Probleem laptop

lg

10-08-2014 13:11

Na het regelmatig krijgen van een blauwscherm wat een hardware matige fout aangaf en hoop ik dat het verholpen is(toetsenbord probleem)
Toch even verder kijken of er iets software matig iets fout zit hierbij de logfiles.
info.txt logfile of random's system information tool 1.10 2014-08-10 12:50:17
======MBR======
0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000964E66C3000000000200EEFFFFFF01000000AFEA422500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{4FB08FB7-CAB9-49A8-B7E9-1B4C45849F4D}” “1043” “0”
–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{A17A768F-9C36-4A5B-A21E-E520F6C3D6BB}” “1043” “0”
Adobe Flash Player 14 ActiveX–>C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe -maintain activex
Adobe Flash Player 14 Plugin–>C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe -maintain plugin
Adobe Reader X (10.1.10) MUI–>MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001}
AMD APP SDK Runtime–>MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Catalyst Install Manager–>msiexec /q/x{4572399F-5B78-3C50-7281-4AB6248FC1F0} REBOOT=ReallySuppress
AMD Media Foundation Decoders–>MsiExec.exe /X{6B724485-AC7C-856B-357E-DC7E4AEE6491}
AMD Steady Video Plug-In –>MsiExec.exe /X{5E015E15-F7AD-3379-523F-AD63C0CB9E71}
ASUS AI Recovery–>MsiExec.exe /I{D39F0676-163E-4595-A917-E28F99BBD4D2}
ASUS FaceLogon–>MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS LifeFrame3–>MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update–>MsiExec.exe /X{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}
ASUS Power4Gear Hybrid–>MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}
ASUS Splendid Video Enhancement Technology–>MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS USB Charger Plus–>MsiExec.exe /X{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}
ASUS Virtual Camera–>MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
ASUS Virtual Touch–>MsiExec.exe /I{938CFBD4-0652-49E5-BB8B-153948865941}
ASUS WebStorage–>C:\Program Files (x86)\ASUS\ASUS WebStorage\uninst.exe
AsusVibe2.0–>C:\Program Files (x86)\Asus\AsusVibe\unins000.exe
ATK Package–>MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}
Bundled software uninstaller–>“C:\Users\danique\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe” /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name “Bundled software uninstaller”
Canon MG6200 series MP Drivers–>“C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series\DelDrv64.exe” /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series /L0x0013
CCleaner–>“C:\Program Files\CCleaner\uninst.exe”
CyberLink LabelPrint–>“C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe” /z-uninstall
CyberLink LabelPrint–>“C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe” /z-uninstall
CyberLink Media Suite–>“C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe” /z-uninstall
CyberLink Media Suite–>“C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe” /z-uninstall
CyberLink Power2Go–>“C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe” /z-uninstall
CyberLink Power2Go–>“C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe” /z-uninstall
D3DX10–>MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite–>C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Deadtime Stories–>“C:\Program Files (x86)\Asus\Game Park\Deadtime Stories\Uninstall.exe” “C:\Program Files (x86)\Asus\Game Park\Deadtime Stories\install.log”
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{F2CE207D-C146-4BFD-A1C2-219483C58819}” “1043” “0”
ETDWare PS/2-X64 10.0.5.4_WHQL–>%ProgramFiles%\Elantech\ETDUn_inst.exe
Galeria de Fotografias do Windows Live–>MsiExec.exe /X{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}
Galería fotográfica de Windows Live–>MsiExec.exe /X{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}
Galerie de photos Windows Live–>MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710}
inSSIDer Home–>MsiExec.exe /X{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}
InstantOn for NB–>MsiExec.exe /I{749F674B-2674-47E8-879C-5626A06B2A91}
Java 7 Update 51–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217040FF}
Junk Mail filter update–>MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Malwarebytes Anti-Malware versie 2.0.2.1012–>“C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe”
Mesh Runtime–>MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 4.5.1–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.1–>MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}
Microsoft Office Access MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0015-0413-1000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0016-0413-1000-0000000FF1CE}
Microsoft Office Groove MUI (Dutch) 2010–>MsiExec.exe /X{90140000-00BA-0413-1000-0000000FF1CE}
Microsoft Office InfoPath MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0044-0413-1000-0000000FF1CE}
Microsoft Office Office 32-bit Components 2010–>MsiExec.exe /X{90140000-0043-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Dutch) 2010–>MsiExec.exe /X{90140000-00A1-0413-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2010–>MsiExec.exe /X{90140000-001A-0413-1000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0018-0413-1000-0000000FF1CE}
Microsoft Office Professional Plus 2010–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe” /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010–>MsiExec.exe /X{90140000-0011-0000-1000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2010–>MsiExec.exe /X{90140000-001F-0413-1000-0000000FF1CE}
Microsoft Office Proof (English) 2010–>MsiExec.exe /X{90140000-001F-0409-1000-0000000FF1CE}
Microsoft Office Proof (French) 2010–>MsiExec.exe /X{90140000-001F-040C-1000-0000000FF1CE}
Microsoft Office Proof (German) 2010–>MsiExec.exe /X{90140000-001F-0407-1000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2010–>MsiExec.exe /X{90140000-002C-0413-1000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0019-0413-1000-0000000FF1CE}
Microsoft Office Shared 32-bit MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0043-0413-1000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2010–>MsiExec.exe /X{90140000-006E-0413-1000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2010–>MsiExec.exe /X{90140000-001B-0413-1000-0000000FF1CE}
Microsoft Security Client–>MsiExec.exe /X{BFAE8D5B-F918-486F-B74E-90762DF11C5C}
Microsoft Security Essentials–>“C:\Program Files\Microsoft Security Client\Setup.exe” /x
Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition –>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable (x64)–>MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}
Microsoft Visual C++ 2005 Redistributable (x64)–>MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17–>MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161–>MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17–>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161–>MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319–>MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319–>MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Mozilla Firefox 28.0 (x86 nl)–>“C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe”
