-A—- C:\Windows\SYSWOW64\ieui.dll

    2014-02-13 22:31:38 —-A—- C:\Windows\system32\jsproxy.dll

    2014-02-13 22:31:38 —-A—- C:\Windows\system32\ieui.dll

    2014-02-13 22:31:38 —-A—- C:\Windows\system32\iernonce.dll

    2014-02-13 22:31:38 —-A—- C:\Windows\system32\ieetwcollectorres.dll

    2014-02-13 22:31:38 —-A—- C:\Windows\system32\ie4uinit.exe

    2014-02-13 22:31:37 —-A—- C:\Windows\SYSWOW64\msfeeds.dll

    2014-02-13 22:31:37 —-A—- C:\Windows\SYSWOW64\jsproxy.dll

    2014-02-13 22:31:37 —-A—- C:\Windows\SYSWOW64\jscript9diag.dll

    2014-02-13 22:31:37 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe

    2014-02-13 22:31:37 —-A—- C:\Windows\SYSWOW64\iesetup.dll

    2014-02-13 22:31:37 —-A—- C:\Windows\SYSWOW64\iernonce.dll

    2014-02-13 22:31:37 —-A—- C:\Windows\SYSWOW64\ieetwproxystub.dll

    2014-02-13 22:31:37 —-A—- C:\Windows\system32\mshtml.dll

    2014-02-13 22:31:37 —-A—- C:\Windows\system32\msfeeds.dll

    2014-02-13 22:31:37 —-A—- C:\Windows\system32\jscript9diag.dll

    2014-02-13 22:31:37 —-A—- C:\Windows\system32\ieUnatt.exe

    2014-02-13 22:31:37 —-A—- C:\Windows\system32\iesetup.dll

    2014-02-13 22:31:37 —-A—- C:\Windows\system32\ieetwproxystub.dll

    2014-02-13 22:31:37 —-A—- C:\Windows\system32\ieetwcollector.exe

    2014-02-13 22:31:36 —-A—- C:\Windows\SYSWOW64\wininet.dll

    2014-02-13 22:31:36 —-A—- C:\Windows\SYSWOW64\urlmon.dll

    2014-02-13 22:31:36 —-A—- C:\Windows\SYSWOW64\iertutil.dll

    2014-02-13 22:31:36 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll

    2014-02-13 22:31:36 —-A—- C:\Windows\system32\wininet.dll

    2014-02-13 22:31:36 —-A—- C:\Windows\system32\urlmon.dll

    2014-02-13 22:31:36 —-A—- C:\Windows\system32\iertutil.dll

    2014-02-13 22:31:36 —-A—- C:\Windows\system32\ieapfltr.dll

    2014-02-13 22:31:35 —-A—- C:\Windows\system32\ieframe.dll

    2014-02-13 22:31:34 —-A—- C:\Windows\SYSWOW64\mshtml.dll

    2014-02-13 22:31:34 —-A—- C:\Windows\SYSWOW64\jscript9.dll

    2014-02-13 22:31:34 —-A—- C:\Windows\SYSWOW64\ieframe.dll

    2014-02-13 22:31:33 —-A—- C:\Windows\system32\jscript9.dll

    2014-02-13 17:37:08 —-D—- C:\Nieuwe map

