HELP: willekeurige adds en afbeeldingen op webpagina`s

Beste Pc-helpforum experts,

Sinds kort ben ik de niet zo trotse bezitter van een uiterst vervelende stukje ??mallware??

Hierdoor worden er op willekeurige pagina`s vreemde links en afbeeldingen geplaatst.

Zie ook: Screenshot by Lightshot

Ik kan het programma niet vinden op mijn laptop om het zo handmatig te verwijderen en ook pogingen met zowel ccleaner als Malwarebytes hebben mijn probleem niet opgelost.

Kunnen jullie mij hierbij helpen?

Momenteel ben ik bezig met het scannen van mijn computer met RSIT. De log hiervan zal ik plaatsen als deze beschikbaar is.

Klopt het dat dit een (behoorlijke) poosje duurt?

Alvast bedankt en met vriendelijke groet,

ULT

- - - Updated - - -

Het logbericht:

Logfile of random's system information tool 1.10 (written by random/random)

Run by ... at 2014-07-24 19:31:31

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 174 GB (38%) free of 463 GB

Total RAM: 3959 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:42:16, on 24-7-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17207)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Users\Sent\AppData\Local\Skillbrains\lightshot\5.1.2.5\Lightshot.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sent\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\trend micro\Sent.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sent\AppData\Local\Google\Update\GoogleUpdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tm85&r=273612108705l0494z175f4732c306

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid=&mid=695dbe017e3447d68ab059e75b461258-d98f306448806add63d0fe190a41561b0726761c〈=en&ds=AVG&pr=fr&d=&pid=avg&sg=&v=&sap=hp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [LightShot] C:\Users\Sent\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue

O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Sent\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O4 - Startup: Dropbox.lnk = Sent\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Sent\Desktop\PartyPoker.lnk (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Sent\Desktop\PartyPoker.lnk (file missing)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15316 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

C:\PROGRA~2\AVG\AVG10\avgchsva.exe /boot

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

atieclxx

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe"

"C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe"

"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"

"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe"

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"

"C:\Program Files (x86)\AVG\AVG10\avgnsa.exe"

"C:\Program Files (x86)\AVG\AVG10\avgemca.exe"

\??\C:\Windows\system32\conhost.exe "-7648752261330367128729738285-1715373817-214298680114672427231117437236368719366

"C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe"

"taskhost.exe"

taskeng.exe {25AEA237-9B21-473E-8271-5C1C0B4BB8EC}

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe"

"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe"

"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming

"C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

"C:\Users\Sent\AppData\Local\Skillbrains\lightshot\5.1.2.5\Lightshot.exe" Flags: uninsdeletevalue

"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe"

HydraDM64.exe -h:65908 "Maximaliseren tot volledig bureaublad" "Maximaliseren tot volledig venster" "Bureaublad herstellen"

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Windows\system32\wbem\wmiprvse.exe

KHALMNPR.EXE /API

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k

"C:\Program Files (x86)\Launch Manager\LManager.exe"

"C:\Program Files (x86)\AVG\AVG10\avgtray.exe"

"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe"

"C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"

"C:\Program Files (x86)\Launch Manager\LMworker.exe"

"C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe"

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3320.0.720408278\506086384" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,15 --gpu-vendor-id=0x1002 --gpu-device-id=0x68e0 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.251.0.0 --ignored=" --type=renderer " /prefetch:822062411

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="3320.2.1426387055\1743604735" /prefetch:673131151

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="3320.3.1313072876\1488695553" /prefetch:673131151

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="3320.8.470199640\1279445624" /prefetch:673131151

"C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe"

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3320.12.910617015\2039116907" --ppapi-flash-args=enable_hw_video_decode=1 --lang=nl --ignored=" --type=renderer " /prefetch:-632637702

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="3320.14.1943854006\1297779339" /prefetch:673131151

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="3320.16.2097005109\600137550" /prefetch:673131151

C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

"C:\Users\Sent\AppData\Roaming\Dropbox\bin\Dropbox.exe" /firstrunupdate 1 /TAGS:@FULL-{D28A0FFE-22B5-4AFB-8FB8-7C091BC818AB}

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe /pipeName=e1922475-8c36-4808-9e99-8c11a020966a /coreSdkOptions=30 /logConfFile="C:\ProgramData\AVG10\temp\db16fd25-1851-4964-9419-0e29e533dc41-17f4-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG10\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg10" /tempPath="C:\ProgramData\AVG10\temp\"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\35.0.1916.153\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