Mozilla Maintenance Service–>“C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe”
MSVCRT_amd64–>MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT–>MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
Pando Media Booster–>C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe
Raccolta foto di Windows Live–>MsiExec.exe /X{ED16B700-D91F-44B0-867C-7EB5253CA38D}
Ralink RT2860 Wireless LAN Card–>C:\Program Files (x86)\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek Ethernet Controller Driver–>C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver–>RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe” -removeonly
SceneSwitch–>MsiExec.exe /I{5172E572-C175-4F80-A6D5-5CB45826AD61}
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {BD0F9F7E-62B2-3971-9E2E-B87B832CE89D}
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {513BC47F-0560-33C2-A029-C5387642233A}
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)–>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {599EC629-2679-30CE-B28B-7432EF5FC126}
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{8E99BFFF-3DFD-4FEF-AF09-FB6BFA486BBE}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-006E-0413-1000-0000000FF1CE}” “{0603FCBC-6AAD-42CE-BF3C-B41ADDCE864E}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{A2F2E3C4-887C-4A3B-B73A-576984420D12}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0413-1000-0000000FF1CE}” “{2182D10B-62FD-47BB-8313-1DF9C4454275}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2767915) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{B9176414-4545-4ECF-B3D2-043A5471B8AF}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{43ADD46C-BD44-49BB-AB04-E1A42F2DD7AB}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{8A1AE697-FB15-4C7D-A002-E2F0B1BEE737}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{DEE523DB-C590-45D3-B658-73F93062D7B3}” “1043” “0”
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{C7B639A9-54A9-4B30-87AA-45BD4F06E1A6}” “1043” “0”
Security Update for Microsoft Word 2010 (KB2863926) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{752042E1-CEE6-4326-8967-732A94B3702D}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{A3364707-2F53-4C83-8F68-C9877A9080C7}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0015-0413-1000-0000000FF1CE}” “{C17E141C-267D-4A15-A903-1AD09D8B0D62}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0016-0413-1000-0000000FF1CE}” “{C17E141C-267D-4A15-A903-1AD09D8B0D62}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0018-0413-1000-0000000FF1CE}” “{C17E141C-267D-4A15-A903-1AD09D8B0D62}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0019-0413-1000-0000000FF1CE}” “{C17E141C-267D-4A15-A903-1AD09D8B0D62}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001A-0413-1000-0000000FF1CE}” “{C17E141C-267D-4A15-A903-1AD09D8B0D62}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001B-0413-1000-0000000FF1CE}” “{C17E141C-267D-4A15-A903-1AD09D8B0D62}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0407-1000-0000000FF1CE}” “{EE3A99C9-FD8F-4923-9F82-27365DA4B873}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0409-1000-0000000FF1CE}” “{C814F7D9-CE9D-45AA-BA7C-88BDD0E1EB7C}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-040C-1000-0000000FF1CE}” “{77A8B979-11B0-4774-8003-574EE8A4BC22}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0413-1000-0000000FF1CE}” “{C281A20E-A7DE-4950-8656-13E31F2DF194}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-002C-0413-1000-0000000FF1CE}” “{8601DE11-B4B1-47B6-BA5F-C98AF303A1DD}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{F3FAAB68-7697-4B1F-A23A-72312565AEAB}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0413-1000-0000000FF1CE}” “{040AFD12-179F-4557-8412-017A830C60A3}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0044-0413-1000-0000000FF1CE}” “{C17E141C-267D-4A15-A903-1AD09D8B0D62}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-006E-0413-1000-0000000FF1CE}” “{B063C2D2-FD29-44E9-A6EF-19BA4B62381B}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-00A1-0413-1000-0000000FF1CE}” “{C17E141C-267D-4A15-A903-1AD09D8B0D62}” “1043” “0”
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-00BA-0413-1000-0000000FF1CE}” “{C17E141C-267D-4A15-A903-1AD09D8B0D62}” “1043” “0”
Skype™ 6.11–>MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}” “1043” “0”
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{84B191B5-5319-463A-A305-8C4D53B1D20A}” “1043” “0”
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}” “1043” “0”
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}” “1043” “0”
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{79C725A1-3964-421C-A528-78C1C083C7C7}” “1043” “0”
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}” “1043” “0”
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}” “1043” “0”
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{EBD18DE5-BC84-4B57-9A30-097044871F9A}” “1043” “0”
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{4AD36582-256B-433D-8593-F31773A15CA4}” “1043” “0”
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{4AD36582-256B-433D-8593-F31773A15CA4}” “1043” “0”
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{F216169C-2B40-429B-8370-B5BA06EC5423}” “1043” “0”
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{F216169C-2B40-429B-8370-B5BA06EC5423}” “1043” “0”
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{B6AD7E27-012A-4B63-82BA-AF62893E5435}” “1043” “0”
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{07DC9C6C-E916-4F42-8677-716930ED0393}” “1043” “0”
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}” “1043” “0”
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}” “1043” “0”
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0044-0413-1000-0000000FF1CE}” “{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}” “1043” “0”
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{8A6BDA63-4D23-4485-A466-8979E10BCF49}” “1043” “0”
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{8A6BDA63-4D23-4485-A466-8979E10BCF49}” “1043” “0”
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0407-1000-0000000FF1CE}” “{8F699D53-05FB-488E-B7D3-E4E47257BE5D}” “1043” “0”
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-0409-1000-0000000FF1CE}” “{324703B5-6765-489D-9B9B-B082D34F882E}” “1043” “0”
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001F-040C-1000-0000000FF1CE}” “{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}” “1043” “0”
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{3029C408-1DD1-4273-8E58-87CB1B638FC8}” “1043” “0”
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{3029C408-1DD1-4273-8E58-87CB1B638FC8}” “1043” “0”