    2014-02-13 15:06:23 —-A—- C:\Windows\SYSWOW64\msxml3r.dll

    2014-02-13 15:06:23 —-A—- C:\Windows\SYSWOW64\msxml3.dll

    2014-02-13 15:06:23 —-A—- C:\Windows\system32\msxml3r.dll

    2014-02-13 15:06:23 —-A—- C:\Windows\system32\msxml3.dll

    2014-02-13 15:06:17 —-A—- C:\Windows\SYSWOW64\RMActivate_isv.exe

    2014-02-13 15:06:17 —-A—- C:\Windows\system32\RMActivate_isv.exe

    2014-02-13 15:06:17 —-A—- C:\Windows\system32\RMActivate.exe

    2014-02-13 15:06:16 —-A—- C:\Windows\SYSWOW64\secproc_ssp_isv.dll

    2014-02-13 15:06:16 —-A—- C:\Windows\SYSWOW64\secproc_ssp.dll

    2014-02-13 15:06:16 —-A—- C:\Windows\SYSWOW64\secproc_isv.dll

    2014-02-13 15:06:16 —-A—- C:\Windows\SYSWOW64\secproc.dll

    2014-02-13 15:06:16 —-A—- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe

    2014-02-13 15:06:16 —-A—- C:\Windows\SYSWOW64\RMActivate_ssp.exe

    2014-02-13 15:06:16 —-A—- C:\Windows\SYSWOW64\RMActivate.exe

    2014-02-13 15:06:16 —-A—- C:\Windows\SYSWOW64\msdrm.dll

    2014-02-13 15:06:16 —-A—- C:\Windows\system32\secproc_ssp_isv.dll

    2014-02-13 15:06:16 —-A—- C:\Windows\system32\secproc_ssp.dll

    2014-02-13 15:06:16 —-A—- C:\Windows\system32\secproc_isv.dll

    2014-02-13 15:06:16 —-A—- C:\Windows\system32\secproc.dll

    2014-02-13 15:06:16 —-A—- C:\Windows\system32\RMActivate_ssp_isv.exe

    2014-02-13 15:06:16 —-A—- C:\Windows\system32\RMActivate_ssp.exe

    2014-02-13 15:06:16 —-A—- C:\Windows\system32\msdrm.dll

    2014-02-13 15:06:13 —-A—- C:\Windows\SYSWOW64\d3d10warp.dll

    2014-02-13 15:06:13 —-A—- C:\Windows\system32\d3d10warp.dll

    2014-02-13 15:06:13 —-A—- C:\Windows\system32\d2d1.dll

    2014-02-13 15:06:12 —-A—- C:\Windows\SYSWOW64\d2d1.dll

    ======List of files/folders modified in the last 1 month======

    2014-03-08 18:24:26 —-D—- C:\Program Files\trend micro

    2014-03-08 18:24:16 —-D—- C:\Windows\Temp

    2014-03-08 17:14:36 —-D—- C:\Windows

    2014-03-08 17:14:19 —-D—- C:\Windows\system32\config

    2014-03-08 17:08:29 —-D—- C:\Windows\System32

    2014-03-08 17:08:29 —-D—- C:\Windows\inf

    2014-03-08 17:08:29 —-A—- C:\Windows\system32\PerfStringBackup.INI

    2014-03-08 17:04:34 —-RD—- C:\Program Files (x86)