WicaInventory.exe /devices /output "C:\Windows\TEMP\CompatTelemetryLogs\WICA_Devices_SENT-PC.xml" /filterdevices "C:\Windows\TEMP\CompatTelemetryLogs\WicaDeviceFilters.xml" /log "C:\Windows\TEMP\CompatTelemetryLogs" "C:\Windows\system32\CompatTel"

\??\C:\Windows\system32\conhost.exe "-16554445561859615794766776764-828135819894795015630862942541093400872462419

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="3320.21.242983675\1553544048" /prefetch:673131151

C:\Windows\servicing\TrustedInstaller.exe

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="3320.25.1341335579\391389001" /prefetch:673131151

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="3320.27.1332830490\1506068763" /prefetch:673131151

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="3320.28.575761774\597286249" /prefetch:673131151

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="3320.30.1435995384\1639290558" /prefetch:673131151

"C:\Users\Sent\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="3320.32.1774572366\538453554" /prefetch:673131151

taskeng.exe {1EF0B709-0658-4F77-90E3-449ADF794BB3}

C:\Users\Sent\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

C:\Windows\System32\svchost.exe -k WerSvcGroup

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1656333082-1529687371-2864326458-1001Core.job - C:\Users\Sent\AppData\Local\Google\Update\GoogleUpdate.exe /c

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1656333082-1529687371-2864326458-1001UA.job - C:\Users\Sent\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

C:\Windows\tasks\ParetoLogic Registration3.job - C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns

C:\Windows\tasks\ParetoLogic Update Version3.job - c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe

C:\Windows\tasks\ParetoLogic Update Version3_triggeronce.job - c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe

C:\Windows\tasks\RegCure Pro Startup.job - C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe

C:\Windows\tasks\RegCure Pro_sch_1C1ACAD3-FDFB-11E3-A01A-88AE1DA2FBAB.job - C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe /schedule:"1C1ACAD3-FDFB-11E3-A01A-88AE1DA2FBAB"

C:\Windows\tasks\ROC_REG_JAN_DELETE.job - C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1

C:\Windows\tasks\update-S-1-5-21-1656333082-1529687371-2864326458-1001.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate

C:\Windows\tasks\update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate

=========Mozilla firefox=========

ProfilePath - C:\Users\Sent\AppData\Roaming\Mozilla\Firefox\Profiles\iac8prmh.default

prefs.js - "browser.startup.homepage" - "http://isearch.avg.com/?cid=&mid=695dbe017e3447d68ab059e75b461258-d98f306448806add63d0fe190a41561b0726761c〈=en&ds=AVG&pr=fr&d=&pid=avg&sg=&v=&sap=hp"

prefs.js - "extensions.enabledItems" - "{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1423, {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27, check4change-owner@mozdev.org:1.9.3, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13, {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.6.602.171 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@gamersfirst.com/LiveLauncher]

"Description"=GamersFirst LIVE! Web Launcher

"Path"=C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]

"Description"=This plugin detects and launches Pando Media Booster

"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]

"Description"=WildTangent Games App Presence Detector Plugin

"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.6.602.171 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\