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{DDDC32A5-9528-4771-B91A-97A8E1D7957B}” “1043” “0”
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-001A-0413-1000-0000000FF1CE}” “{EE4DE155-B0C7-4B85-BB95-95503FB4D750}” “1043” “0”
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{A20A650C-F820-4CE4-AEA5-EC140192FAFB}” “1043” “0”
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0018-0413-1000-0000000FF1CE}” “{918B0EB8-2684-4471-8F9A-D44C4A9AFC72}” “1043” “0”
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}” “1043” “0”
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0043-0000-1000-0000000FF1CE}” “{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}” “1043” “0”
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{F6F342A1-530B-4D48-A468-1E3F70928984}” “1043” “0”
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe” /removereleaseinpatch “{90140000-0011-0000-1000-0000000FF1CE}” “{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}” “1043” “0”
Windows Live Communications Platform–>MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials–>C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials–>MsiExec.exe /I{17F99FCE-8F03-4439-860A-25C5A5434E18}
Windows Live Essentials–>MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073}
Windows Live Essentials–>MsiExec.exe /I{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}
Windows Live Essentials–>MsiExec.exe /I{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}
Windows Live Essentials–>MsiExec.exe /I{ABD534B7-E951-470E-92C2-CD5AF1735726}
Windows Live Essentials–>MsiExec.exe /I{B618C3BF-5142-4630-81DD-F96864F97C7E}
Windows Live Essentials–>MsiExec.exe /I{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}
Windows Live Essentials–>MsiExec.exe /I{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}
Windows Live Essentials–>MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Family Safety–>MsiExec.exe /I{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}
Windows Live Family Safety–>MsiExec.exe /I{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}
Windows Live Family Safety–>MsiExec.exe /I{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}
Windows Live Family Safety–>MsiExec.exe /I{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}
Windows Live Family Safety–>MsiExec.exe /I{3E776E7A-F4C3-4A89-8EAD-535E722C8397}
Windows Live Family Safety–>MsiExec.exe /I{53375A2B-FE08-42B6-8EB8-16818CD27B2C}
Windows Live Family Safety–>MsiExec.exe /I{63919769-655A-48A8-AD6C-39B471F683ED}
Windows Live Family Safety–>MsiExec.exe /I{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}
Windows Live Family Safety–>MsiExec.exe /I{B36055BF-5F0E-4EAB-804D-9203DFB34ADC}
Windows Live Family Safety–>MsiExec.exe /I{E01819BD-709F-43A1-9600-6F5E4C584C37}
Windows Live Family Safety–>MsiExec.exe /I{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}
Windows Live Family Safety–>MsiExec.exe /I{F11009B0-F4DB-463B-B717-5266E47498AA}
Windows Live Family Safety–>MsiExec.exe /X{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}
Windows Live Fotogalerie–>MsiExec.exe /X{B113D18C-67B0-4FB7-B329-E89B66194AE6}
Windows Live ID Sign-in Assistant–>MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer–>MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector–>MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65}
Windows Live Mail–>MsiExec.exe /I{0D261C88-454B-46FE-B43B-640E621BDA11}
Windows Live Mail–>MsiExec.exe /I{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}
Windows Live Mail–>MsiExec.exe /I{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}
Windows Live Mail–>MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail–>MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
Windows Live Mail–>MsiExec.exe /I{A0B91308-6666-4249-8FF6-1E11AFD75FE1}
Windows Live Mail–>MsiExec.exe /I{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}
Windows Live Mail–>MsiExec.exe /I{B1239994-A850-44E2-BED8-E70A21124E16}
Windows Live Mail–>MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mail–>MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C}
Windows Live Mail–>MsiExec.exe /I{DBAA2B17-D596-4195-A169-BA2166B0D69B}
Windows Live Mesh ActiveX Control for Remote Connections–>MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh–>MsiExec.exe /I{039480EE-6933-4845-88B8-77FD0C3D059D}
Windows Live Mesh–>MsiExec.exe /I{2C865FB0-051E-4D22-AC62-428E035AEAF0}
Windows Live Mesh–>MsiExec.exe /I{3F4143A1-9C21-4011-8679-3BC1014C6886}
Windows Live Mesh–>MsiExec.exe /I{46872828-6453-4138-BE1C-CE35FBF67978}
Windows Live Mesh–>MsiExec.exe /I{7496FD31-E5CB-4AE4-82D3-31099558BF6A}
Windows Live Mesh–>MsiExec.exe /I{78DAE910-CA72-450E-AD22-772CB1A00678}
Windows Live Mesh–>MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
Windows Live Mesh–>MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh–>MsiExec.exe /I{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}
Windows Live Mesh–>MsiExec.exe /I{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}
Windows Live Mesh–>MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Mesh–>MsiExec.exe /I{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}
Windows Live Mesh–>MsiExec.exe /I{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}
Windows Live Messenger–>MsiExec.exe /X{062E4D94-8306-46D5-81B6-45E6AD09C799}
Windows Live Messenger–>MsiExec.exe /X{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}
Windows Live Messenger–>MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger–>MsiExec.exe /X{48294D95-EE9A-4377-8213-44FC4265FB27}
Windows Live Messenger–>MsiExec.exe /X{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}
Windows Live Messenger–>MsiExec.exe /X{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}
Windows Live Messenger–>MsiExec.exe /X{8FF3891F-01B5-4A71-BFCD-20761890471C}
Windows Live Messenger–>MsiExec.exe /X{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}
Windows Live Messenger–>MsiExec.exe /X{B2E90616-C50D-4B89-A40D-92377AC669E5}
Windows Live Messenger–>MsiExec.exe /X{BAEE89D5-6E87-4F89-9603-A1C100479181}
Windows Live Messenger–>MsiExec.exe /X{C95A5A77-622F-45CA-9540-84468FCB18B1}
Windows Live Messenger–>MsiExec.exe /X{CBFD061C-4B27-4A89-ADD8-210316EEFA11}
Windows Live Messenger–>MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live MIME IFilter–>MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker–>MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker–>MsiExec.exe /X{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}
Windows Live Movie Maker–>MsiExec.exe /X{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}
Windows Live Movie Maker–>MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
Windows Live Movie Maker–>MsiExec.exe /X{7465A996-0FCA-4D2D-A52C-F833B0829B5B}
Windows Live Movie Maker–>MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker–>MsiExec.exe /X{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}
Windows Live Movie Maker–>MsiExec.exe /X{BF022D76-9F72-4203-B8FA-6522DC66DFDA}