    2014-03-08 17:03:18 —-A—- C:\Windows\SYSWOW64\log.txt

    2014-03-08 17:02:40 —-SHD—- C:\System Volume Information

    2014-03-08 17:01:25 —-D—- C:\Windows\system32\Tasks

    2014-03-08 17:01:10 —-D—- C:\ProgramData\NVIDIA

    2014-03-08 17:00:38 —-D—- C:\AdwCleaner

    2014-03-08 16:55:25 —-D—- C:\Program Files (x86)\Mozilla Maintenance Service

    2014-03-08 15:50:05 —-AD—- C:\ProgramData\Temp

    2014-03-08 15:49:47 —-D—- C:\Program Files (x86)\SpywareBlaster

    2014-03-08 15:31:27 —-D—- C:\Windows\system32\catroot2

    2014-03-08 15:14:36 —-D—- C:\Users\R. Adelerhof\AppData\Roaming\GoodSync

    2014-03-07 10:42:33 —-D—- C:\Microloon2014

    2014-03-07 09:20:16 —-D—- C:\Windows\SysWOW64

    2014-03-06 18:40:05 —-D—- C:\ProgramData\Davilex Business

    2014-03-04 13:02:52 —-D—- C:\ProgramData\OnlineBackupClient

    2014-03-04 13:02:52 —-D—- C:\Program Files\ArgewebBackup

    2014-03-04 00:15:53 —-D—- C:\Windows\system32\NDF

    2014-03-03 14:46:43 —-SD—- C:\Users\R. Adelerhof\AppData\Roaming\Microsoft

    2014-03-01 09:18:30 —-D—- C:\Program Files (x86)\Internet Explorer

    2014-03-01 08:19:48 —-D—- C:\Users\R. Adelerhof\AppData\Roaming\Belastingdienst

    2014-02-28 11:56:39 —-D—- C:\Program Files\CCleaner

    2014-02-21 18:19:58 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe

    2014-02-21 16:17:00 —-D—- C:\Windows\debug

    2014-02-20 16:37:21 —-HDC—- C:\ProgramData\{60DDF087-751A-4FF1-8938-1F443130BCE9}

    2014-02-20 16:37:19 —-SHD—- C:\Windows\Installer

    2014-02-20 16:37:19 —-HD—- C:\Config.Msi

    2014-02-20 16:37:18 —-D—- C:\Microloon2013

    2014-02-20 16:20:19 —-HDC—- C:\ProgramData\{34CB5522-9D78-4A04-AFBF-49AECC57C33E}

    2014-02-17 08:37:38 —-D—- C:\Windows\system32\MRT

    2014-02-17 08:35:34 —-A—- C:\Windows\system32\MRT.exe

    2014-02-14 21:41:39 —-A—- C:\Windows\system32\AutoRunFilter.ini

    2014-02-14 12:50:30 —-D—- C:\Windows\Microsoft.NET

    2014-02-14 12:48:11 —-RSD—- C:\Windows\assembly

    2014-02-14 08:28:54 —-D—- C:\Windows\winsxs

    2014-02-14 08:28:24 —-D—- C:\Windows\SYSWOW64\nl-NL

    2014-02-14 08:28:24 —-D—- C:\Windows\system32\nl-NL

    2014-02-14 08:28:24 —-D—- C:\Program Files\Internet Explorer

    2014-02-13 22:36:28 —-D—- C:\ProgramData\Microsoft Help

    2014-02-13 22:33:18 —-A—- C:\Windows\SYSWOW64\PerfStringBackup.INI

    2014-02-13 22:32:54 —-D—- C:\Windows\system32\catroot

    2014-02-13 22:32:12 —-A—- C:\Windows\win.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys

    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys

    R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys

    R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys

    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys

    R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS

    R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS

    R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

    R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys

    R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys

    R1 ccSet_NIS;NIS Settings Manager; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys

    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

    R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140307.001\IDSvia64.sys

    R1 nvkflt;nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys

    R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS

    R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS

    R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS

    R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys

    R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

    R3 AiCharger;ASUS Charger Driver; C:\Windows\system32\DRIVERS\AiCharger.sys

    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys

    R3 AsusVBus;AsusVBus; C:\Windows\system32\DRIVERS\AsusVBus.sys

    R3 AsusVTouch;AsusVTouch; C:\Windows\system32\DRIVERS\AsusVTouch.sys

    R3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys

    R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys

    R3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys

    R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys

    R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

    R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys

    R3 ibtfltcoex;ibtfltcoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys

    R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys

    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys

    R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma; C:\Windows\system32\DRIVERS\iusb3hub.sys

    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys

    R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys

    R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys

    R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys

    R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys

    R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140307.023\ENG64.SYS

    R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140307.023\EX64.SYS

    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys

    R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys

    R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS

    R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys

    S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys

    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol; C:\Windows\system32\DRIVERS\amppal.sys

    S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys

    S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys

    S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys

    S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys

    S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys

    S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys

    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys

    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys

    S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys

    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys

    S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys

    S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe

    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

    R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

    R2 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe

    R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

    R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

    R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

    R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

    R2 GsServer;GoodSync Server; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe

    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe

    R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

    R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    R2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

    R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe

    R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe

    R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    R2 OnlineBackupService;OnlineBackupService; C:\Program Files\ArgewebBackup\OnlineBackupService.exe

    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe

    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

    R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe

    R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

    R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    R3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

    S2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

    S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe

    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

    S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

    S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe

    S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

    S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe

    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

    S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

    S4 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE

    —————–EOF—————–

  • Anonymous avatar

    Ben

    Hallo,

    Je heb al een back-up gemaakt he?