Windows Live Movie Maker–>MsiExec.exe /X{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}
Windows Live Movie Maker–>MsiExec.exe /X{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}
Windows Live Movie Maker–>MsiExec.exe /X{E4E88B54-4777-4659-967A-2EED1E6AFD83}
Windows Live Movie Maker–>MsiExec.exe /X{FF105207-8423-4E13-B0B1-50753170B245}
Windows Live Movie Maker–>MsiExec.exe /X{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}
Windows Live Photo Common–>MsiExec.exe /X{168E7302-890A-4138-9109-A225ACAF7AD1}
Windows Live Photo Common–>MsiExec.exe /X{29373E24-AC72-424E-8F2A-FB0F9436F21F}
Windows Live Photo Common–>MsiExec.exe /X{370F888E-42A7-4911-9E34-7D74632E17EB}
Windows Live Photo Common–>MsiExec.exe /X{4D83F339-5A5C-4B21-8FD3-5D407B981E72}
Windows Live Photo Common–>MsiExec.exe /X{73FC3510-6421-40F7-9503-EDAE4D0CF70D}
Windows Live Photo Common–>MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B}
Windows Live Photo Common–>MsiExec.exe /X{A41A708E-3BE6-4561-855D-44027C1CF0F8}
Windows Live Photo Common–>MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common–>MsiExec.exe /X{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}
Windows Live Photo Common–>MsiExec.exe /X{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}
Windows Live Photo Common–>MsiExec.exe /X{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}
Windows Live Photo Common–>MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70}
Windows Live Photo Common–>MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery–>MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery–>MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live Photo Gallery–>MsiExec.exe /X{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}
Windows Live PIMT Platform–>MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources–>MsiExec.exe /I{692CCE55-9EAE-4F57-A834-092882E7FE0B}
Windows Live Remote Client Resources–>MsiExec.exe /I{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}
Windows Live Remote Client Resources–>MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}
Windows Live Remote Client Resources–>MsiExec.exe /I{8970AE69-40BE-4058-9916-0ACB1B974A3D}
Windows Live Remote Client Resources–>MsiExec.exe /I{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}
Windows Live Remote Client Resources–>MsiExec.exe /I{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}
Windows Live Remote Client Resources–>MsiExec.exe /I{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
Windows Live Remote Client Resources–>MsiExec.exe /I{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}
Windows Live Remote Client Resources–>MsiExec.exe /I{C9F05151-95A9-4B9B-B534-1760E2D014A5}
Windows Live Remote Client Resources–>MsiExec.exe /I{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}
Windows Live Remote Client Resources–>MsiExec.exe /I{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}
Windows Live Remote Client Resources–>MsiExec.exe /I{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}
Windows Live Remote Client–>MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources–>MsiExec.exe /I{0919C44F-F18A-4E3B-A737-03685272CE72}
Windows Live Remote Service Resources–>MsiExec.exe /I{17A4FD95-A507-43F1-BC92-D8572AF8340A}
Windows Live Remote Service Resources–>MsiExec.exe /I{19F09425-3C20-4730-9E2A-FC2E17C9F362}
Windows Live Remote Service Resources–>MsiExec.exe /I{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}
Windows Live Remote Service Resources–>MsiExec.exe /I{5E2CD4FB-4538-4831-8176-05D653C3E6D4}
Windows Live Remote Service Resources–>MsiExec.exe /I{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}
Windows Live Remote Service Resources–>MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}
Windows Live Remote Service Resources–>MsiExec.exe /I{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}
Windows Live Remote Service Resources–>MsiExec.exe /I{A679FBE4-BA2D-4514-8834-030982C8B31A}
Windows Live Remote Service Resources–>MsiExec.exe /I{D930AF5C-5193-4616-887D-B974CEFC4970}
Windows Live Remote Service Resources–>MsiExec.exe /I{EFB20CF5-1A6D-41F3-8895-223346CE6291}
Windows Live Remote Service Resources–>MsiExec.exe /I{FAA3933C-6F0D-4350-B66B-9D7F7031343E}
Windows Live Remote Service–>MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions–>MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE–>MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{128133D3-037A-4C62-B1B7-55666A10587A}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{37B33B16-2535-49E7-8990-32668708A0A3}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{40BFD84C-64CD-42CC-9909-8734C50429C6}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{506FC723-8E6C-4417-9CFF-351F99130425}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{77477AEA-5757-47D8-8B33-939F43D82218}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{D299197D-CDEA-41A6-A363-F532DE4114FD}
Windows Live UX Platform Language Pack–>MsiExec.exe /I{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}
Windows Live UX Platform–>MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources–>MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218}
Windows Live Writer Resources–>MsiExec.exe /X{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}
Windows Live Writer Resources–>MsiExec.exe /X{2511AAD7-82DF-4B97-B0B3-E1B933317010}
Windows Live Writer Resources–>MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194}
Windows Live Writer Resources–>MsiExec.exe /X{6807427D-8D68-4D30-AF5B-0B38F8F948C8}
Windows Live Writer Resources–>MsiExec.exe /X{7FF11E53-C002-4F40-8D68-6BE751E5DD62}
Windows Live Writer Resources–>MsiExec.exe /X{93E464B3-D075-4989-87FD-A828B5C308B1}
Windows Live Writer Resources–>MsiExec.exe /X{C29FC15D-E84B-4EEC-8505-4DED94414C59}
Windows Live Writer Resources–>MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer Resources–>MsiExec.exe /X{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}
Windows Live Writer Resources–>MsiExec.exe /X{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}
Windows Live Writer Resources–>MsiExec.exe /X{F52C5BE7-3F57-464E-8A54-908402E43CE8}
Windows Live Writer–>MsiExec.exe /X{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}
Windows Live Writer–>MsiExec.exe /X{1A82AE99-84D3-486D-BAD6-675982603E14}
Windows Live Writer–>MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F}
Windows Live Writer–>MsiExec.exe /X{48C0DC5E-820A-44F2-890E-29B68EDD3C78}
Windows Live Writer–>MsiExec.exe /X{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}
Windows Live Writer–>MsiExec.exe /X{7E017923-16F8-4E32-94EF-0A150BD196FE}
Windows Live Writer–>MsiExec.exe /X{804DE397-F82C-4867-9085-E0AA539A3294}
Windows Live Writer–>MsiExec.exe /X{859D4022-B76D-40DE-96EF-C90CDA263F44}
Windows Live Writer–>MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer–>MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer–>MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Live Writer–>MsiExec.exe /X{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}