    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.

    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

    Download Zoek.exe naar het bureaublad.

    * Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

    Zoek.exe uitvoeren

    Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

    * Dubbelklik vervolgens op Zoek.exe om de tool te starten.

    * Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

    * Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:

    * Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.

    firefoxlook;

    emptyclsid;

    torpigcheck;

    {1dad3af3-ef2f-4f64-ac4b-11789189fcb6};c

    {eec0f710-38b5-4aba-99bf-ec87564a4e13};c

    emptyfolderscheck;delete

    chromelook;

    standardsearch;

    filesrcm;

    autoclean;

    startupall;

    * Klik nu op de knop "Run script".

    * Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    * Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    * Post het geopende logje in het volgende bericht.

  • Anonymous avatar

    rudi

    Een hele lijst !

    Zoek.exe v5.0.0.0 Updated 07-March-2014

    Tool run by R. Adelerhof on za 08-03-2014 at 18:40:58,56.

    Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\R. Adelerhof\Desktop\zoek.exe

    ==== Older Logs ======================

    C:\zoek-results2013-10-17-192134.log 46221 bytes

    ==== Torpig Check ======================

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll

    ==== Empty Folders Check ======================

    C:\PROGRA~2\MSXML 4.0 deleted successfully

    C:\Users\R. Adelerhof\AppData\Local\CrashDumps deleted successfully

    ==== Deleting CLSID Registry Keys ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6} deleted successfully

    ==== Deleting CLSID Registry Values ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{eec0f710-38b5-4aba-99bf-ec87564a4e13} deleted successfully

    ==== Running Processes ======================

    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe

    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe

    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

    C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe

    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

    C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

    C:\Users\R. Adelerhof\AppData\Roaming\Dropbox\bin\Dropbox.exe

    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

    C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

    C:\Windows\SysWOW64\ACEngSvr.exe

    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

    C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

    C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

    C:\Windows\AsScrPro.exe

    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

    C:\Windows\SysWOW64\DllHost.exe

    C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe

    C:\Users\R. Adelerhof\Desktop\zoek.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\SysWOW64\cmd.exe

    ==== Deleting Services ======================

    ==== System Specs ======================

    Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

    Memory (RAM): 8078 MB

    CPU Info: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz

    CPU Speed: 2517,3 MHz

    Sound Card: Speakers (Realtek High Definiti |

    Realtek Digital Output (Realtek |

    Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | NVIDIA GeForce GT 630M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

    Monitors: 1x; Generic PnP Monitor |

    Screen Resolution: 1920 X 1080 - 32 bit

    Network: Network Present

    Network Adapters: Microsoft Virtual WiFi Miniport Adapter #2 | Microsoft Virtual WiFi Miniport Adapter | Intel(R) Centrino(R) Wireless-N 2230 | Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20) | Bluetooth Device (Personal Area Network)

    CD / DVD Drives: 1x (E: | ) E: SlimtypeDVD A DS8A8SH

    Ports: COM5 | COM7 | COM4 | COM6 | COM3 LPT Port NOT Present.

    Mouse: 16 Button Wheel Mouse Present

    Hard Disks: C: 198,2GB | D: 906,2GB | G: 931,5GB

    Hard Disks - Free: C: 116,0GB | D: 533,6GB | G: 404,8GB

    Manufacturer *: American Megatrends Inc.