Windows Live Writer–>MsiExec.exe /X{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}
Windows Live Writer–>MsiExec.exe /X{E62E0550-C098-43A2-B54B-03FB1E634483}
Windows Live 影像中心–>MsiExec.exe /X{EEF99142-3357-402C-B298-DEC303E12D92}
Windows Live 程式集–>MsiExec.exe /I{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}
Windows Live–>MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
WinFlash–>MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}
Wireless Console 3–>MsiExec.exe /I{19EA33FB-B34E-40EA-8B8A-61743AEB795A}
Συλλογή φωτογραφιών του Windows Live–>MsiExec.exe /X{C00C2A91-6CB3-483F-80B3-2958E29468F1}
Основные компоненты Windows Live–>MsiExec.exe /I{E83DC314-C926-4214-AD58-147691D6FE9F}
Почта Windows Live–>MsiExec.exe /I{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}
Фотоальбом Windows Live–>MsiExec.exe /X{77F69CA1-E53D-4D77-8BA3-FA07606CC851}
גלריית התמונות של Windows Live–>MsiExec.exe /X{CE929F09-3853-4180-BD90-30764BFF7136}
بريد Windows Live–>MsiExec.exe /I{0A4C4B29-5A9D-4910-A13C-B920D5758744}
معرض صور Windows Live–>MsiExec.exe /X{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}
======System event log======
Computer Name: danique-PC
Event Code: 42
Message: Het systeem wordt in de slaapstand gezet.
Reden: Systeem inactief
Record Number: 31437
Source Name: Microsoft-Windows-Kernel-Power
Time Written: 20130429113159.941888-000
Event Type: Informatie
User:
Computer Name: danique-PC
Event Code: 7036
Message: De WinHTTP Web Proxy Auto-Discovery Service-service heeft nu de status gestopt.
Record Number: 31436
Source Name: Service Control Manager
Time Written: 20130429111732.828976-000
Event Type: Informatie
User:
Computer Name: danique-PC
Event Code: 7036
Message: De Adobe Flash Player Update Service-service heeft nu de status gestopt.
Record Number: 31435
Source Name: Service Control Manager
Time Written: 20130429110200.399750-000
Event Type: Informatie
User:
Computer Name: danique-PC
Event Code: 7036
Message: De Adobe Flash Player Update Service-service heeft nu de status wordt uitgevoerd.
Record Number: 31434
Source Name: Service Control Manager
Time Written: 20130429110200.399750-000
Event Type: Informatie
User:
Computer Name: danique-PC
Event Code: 7036
Message: De WinHTTP Web Proxy Auto-Discovery Service-service heeft nu de status wordt uitgevoerd.
Record Number: 31433
Source Name: Service Control Manager
Time Written: 20130429110102.820050-000
Event Type: Informatie
User:
=====Application event log=====
Computer Name: danique-PC
Event Code: 4625
Message: Het EventSystem-subsysteem onderdrukt gedurende 86400 seconden dubbele vermeldingen in het gebeurtenislogboek. De time-out voor onderdrukking kan worden ingesteld met de REG_DWORD-waarde SuppressDuplicateDuration in de volgende registersleutel: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1980
Source Name: Microsoft-Windows-EventSystem
Time Written: 20121202023709.000000-000
Event Type: Informatie
User:
Computer Name: danique-PC
Event Code: 1532
Message: De User Profile-service is gestopt.
Record Number: 1979
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20121201224509.472648-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEM
Computer Name: WIN-VQP5D441A92
Event Code: 1003
Message: De Windows Search-service is gestart.
Record Number: 1978
Source Name: Microsoft-Windows-Search
Time Written: 20121201224501.000000-000
Event Type: Informatie
User:
Computer Name: WIN-VQP5D441A92
Event Code: 1013
Message: De Windows Search-service is normaal gestopt.
Record Number: 1977
Source Name: Microsoft-Windows-Search
Time Written: 20121201224500.000000-000
Event Type: Informatie
User:
Computer Name: WIN-VQP5D441A92
Event Code: 103
Message: Windows (3584) Windows: De database-engine heeft een nieuwe sessie (0) stopgezet.
Record Number: 1976
Source Name: ESENT
Time Written: 20121201224500.000000-000
Event Type: Informatie
User:
=====Security event log=====
Computer Name: WIN-VQP5D441A92
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: WIN-VQP5D441A92$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x24c
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 4085
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121201224501.641435-000
Event Type: Controle geslaagd
User:
Computer Name: WIN-VQP5D441A92
Event Code: 4738
Message: Er is een gebruikersaccount gewijzigd.
Onderwerp:
Beveiligings-id: S-1-5-21-3042039117-3201469462-578496335-500
Accountnaam: Administrator
Accountdomein: WIN-VQP5D441A92
Aanmeldings-id: 0x28073
Doelaccount:
Beveiligings-id: S-1-5-21-3042039117-3201469462-578496335-500
Accountnaam: Administrator
Accountdomein: WIN-VQP5D441A92
Gewijzigde kenmerken:
SAM-accountnaam: -
Weergavenaam: -
Principal-naam van gebruiker: -
Basismap: -
Basisstation: -
Pad naar script: -
Pad naar profiel: -
Gebruikerswerkstations: -
Wachtwoord voor het laatst ingesteld: -
Account verloopt op: -
Primaire groeps-id: -
Mag overdragen aan: -
Oude UAC-waarde: 0x211
Nieuwe UAC-waarde: 0x211
Gebruikersaccountbeheer: -
Gebruikersparameters: -
SID-geschiedenis: -
Aantal uren aangemeld: -
Aanvullende gegevens:
Bevoegdheden: -
Record Number: 4084
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121201224458.568229-000
Event Type: Controle geslaagd
User:
Computer Name: WIN-VQP5D441A92
Event Code: 4672
Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Bevoegdheden: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 4083
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121201224453.716621-000
Event Type: Controle geslaagd
User:
Computer Name: WIN-VQP5D441A92
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: WIN-VQP5D441A92$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x24c
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 4082
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121201224453.716621-000
Event Type: Controle geslaagd
User:
Computer Name: WIN-VQP5D441A92
Event Code: 1102
Message: Het controlelogboek is gewist.
Onderwerp:
Beveiligings-id: S-1-5-21-3042039117-3201469462-578496335-500
Accountnaam: Administrator
Domeinnaam: WIN-VQP5D441A92
Aanmeldings-id: 0x28073
Record Number: 4081
Source Name: Microsoft-Windows-Eventlog
Time Written: 20121201224452.219018-000
Event Type: Controle geslaagd
User:
======Environment variables======
“ComSpec”=%SystemRoot%\system32\cmd.exe
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“Path”=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
“PROCESSOR_ARCHITECTURE”=AMD64
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“USERNAME”=SYSTEM
“windir”=%SystemRoot%
“PSModulePath”=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
“NUMBER_OF_PROCESSORS”=2
“PROCESSOR_LEVEL”=20
“PROCESSOR_IDENTIFIER”=AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
“PROCESSOR_REVISION”=0200
“configsetroot”=%SystemRoot%\ConfigSetRoot
“AMDAPPSDKROOT”=C:\Program Files (x86)\AMD APP\
LG
Ben

10-08-2014 16:17

Hallo,
Zou je het "Log.txt" willen plaatsen (tu)
lg

10-08-2014 17:01

Logfile of random's system information tool 1.10 (written by random/random)
Run by danique at 2014-08-10 12:50:07
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 75 GB (62%) free of 122 GB
Total RAM: 3695 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:14, on 10-8-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\danique.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnederland.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 11081 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
“C:\Program Files\Microsoft Security Client\MsMpEng.exe”
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
“C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe”
“C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe”
/QuitInfo:00000000000004EC;0000000000000510; /AddRef;
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe” /launchService
“C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe”
“taskhost.exe”
“C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe”
“C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe”
“C:\Windows\system32\Dwm.exe”
taskeng.exe {01DC3EA8-7FC2-4619-9E76-1A1475C90899}
C:\Windows\Explorer.EXE
/QuitInfo:000000000000061C;0000000000000620; /AddRef;
/QuitInfo:00000000000005FC;0000000000000628;
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files\ASUS\P4G\BatteryLife.exe”
“C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe”
“C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe”
taskeng.exe {9F390188-E5B8-4BDA-8776-74D3E8A2899B}
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
“C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe”
“C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe”
“C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe”
WLIDSvcM.exe 2364
/loadhooks /Parent:0000000000000888
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Program Files\Microsoft Security Client\NisSrv.exe”
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
“C:\Program Files\Elantech\ETDCtrl.exe”
“C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe” -s
“C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe”
“C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe”
“C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe”
“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“C:\Program Files (x86)\ASUS\Splendid\ACMON.exe”
“C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
C:\Windows\SysWOW64\ACEngSvr.exe -Embedding
“C:\Program Files\Elantech\ETDCtrlHelper.exe”
“C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe”
C:\Windows\system32\wbem\wmiprvse.exe
ATKOSD.exe
KBFiltr.exe
WDC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\sppsvc.exe
“C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe”
“C:\Windows\system32\wuauclt.exe”
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”
“C:\Program Files\Internet Explorer\iexplore.exe”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:4232 CREDAT:267521 /prefetch:2
“C:\Windows\system32\SearchFilterHost.exe” 0 508 512 520 65536 516
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:4232 CREDAT:3151119 /prefetch:2
“C:\Users\danique\Desktop\RSITx64.exe”
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AutoKMS.job - C:\AutoKMS\AutoKMS.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\danique\AppData\Roaming\Mozilla\Firefox\Profiles\l14dzwwq.default
“Description”=Adobe® Flash® Player 14.0.0.145 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
“Description”=
“Path”=C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
“Description”=Office Authorization plug-in for NPAPI browsers
“Path”=C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
“Description”=Microsoft SharePoint Plug-in for Firefox
“Path”=C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=This plugin detects and launches Pando Media Booster
“Path”=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
“Description”=Adobe® Flash® Player 14.0.0.145 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
“Description”=Office Authorization plug-in for NPAPI browsers
“Path”=C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
======Registry dump======
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Office Document Cache Handler - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
Groove GFS Browser Helper - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Office Document Cache Handler - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
“ETDCtrl”=C:\Program Files\Elantech\ETDCtrl.exe
“MSC”=C:\Program Files\Microsoft Security Client\msseces.exe
“BCSSync”=C:\Program Files\Microsoft Office\Office14\BCSSync.exe
“RTHDVCPL”=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\danique\AppData\Roaming\Dropbox\bin\Dropbox.exe
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“ASUSPRP”=C:\Program Files (x86)\ASUS\APRP\APRP.EXE
“ATKOSD2”=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
“ATKMEDIA”=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
“HControlUser”=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
“Wireless Console 3”=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
“SunJavaUpdateSched”=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
“Adobe Reader Speed Launcher”=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
“ACMON”=C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
“CLMLServer”=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“MSVideo8”=VfWWDM32.dll
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2014-08-10 12:50:07 —-D—- C:\rsit
2014-08-10 12:50:07 —-D—- C:\Program Files\trend micro
2014-08-10 12:08:21 —-A—- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-08-08 12:32:41 —-A—- C:\Windows\ntbtlog.txt
2014-08-08 11:52:27 —-D—- C:\Windows\pss
2014-08-08 10:47:53 —-A—- C:\Windows\system32\drivers\mbamchameleon.sys
2014-08-08 10:47:52 —-D—- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-08 10:47:52 —-A—- C:\Windows\system32\drivers\mwac.sys
======List of files/folders modified in the last 1 month======
2014-08-10 12:50:07 —-RD—- C:\Program Files
2014-08-10 12:49:32 —-D—- C:\Windows\Temp
2014-08-10 12:40:56 —-D—- C:\Windows\system32\config
2014-08-10 12:40:13 —-RD—- C:\Program Files (x86)
2014-08-10 12:40:12 —-D—- C:\Windows\system32\drivers
2014-08-10 12:39:10 —-D—- C:\Windows\de-DE
2014-08-10 12:39:09 —-D—- C:\Users\danique\AppData\Roaming\systweak
2014-08-10 12:01:07 —-SHD—- C:\Windows\Installer
2014-08-10 11:58:59 —-D—- C:\Windows\SysWOW64
2014-08-10 11:50:54 —-D—- C:\ProgramData\Microsoft Help
2014-08-10 11:48:56 —-SHD—- C:\System Volume Information
2014-08-10 11:42:41 —-D—- C:\Windows\system32\NDF
2014-08-10 11:40:19 —-D—- C:\Windows\System32
2014-08-10 11:06:41 —-D—- C:\Windows\Minidump
2014-08-10 11:06:35 —-D—- C:\Windows
2014-08-08 22:14:12 —-D—- C:\Windows\winsxs
2014-08-08 22:14:12 —-D—- C:\Windows\system32\DriverStore
2014-08-08 22:14:12 —-D—- C:\Windows\system32\Dism
2014-08-08 22:14:12 —-D—- C:\Windows\ehome
2014-08-08 22:14:08 —-SD—- C:\Windows\system32\CompatTel
2014-08-08 22:14:08 —-D—- C:\Windows\Tasks
2014-08-08 22:14:08 —-D—- C:\Windows\SYSWOW64\en-US
2014-08-08 22:14:08 —-D—- C:\Windows\SYSWOW64\Dism
2014-08-08 22:14:08 —-D—- C:\Windows\system32\wfp
2014-08-08 22:14:08 —-D—- C:\Windows\system32\nl-NL
2014-08-08 22:14:08 —-D—- C:\Windows\system32\en-US
2014-08-08 22:14:08 —-D—- C:\Windows\system32\catroot2
2014-08-08 22:14:08 —-D—- C:\Program Files\Windows Journal
2014-08-08 22:14:08 —-D—- C:\Program Files\Internet Explorer
2014-08-08 22:14:08 —-D—- C:\Program Files (x86)\Internet Explorer
2014-08-08 22:13:53 —-D—- C:\Windows\system32\drivers\UMDF
2014-08-08 22:13:53 —-D—- C:\Windows\system32\CodeIntegrity
2014-08-08 22:13:52 —-D—- C:\Windows\inf
2014-08-08 22:13:50 —-D—- C:\ProgramData\P4G
2014-08-08 22:13:50 —-D—- C:\Program Files\Microsoft Silverlight
2014-08-08 22:13:42 —-D—- C:\Program Files\Common Files\Microsoft Shared
2014-08-08 22:13:41 —-D—- C:\Program Files (x86)\Microsoft Silverlight
2014-08-08 22:12:43 —-D—- C:\Windows\system32\wbem
2014-08-08 22:12:42 —-D—- C:\Windows\registration
2014-08-08 22:10:57 —-D—- C:\Users\danique\AppData\Roaming\Dropbox
2014-08-08 11:47:50 —-D—- C:\Windows\Prefetch
2014-08-08 11:08:46 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-08-08 10:55:04 —-D—- C:\Windows\system32\catroot
2014-08-08 10:48:33 —-D—- C:\ProgramData\Malwarebytes
2014-08-08 10:44:37 —-D—- C:\Program Files\CCleaner
2014-08-08 10:33:11 —-D—- C:\Users\danique\AppData\Roaming\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R3 AiCharger;ASUS Charger Driver; C:\Windows\system32\DRIVERS\AiCharger.sys
R3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\amdhub30.sys
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys
R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\amdxhc.sys
R3 AsusVBus;AsusVBus; C:\Windows\system32\DRIVERS\AsusVBus.sys
R3 AsusVTouch;AsusVTouch; C:\Windows\system32\DRIVERS\AsusVTouch.sys
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys
S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys
S3 WSDScan;Ondersteuning voor WSD-scan via UMB; C:\Windows\system32\drivers\WSDScan.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
R2 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
—————–EOF—————–
lg