    BIOS Info: AT/AT COMPATIBLE | 05/23/12 | _ASUS_ - 1072009

    Time Zone: West-Europa (standaardtijd)

    Motherboard *: ASUSTeK COMPUTER INC. N76VM

    Country: Nederland

    Language: NLD

    ==== System Specs (Software) ======================

    Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated)

    Anti-Spyware: Windows Defender disabled (Outdated)

    Anti-Spyware: Norton Internet Security disabled (Outdated)

    Firewall: Norton Internet Security disabled

    Internet Explorer Version: 11.0.9600.16518

    Mozilla Firefox version: 27.0.1 (x86 nl)

    Adobe Reader version: 11.0.06.70

    Flash Player version: 12.0.0.70

    ==== Files Recently Created / Modified ======================

    ====== C:\Windows ====

    ====== C:\Users\RF0C2~1.ADE\AppData\Local\Temp ====

    2014-03-08 16:01:17 9EB54EABFB8B9FA02BFC48AF3A9FD020 41984 —-a-w- C:\Users\RF0C2~1.ADE\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_fw2vd.dll

    2014-03-08 16:01:17 9EB54EABFB8B9FA02BFC48AF3A9FD020 41984 —-a-w- C:\Users\R. Adelerhof\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_fw2vd.dll

    ====== Java Cache =====

    ====== C:\Windows\SysWOW64 =====

    ====== C:\Windows\SysWOW64\drivers =====

    ====== C:\Windows\Sysnative =====

    ====== C:\Windows\Sysnative\drivers =====

    ====== C:\Windows\Tasks ======

    ====== C:\Windows\Temp ======

    ======= C:\Program Files =====

    ======= C:\PROGRA~2 =====

    2014-03-08 16:04:34 ——– d—–w- C:\PROGRA~2\trend micro

    2014-03-08 15:07:33 ——– d—–w- C:\PROGRA~2\ESET

    ======= C: =====

    ====== C:\Users\R. Adelerhof\AppData\Roaming ======

    2014-02-14 15:27:34 ——– d—–w- C:\Users\RF0C2~1.ADE\AppData\Roaming\DropboxMaster

    2014-02-14 15:27:34 ——– d—–w- C:\Users\R. Adelerhof\AppData\Roaming\DropboxMaster

    2014-02-14 15:27:21 ——– d—–w- C:\Users\RF0C2~1.ADE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

    2014-02-14 15:27:21 ——– d—–w- C:\Users\R. Adelerhof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

    2014-02-14 15:27:01 ——– d—–w- C:\Users\RF0C2~1.ADE\AppData\Roaming\Dropbox

    2014-02-14 15:27:01 ——– d—–w- C:\Users\R. Adelerhof\AppData\Roaming\Dropbox

    ====== C:\Users\R. Adelerhof ======

    2014-02-14 15:28:01 ——– d—–r- C:\Users\RF0C2~1.ADE\Dropbox

    2014-02-14 15:28:01 ——– d—–r- C:\Users\R. Adelerhof\Dropbox

    ====== C: exe-files ==

    2014-03-08 16:04:35 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files (x86)\trend micro\R. Adelerhof.exe

    2014-03-08 15:08:56 CE0D0B11986FD2C0247AE88A59B36A6E 579904 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

    2014-03-08 15:08:56 BDB7D97012F9B3102DB72AA76A24942A 546944 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

    2014-03-08 15:08:56 7C9EEC809FB9CDA26EFC245C001EA980 2347384 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

    2014-03-08 15:08:56 7ABF8849E76732C357F419B1AF5668F2 546944 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe

    2014-03-08 15:08:56 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

    2014-03-04 12:02:16 EECFBDDD04D6DFB192FE2BAF53FFE118 27680 —-a-w- C:\Program Files\ArgewebBackup\ServiceStopper.exe

    2014-03-04 12:02:16 DDA88837937F829DB3FEFBFEF8C0687E 1408032 —-a-w- C:\Program Files\ArgewebBackup\OnlineBackupClient.exe

    2014-03-04 12:02:16 CDDA8BAEC3397C9F1CE13B09CD0C37E3 64544 —-a-w- C:\Program Files\ArgewebBackup\OnlineBackupService.exe

    2014-03-04 12:02:15 03D5CBA8268BDA168848FF01E203855A 285728 —-a-w- C:\Program Files\ArgewebBackup\CloudBackup.Console.exe

    2014-03-04 08:13:19 2C744057D99D30AD79117B0B58464770 370760 —-a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00005882\updatus.17975231_RUNASUSER.exe

    === C: other files ==

    2014-03-04 12:02:16 D13CB38C1DB93FC72033768D04B94814 85 —-a-w- C:\Program Files\ArgewebBackup\WinService_Install.bat

    2014-03-04 12:02:16 C79AFBAC3F1D8C2C17EE795423B0A566 496 —-a-w- C:\Program Files\ArgewebBackup\WinService_Uninstall.bat

    ==== Startup Registry Enabled ======================

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “ASUSPRP”=“C:\Program Files (x86)\ASUS\APRP\APRP.EXE”

    “ASUSWebStorage”=“C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S”

    “USB3MON”=“C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe”

    “ATKOSD2”=“C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe”

    “ATKMEDIA”=“C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe”

    “HControlUser”=“C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe”

    “ASUS InstantKey”=“C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe”

    “Wireless Console 3”=“C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe”

    “RemoteControl10”=“C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe”

    “UpdatePSTShortCut”=“C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Cyberlink\DVD Suite UpdateWithCreateOnce Software\CyberLink\PowerStarter”

    “BCSSync”=“C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices”

    “TkBellExe”=“C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe -osboot”

    “Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    “AppInit_DLLs”=“ C:\\Windows\\SysWOW64\\nvinit.dll”

    ==== Startup Registry Enabled x64 ======================

    “IgfxTray”=“C:\Windows\system32\igfxtray.exe”

    “HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”

    “RtHDVBg”=“C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 ”

    “BLEServicesCtrl”=“C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe”

    “BTMTrayAgent”=“rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp”

    “AmIcoSinglun64”=“C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe”

    “ETDCtrl”=“%ProgramFiles%\Elantech\ETDCtrl.exe ”

    “AppInit_DLLs”=“ C:\\Windows\\SysWOW64\\nvinit.dll C:\\Windows\\SysWOW64\\nvinit.dll,C:\\Windows\\system32\\nvinitx.dll”

    ==== Startup Registry Disabled x64 ======================

    “command”=“C:\\Program Files (x86)\\ASUS\\Splendid\\ACMON.exe”

    “hkey”=“HKLM”

    “item”=“ACMON”

    “key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”

    “command”=“\”C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\“”

    “hkey”=“HKLM”

    “item”=“Adobe Reader Speed Launcher”

    “key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”

    “command”=“C:\\Windows\\AsScrPro.exe”

    “hkey”=“HKLM”

    “item”=“ASUS Screen Saver Protector”

    “key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”

    “command”=“\”C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\“”

    “hkey”=“HKLM”

    “item”=“CLMLServer”

    “key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”

    “command”=“C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s”

    “hkey”=“HKLM”

    “item”=“RTHDVCPL”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“Dropbox”

    “path”=“C:\\Users\\R. Adelerhof\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk”

    “backup”=“C:\\Windows\\pss\\Dropbox.lnk.Startup”

    “backupExtension”=“.Startup”

    “command”=“C:\\Users\\RF0C2~1.ADE\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe”

    ==== Startup Folders ======================

    2014-02-19 13:31:37 1065 —-a-w- C:\Users\R. Adelerhof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

    2014-03-03 13:46:43 1302 —-a-w- C:\Users\R. Adelerhof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

    2014-02-19 13:31:37 1065 —-a-w- C:\Users\RF0C2~1.ADE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

    2014-03-03 13:46:43 1302 —-a-w- C:\Users\RF0C2~1.ADE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