10-08-2014 17:02

Malwarebytes Anti-Malware
www.malwarebytes.org
Scandatum: 10-8-2014
Scantijd: 12:09:33
Logbestand: mam.txt
Beheerder: Ja
Versie: 2.00.2.1012
Malwaredatabase: v2014.08.10.01
Rootkitdatabase: v2014.08.04.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Self-protection: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: danique
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 300817
Verstreken Tijd: 28 m, 7 s
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristics: Ingeschakeld
POP: Waarschuwen
POA: Ingeschakeld
Processen: 1
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe, 1956, Verwijder-bij-Herstart,
Modules: 0
(No malicious items detected)
Registersleutels: 29
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WajamUpdater, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamBHO.1, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamBHO, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamBHO, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamBHO.1, In Quarantaine, ,
PUP.Optional.Wajam.A, HKU\S-1-5-21-3042039117-3201469462-578496335-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKU\S-1-5-21-3042039117-3201469462-578496335-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamDownloader.1, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamDownloader, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamDownloader, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamDownloader.1, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\priam_bho.DLL, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\Wajam, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\priam_bho.DLL, In Quarantaine, ,
PUP.Optional.Wajam.A, HKU\S-1-5-21-3042039117-3201469462-578496335-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, In Quarantaine, ,
PUP.Optional.Qone8, HKU\S-1-5-21-3042039117-3201469462-578496335-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantaine, ,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Wajam, In Quarantaine, ,
Registerwaardes: 4
PUP.Optional.NextLive.A, HKU\S-1-5-21-3042039117-3201469462-578496335-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NextLive, C:\Windows\SysWOW64\rundll32.exe “C:\Users\danique\AppData\Roaming\newnext.me\nengine.dll”,EntryPoint -m l, In Quarantaine,
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WAJAM|red, 4, In Quarantaine,
PUP.Optional.Wajam.A, HKU\S-1-5-21-3042039117-3201469462-578496335-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}, C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi, In Quarantaine,
PUP.Optional.Wajam.A, HKU\S-1-5-21-3042039117-3201469462-578496335-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 5927, In Quarantaine,
Registerdata: 2
PUP.Optional.V9.A, HKU\S-1-5-21-3042039117-3201469462-578496335-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.v9.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=HitachiXHTS545032A7E380_TE9B123QKSURJXKSURJXX&ts=1354471472, Goed: (www.google.com), Slecht: (http://www.v9.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=HitachiXHTS545032A7E380_TE9B123QKSURJXKSURJXX&ts=1354471472),Vervangen,
PUP.Optional.V9.A, HKU\S-1-5-21-3042039117-3201469462-578496335-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=HitachiXHTS545032A7E380_TE9B123QKSURJXKSURJXX&ts=1354471472, Goed: (www.google.com), Slecht: (http://www.v9.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=HitachiXHTS545032A7E380_TE9B123QKSURJXKSURJXX&ts=1354471472),Vervangen,
Mappen: 8
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, Verwijder-bij-Herstart, ,
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Firefox, In Quarantaine, ,
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\IE, In Quarantaine, ,
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Updater, Verwijder-bij-Herstart, ,
PUP.Optional.Wajam.A, C:\Users\danique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam, In Quarantaine, ,
PUP.Optional.NextLive.A, C:\Users\danique\AppData\Roaming\newnext.me, In Quarantaine, ,
PUP.Optional.NextLive.A, C:\Users\danique\AppData\Roaming\newnext.me\cache, In Quarantaine, ,
PUP.Optional.SystemSpeedup, C:\Users\danique\AppData\Roaming\systweak\ssd, In Quarantaine, ,
Bestanden: 26
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe, Verwijder-bij-Herstart, ,
PUP.Optional.NextLive.A, C:\Users\danique\AppData\Roaming\newnext.me\nengine.dll, In Quarantaine, ,
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\IE\priam_bho.dll, In Quarantaine, ,
PUP.Optional.FirseriaInstaller, C:\$Recycle.Bin\S-1-5-21-3042039117-3201469462-578496335-1001\$RBDEQOE.exe, In Quarantaine, ,
PUP.Optional.FirseriaInstaller, C:\$Recycle.Bin\S-1-5-21-3042039117-3201469462-578496335-1001\$RU9YPL7.exe, In Quarantaine, ,
PUP.Optional.Wajam.A, C:\Users\danique\AppData\Local\Temp\wajam_download.exe, In Quarantaine, ,
PUP.Optional.Somoto.A, C:\Users\danique\AppData\Local\Temp\nsn1144.tmp, In Quarantaine, ,
PUP.Optional.RegCleanerPro, C:\Users\danique\AppData\Local\Temp\RegClean7.exe, In Quarantaine, ,
PUP.Optional.Somoto, C:\Users\danique\AppData\Local\Temp\bitool.dll, In Quarantaine, ,
PUP.Optional.PricePeep.A, C:\Users\danique\AppData\Local\Temp\pricepeep_130001_0101.exe, In Quarantaine, ,
PUP.Optional.Wajam.A, C:\Users\danique\AppData\Local\Temp\WajamC.exe, In Quarantaine, ,
PUP.Optional.Bizzybolt.A, C:\Users\danique\AppData\Local\Temp\n1057\Bizzybolt_2511-5ea0573c.exe, In Quarantaine, ,
PUP.Optional.Amonetize, C:\Users\danique\AppData\Local\Temp\n1057\Launcher.exe, In Quarantaine, ,
PUP.Optional.RegCleanerPro, C:\Users\danique\AppData\Local\Temp\n1057\RegClean_1612-230a802f.exe, In Quarantaine, ,
PUP.Optional.Somoto.A, C:\Users\danique\AppData\Local\Bundled software uninstaller\bi_client.exe, In Quarantaine, ,
PUP.Optional.NextLive.A, C:\Users\danique\AppData\Local\genienext\nengine.dll, In Quarantaine, ,
PUP.Optional.V9.A, C:\Users\danique\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\V9.lnk, In Quarantaine, ,
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\uninstall.exe, In Quarantaine, ,
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi, In Quarantaine, ,
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\IE\favicon.ico, In Quarantaine, ,
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp, In Quarantaine, ,
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Updater\update.exe, In Quarantaine, ,
PUP.Optional.Wajam.A, C:\Users\danique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\uninstall.lnk, In Quarantaine, ,
PUP.Optional.NextLive.A, C:\Users\danique\AppData\Roaming\newnext.me\nengine.cookie, In Quarantaine, ,
PUP.Optional.NextLive.A, C:\Users\danique\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantaine, ,
PUP.Optional.SystemSpeedup, C:\Users\danique\AppData\Roaming\systweak\ssd\SSDPTstub.exe, In Quarantaine, ,
Fysieke Sectoren: 0
(No malicious items detected)
(end)
Ben

10-08-2014 17:12

Hallo,
Je zou bij het adviseren voor gratis virusscanners beter de mensen de volgende scanners kunnen gaan aanbevelen:
AVG Free
Avira Free
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
torpigcheck;
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064};c
{B164E929-A1B6-4A06-B104-2CD0E90A88FF};c
{5513F07E-936B-4E52-9B00-067394E91CC5};c
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
lg