    2012-02-24 02:50:52 2062 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job –a——

    C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job –a—— C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe

    ==== Other Scheduled Tasks ======================

    “C:\Windows\SysNative\tasks\4Team updater”

    “C:\Windows\SysNative\tasks\Adobe Flash Player Updater”

    “C:\Windows\SysNative\tasks\ASUS Live Update”

    “C:\Windows\SysNative\tasks\ASUS P4G”

    “C:\Windows\SysNative\tasks\ASUS Quick Gesture”

    “C:\Windows\SysNative\tasks\ASUS Quick Gesture (x64)”

    “C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor”

    “C:\Windows\SysNative\tasks\ASUS USB Charger Plus”

    “C:\Windows\SysNative\tasks\ATKOSD2”

    “C:\Windows\SysNative\tasks\CCleanerSkipUAC”

    “C:\Windows\SysNative\tasks\CreateChoiceProcessTask”

    “C:\Windows\SysNative\tasks\DeviceDetector”

    “C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d”

    “C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon”

    “C:\Windows\SysNative\tasks\Norton WSC Integration”

    “C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3085899422-3526582053-2542983109-1001”

    “C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3085899422-3526582053-2542983109-1001”

    “C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3085899422-3526582053-2542983109-1001”

    “C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3085899422-3526582053-2542983109-1001”

    “C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3085899422-3526582053-2542983109-1001”

    “C:\Windows\SysNative\tasks\SidebarExecute”

    “C:\Windows\SysNative\tasks\User_Feed_Synchronization-{72EEAF20-EAE3-4992-80A1-48B0BFD70261}”

    “C:\Windows\SysNative\tasks\{182146CF-EA83-4BE9-A6F9-02722294562C}”

    “C:\Windows\SysNative\tasks\{233FF460-1F07-4BAE-B6F9-C0EA14035AB6}”

    “C:\Windows\SysNative\tasks\{23D0B590-D599-4077-97AB-E3921214939C}”

    “C:\Windows\SysNative\tasks\{2E84014D-1418-4507-8ED4-B00C19C43379}”

    “C:\Windows\SysNative\tasks\{410854BA-2A3A-420B-9C71-570E72DA0784}”

    “C:\Windows\SysNative\tasks\{4912F5E4-A75B-4275-B5F7-1E84E7B84933}”

    “C:\Windows\SysNative\tasks\{6F9CAABE-D315-4AA3-A1EC-A80F66B4DFE3}”

    “C:\Windows\SysNative\tasks\{8882AB83-EAB3-4F23-895B-FA0093EC1C3B}”

    “C:\Windows\SysNative\tasks\{8A95D8A6-EE2D-4F79-8F84-809D98805F0D}”

    “C:\Windows\SysNative\tasks\{8D7E82B6-9724-4709-A885-98FC41112896}”

    “C:\Windows\SysNative\tasks\{93B7C62F-685C-4375-9427-0C6FD30687CC}”

    “C:\Windows\SysNative\tasks\{98AE72B5-C153-4250-9A46-01480FC781C9}”

    “C:\Windows\SysNative\tasks\{B2CE391C-84BA-4D7A-A473-B0384DA80445}”

    “C:\Windows\SysNative\tasks\{D9534966-C615-40FF-B1C9-765E72F1F810}”

    “C:\Windows\SysNative\tasks\{DA9A8E03-F444-49E6-8C32-7346EEBF67CF}”

    “C:\Windows\SysNative\tasks\{DB88E81A-6052-4A11-AC51-2FD31D74953D}”

    “C:\Windows\SysNative\tasks\{DE2524CA-8994-44C1-8E6C-2B5DA65E3856}”

    “C:\Windows\SysNative\tasks\{EDFC3F20-46CA-4EA3-9176-B31AD7695127}”

    “C:\Windows\SysNative\tasks\{F8567E27-5B33-4149-A257-DBB06025E3FD}”

    “C:\Windows\SysNative\tasks\{FDAC3EEE-02E5-43DC-A0DA-882CAC7ABF25}”

    “C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer”

    “C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor”

    “C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask”

    ==== Folders in C:\PROGRA~3 0-6 Months Old ======================

    2013-12-30 13:14:18 ——– dc-h–w- C:\PROGRA~3\{34CB5522-9D78-4A04-AFBF-49AECC57C33E}

    ==== Firefox Extensions Registry ======================

    “{BBDA0591-3099-440a-AA10-41764D9DB4DB}”=“C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF”

    ==== Firefox Extensions ======================

    ProfilePath: C:\Users\RF0C2~1.ADE\AppData\Roaming\Mozilla\Firefox\Profiles\dusbzwjy.default

    - Fastest Facebook - %ProfilePath%\extensions\{288479BE-1B9E-11E2-80EA-F3246188709B}.xpi

    AppDir: C:\Program Files (x86)\Mozilla Firefox

    - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ==== Firefox Plugins ======================

    Profilepath: C:\Users\R. Adelerhof\AppData\Roaming\Mozilla\Firefox\Profiles\dusbzwjy.default

    D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash

    FEF9ECECFA177AEC0F7564A08394D2C8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)

    0ABF093757E9C827E30EC652868E5FAC - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)

    06E140A567B8DC7900173197FD059EE5 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)

    558270B968CB82196CB8D045D13B0FF6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin

    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

    idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

    mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx

    ==== Set IE to Default ======================

    Old Values:

    “Start Page”=“http://antivirus.startpagina.nl/prikbord/”

    No DefaultScope Set For HKCU

    New Values:

    “Start Page”=“http://antivirus.startpagina.nl/prikbord/”

    “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”

    {4013E288-A676-4E64-84AC-BD02F8907908} Vinden.nl Url=“http://www.vinden.nl/?refer=opensearch&q={searchTerms}”

    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”

    {9F1E6B77-8689-4784-A4FB-FDFA0DB933C9} Bing Url=“http://www.bing.com/search?q={searchTerms}&r=893”

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully

    ==== HijackThis Entries ======================

    F2 - REG:system.ini: UserInit=userinit.exe,

    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll

    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll

    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll

    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll

    O4 - HKLM\..\Run: “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe”

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\Cyberlink\DVD Suite” UpdateWithCreateOnce “Software\CyberLink\PowerStarter”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe” /DelayServices

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe” -osboot

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-21-3085899422-3526582053-2542983109-1000\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)

    O4 - HKUS\S-1-5-21-3085899422-3526582053-2542983109-1000\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)

    O4 - Startup: Dropbox.lnk = R. Adelerhof\AppData\Roaming\Dropbox\bin\Dropbox.exe

    O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

    O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

    O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe

    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

    O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

    O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

    O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

    O23 - Service: GoodSync Server (GsServer) - Unknown owner - C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

    O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    O23 - Service: OnlineBackupService - CloudBackup - C:\Program Files\ArgewebBackup\OnlineBackupService.exe

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    ==== Empty IE Cache ======================

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\R. Adelerhof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\R. Adelerhof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Users\RF0C2~1.ADE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\RF0C2~1.ADE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    No FireFox Cache found

    ==== Empty Chrome Cache ======================

    No Chrome User Data found

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    No Java Cache Found

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=0 folders=0 0 bytes)

    ==== Empty Temp Folders ======================

    C:\Users\Default\AppData\Local\Temp emptied successfully

    C:\Users\Default User\AppData\Local\Temp emptied successfully

    C:\Users\R. Adelerhof\AppData\Local\Temp will be emptied at reboot

    C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully

    C:\Users\RF0C2~1.ADE\AppData\Local\Temp will be emptied at reboot

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

    C:\Windows\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\Windows\Temp successfully emptied

    C:\Users\RF0C2~1.ADE\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== EOF on za 08-03-2014 at 18:59:02,61 ======================

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.