10-08-2014 18:31

Zoals gevraagd:
Zoek.exe v5.0.0.0 Updated 09-August-2014
Tool run by danique on zo 10-08-2014 at 17:27:20,39.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\danique\Desktop\zoek.exe
==== System Restore Info ======================
10-8-2014 17:30:46 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Empty Folders Check ======================
C:\PROGRA~3\Asus deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Systweak deleted successfully
C:\Users\danique\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\danique\AppData\Local\Bundled software uninstaller deleted successfully
C:\Users\danique\AppData\Local\cache deleted successfully
C:\Users\danique\AppData\Local\genienext deleted successfully
C:\Users\danique\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3042039117-3201469462-578496335-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully
HKEY_USERS\S-1-5-21-3042039117-3201469462-578496335-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E72AEE38-3066-4EDA-8327-2B1069A0A945} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3042039117-3201469462-578496335-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully
==== Running Processes ======================
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\danique\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\danique\AppData\Roaming\Mozilla\Firefox\Profiles\l14dzwwq.default
—- Lines wajam modified from prefs.js —-
user_pref(“extensions.installCache”, "
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“ASUSPRP”=“C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
“ATKOSD2”=“C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe”
“ATKMEDIA”=“C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe”
“HControlUser”=“C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe”
“Wireless Console 3”=“C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe”
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“Adobe Reader Speed Launcher”=“C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe”
“ACMON”=“C:\Program Files (x86)\ASUS\Splendid\ACMON.exe”
“CLMLServer”=“C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
==== Startup Registry Enabled x64 ======================
“MSC”=“C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“BCSSync”=“C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices”
“RTHDVCPL”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s”
“ETDCtrl”=“%ProgramFiles%\Elantech\ETDCtrl.exe ”
==== Startup Registry Disabled x64 ======================
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“ASUSWebStorage”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\ASUS\\ASUS WebStorage\\3.0.108.222\\AsusWSPanel.exe /S”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“DAEMON Tools Lite”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\“ -autorun”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Skype”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\“ /minimized /regrun”
“item”=“Dropbox”
“path”=“C:\\Users\\danique\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk”
“backup”=“C:\\Windows\\pss\\Dropbox.lnk.Startup”
“backupExtension”=“.Startup”
“command”=“C:\\Users\\danique\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe”
==== Startup Folders ======================
2012-02-24 02:50:52 2062 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AutoKMS.job –a—— C:\AutoKMS\AutoKMS.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\ASUS Live Update”
“C:\Windows\SysNative\tasks\ASUS P4G”
“C:\Windows\SysNative\tasks\ASUS Quick Gesture”
“C:\Windows\SysNative\tasks\ASUS Quick Gesture (x64)”
“C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor”
“C:\Windows\SysNative\tasks\ASUS USB Charger Plus”
“C:\Windows\SysNative\tasks\ATKOSD2”
“C:\Windows\SysNative\tasks\AutoKMS”
“C:\Windows\SysNative\tasks\CCleanerSkipUAC”
“C:\Windows\SysNative\tasks\CreateChoiceProcessTask”
“C:\Windows\SysNative\tasks\RunGadgetController”
“C:\Windows\SysNative\tasks\SidebarExecute”
“C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask”
==== Folders in C:\PROGRA~3 0-6 Months Old ======================
No folders found aged 0-6 months
==== Firefox Extensions Registry ======================
“{D19CA586-DD6C-4a0a-96F8-14644F340D60}”=“C:\Program Files (x86)\Common Files\McAfee\SystemCore”
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
Google Drive - danique\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - danique\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - danique\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - danique\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Gmail - danique\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\danique\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.startnederland.nl/”
“Default_Page_URL”=“http://www.google.com”
“Tabs”=“http://www.google.com”
“Tabs”=“http://www.google.com”
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
New Values:
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Start Page”=“http://www.startnederland.nl/”
“Tabs”=“res://ieframe.dll/tabswelcome.htm”
“Tabs”=“res://ieframe.dll/tabswelcome.htm”
“DefaultScope”=“{012E1000-F331-11DB-8314-0800200C9A66}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url=“http://www.google.com/search?q={searchTerms}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{D19CA586-DD6C-4a0a-96F8-14644F340D60} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\danique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\danique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\danique\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1276 folders=123 94926081 bytes)
==== Empty Temp Folders ======================
C:\Users\danique\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\danique\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on zo 10-08-2014 at 18:25:54,85 ======================
Ben

10-08-2014 18:38

Hallo,
Download AdwCleaner by Xplode naar het bureaublad.
* Sluit alle openstaande vensters.
* Dubbelklik op AdwCleaner om hem te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,
* Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Klik vervolgens op Scannen.
* Klik vervolgens op Verwijderen als er items zijn gevonden.
* Klik bij Herstarten Noodzakelijk op OK
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt
Post aansluitend de inhoud van dit log in je volgende bericht.
lg

10-08-2014 19:06

# AdwCleaner v3.304 - Rapport aangemaakt 10/08/2014 op 18:46:55
# Laatste Update 08/08/2014 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : danique - DANIQUE-PC
# Gestart vanuit : C:\Users\danique\Desktop\adwcleaner_3.304.exe
# Optie : Verwijderen
***** *****
***** *****
Bestand Verwijderd : C:\Users\danique\AppData\Roaming\Mozilla\Firefox\Profiles\l14dzwwq.default\user.js
Bestand Verwijderd : C:\Users\danique\AppData\Roaming\Mozilla\Firefox\Profiles\tyo099jr.default\user.js
***** *****
***** *****
***** *****
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Sleutel Verwijderd : HKCU\Software\BI
Sleutel Verwijderd : HKCU\Software\systweak
Sleutel Verwijderd : HKLM\Software\systweak
***** *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v28.0 (nl)
-\\ Google Chrome v
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
lg

10-08-2014 19:06

# AdwCleaner v3.304 - Rapport aangemaakt 10/08/2014 op 18:46:55
# Laatste Update 08/08/2014 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : danique - DANIQUE-PC
# Gestart vanuit : C:\Users\danique\Desktop\adwcleaner_3.304.exe
# Optie : Verwijderen
***** *****
***** *****
Bestand Verwijderd : C:\Users\danique\AppData\Roaming\Mozilla\Firefox\Profiles\l14dzwwq.default\user.js
Bestand Verwijderd : C:\Users\danique\AppData\Roaming\Mozilla\Firefox\Profiles\tyo099jr.default\user.js
***** *****
***** *****
***** *****
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Sleutel Verwijderd : HKCU\Software\BI
Sleutel Verwijderd : HKCU\Software\systweak
Sleutel Verwijderd : HKLM\Software\systweak
***** *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v28.0 (nl)
-\\ Google Chrome v
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
Ben

10-08-2014 19:33

Hallo,
Hoe draait de pc hierna?

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Probleem laptop

lg

Ben

lg

lg

Ben

lg

Ben

lg

lg

Ben