browser.xpt

browserdirprovider.dll

brwsrcmp.dll

components.list

FeedConverter.js

FeedProcessor.js

FeedWriter.js

fuelApplication.js

GPSDGeolocationProvider.js

jsconsole-clhandler.js

NetworkGeolocationProvider.js

nsAddonRepository.js

nsBadCertHandler.js

nsBlocklistService.js

nsBrowserContentHandler.js

nsBrowserGlue.js

nsContentDispatchChooser.js

nsContentPrefService.js

nsDefaultCLH.js

nsDownloadManagerUI.js

nsExtensionManager.js

nsFormAutoComplete.js

nsHandlerService.js

nsHelperAppDlg.js

nsINIProcessor.js

nsLivemarkService.js

nsLoginInfo.js

nsLoginManager.js

nsLoginManagerPrompter.js

nsMicrosummaryService.js

nsPlacesAutoComplete.js

nsPlacesDBFlush.js

nsPlacesTransactionsService.js

nsPrivateBrowsingService.js

nsProxyAutoConfig.js

nsSafebrowsingApplication.js

nsSearchService.js

nsSearchSuggestions.js

nsSessionStartup.js

nsSessionStore.js

nsSetDefaultBrowser.js

nsSidebar.js

nsTaggingService.js

nsTryToClose.js

nsUpdateService.js

nsUpdateServiceStub.js

nsUpdateTimerManager.js

nsUrlClassifierLib.js

nsUrlClassifierListManager.js

nsURLFormatter.js

nsWebHandlerApp.js

pluginGlue.js

storage-Legacy.js

storage-mozStorage.js

txEXSLTRegExFunctions.js

WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\

npdeployJava1.dll

npnul32.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

bolcom-nl.xml

google.xml

marktplaats-nl.xml

vandale-nl.xml

wikipedia-nl.xml

yahoo-nl.xml

C:\Users\Sent\AppData\Roaming\Mozilla\Firefox\Profiles\iac8prmh.default\extensions\

check4change-owner@mozdev.org

staged

{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

C:\Users\Sent\AppData\Roaming\Mozilla\Firefox\Profiles\iac8prmh.default\searchplugins\

avg-secure-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll [2011-09-09 3561824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]

MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssie.dll [2011-09-09 2276704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Aanmelden - Help - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-12-10 1890088]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-12-29 9913376]

"Acer ePower Management"=C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2010-03-17 860704]

"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-10-29 1680976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LightShot"=C:\Users\Sent\AppData\Local\Skillbrains\lightshot\Lightshot.exe [2014-03-06 226592]

"HydraVisionDesktopManager"=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2014-01-31 389120]

"Google Update"=C:\Users\Sent\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-05 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]

C:\PROGRA~2\GAMERS~1\LIVE!\Live.exe [2011-08-16 2589808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoWebCamera.exe.lnk]

C:\PROGRA~2\VIDEOW~1\VIDEOW~1.EXE [2010-05-18 4867400]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2009-12-24 284696]

"BackupManagerTray"=C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [2010-03-09 258560]

"NortonOnlineBackupReminder"=C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [2009-07-25 588648]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]

"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-04-08 908368]

"AVG_TRAY"=C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2012-08-01 2345592]

"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

"PlusService"=C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [2011-09-20 801792]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

"AdobeCS5.5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-12-06 766208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

C:\Users\Sent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\Sent\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-10-28 66640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files (x86)\xchat\xchat.exe"="C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

======File associations======

.js - edit -

.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 month======

2014-07-24 19:41:33 ----A---- C:\Windows\SYSWOW64\SBRC.dat

2014-07-24 19:31:33 ----D---- C:\Program Files\trend micro

2014-07-24 19:31:31 ----D---- C:\rsit

2014-07-10 23:38:37 ----A---- C:\Windows\system32\aepdu.dll

2014-07-10 23:38:37 ----A---- C:\Windows\system32\aeinv.dll

2014-07-10 23:38:30 ----A---- C:\Windows\SYSWOW64\osk.exe

2014-07-10 23:38:30 ----A---- C:\Windows\system32\win32k.sys

2014-07-10 23:38:30 ----A---- C:\Windows\system32\osk.exe

2014-07-10 23:38:27 ----A---- C:\Windows\SYSWOW64\qedit.dll

2014-07-10 23:38:27 ----A---- C:\Windows\system32\qedit.dll

2014-07-10 23:38:27 ----A---- C:\Windows\system32\drivers\afd.sys

2014-07-10 23:38:22 ----A---- C:\Windows\SYSWOW64\wdigest.dll

2014-07-10 23:38:22 ----A---- C:\Windows\SYSWOW64\TSpkg.dll

2014-07-10 23:38:22 ----A---- C:\Windows\SYSWOW64\schannel.dll

2014-07-10 23:38:22 ----A---- C:\Windows\SYSWOW64\ncrypt.dll

2014-07-10 23:38:22 ----A---- C:\Windows\SYSWOW64\msv1_0.dll

2014-07-10 23:38:22 ----A---- C:\Windows\SYSWOW64\kerberos.dll

2014-07-10 23:38:22 ----A---- C:\Windows\SYSWOW64\credssp.dll

2014-07-10 23:38:22 ----A---- C:\Windows\system32\wdigest.dll

2014-07-10 23:38:22 ----A---- C:\Windows\system32\TSpkg.dll

2014-07-10 23:38:22 ----A---- C:\Windows\system32\schannel.dll

2014-07-10 23:38:22 ----A---- C:\Windows\system32\ncrypt.dll

2014-07-10 23:38:22 ----A---- C:\Windows\system32\msv1_0.dll

2014-07-10 23:38:22 ----A---- C:\Windows\system32\kerberos.dll

2014-07-10 23:38:22 ----A---- C:\Windows\system32\credssp.dll

2014-07-10 23:38:19 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2014-07-10 23:38:19 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll

2014-07-10 23:38:19 ----A---- C:\Windows\system32\iernonce.dll

2014-07-10 23:38:18 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2014-07-10 23:38:18 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2014-07-10 23:38:18 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll

2014-07-10 23:38:18 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll

2014-07-10 23:38:18 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2014-07-10 23:38:18 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll

2014-07-10 23:38:18 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-10 23:38:18 ----A---- C:\Windows\system32\ieetwproxystub.dll

2014-07-10 23:38:18 ----A---- C:\Windows\system32\iedkcs32.dll

2014-07-10 23:38:17 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2014-07-10 23:38:16 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2014-07-10 23:38:16 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2014-07-10 23:38:16 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2014-07-10 23:38:16 ----A---- C:\Windows\system32\urlmon.dll

2014-07-10 23:38:16 ----A---- C:\Windows\system32\ieetwcollectorres.dll

2014-07-10 23:38:15 ----A---- C:\Windows\SYSWOW64\ieui.dll

2014-07-10 23:38:15 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2014-07-10 23:38:15 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll

2014-07-10 23:38:15 ----A---- C:\Windows\SYSWOW64\dxtrans.dll

2014-07-10 23:38:15 ----A---- C:\Windows\system32\msfeeds.dll

2014-07-10 23:38:15 ----A---- C:\Windows\system32\iesetup.dll

2014-07-10 23:38:15 ----A---- C:\Windows\system32\ieetwcollector.exe

2014-07-10 23:38:15 ----A---- C:\Windows\system32\ie4uinit.exe

2014-07-10 23:38:15 ----A---- C:\Windows\system32\dxtmsft.dll

2014-07-10 23:38:14 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll

2014-07-10 23:38:14 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2014-07-10 23:38:14 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2014-07-10 23:38:14 ----A---- C:\Windows\system32\iertutil.dll

2014-07-10 23:38:13 ----A---- C:\Windows\SYSWOW64\wininet.dll

2014-07-10 23:38:13 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2014-07-10 23:38:13 ----A---- C:\Windows\SYSWOW64\msrating.dll

2014-07-10 23:38:13 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll

2014-07-10 23:38:13 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll

2014-07-10 23:38:13 ----A---- C:\Windows\system32\jsproxy.dll

2014-07-10 23:38:13 ----A---- C:\Windows\system32\dxtrans.dll

2014-07-10 23:38:12 ----A---- C:\Windows\system32\mshtmlmedia.dll

2014-07-10 23:38:12 ----A---- C:\Windows\system32\mshtmled.dll

2014-07-10 23:38:12 ----A---- C:\Windows\system32\ieUnatt.exe

2014-07-10 23:38:12 ----A---- C:\Windows\system32\ieui.dll

2014-07-10 23:38:12 ----A---- C:\Windows\system32\ieframe.dll

2014-07-10 23:38:11 ----A---- C:\Windows\system32\wininet.dll

2014-07-10 23:38:11 ----A---- C:\Windows\system32\vbscript.dll

2014-07-10 23:38:11 ----A---- C:\Windows\system32\jscript9diag.dll

2014-07-10 23:38:11 ----A---- C:\Windows\system32\jscript9.dll

2014-07-10 23:38:11 ----A---- C:\Windows\system32\ieapfltr.dll

2014-07-10 23:38:10 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-10 23:38:10 ----A---- C:\Windows\system32\msrating.dll

2014-07-10 23:38:10 ----A---- C:\Windows\system32\MshtmlDac.dll

2014-07-10 23:38:10 ----A---- C:\Windows\system32\mshtml.dll

2014-07-10 23:37:38 ----A---- C:\Windows\system32\lsasrv.dll

2014-07-10 23:37:37 ----A---- C:\Windows\SYSWOW64\sspicli.dll

2014-07-10 23:37:37 ----A---- C:\Windows\SYSWOW64\secur32.dll

2014-07-01 16:54:25 ----A---- C:\Windows\system32\MRT.exe

2014-06-27 13:00:12 ----D---- C:\Users\Sent\AppData\Roaming\DriverCure

2014-06-27 13:00:11 ----D---- C:\Users\Sent\AppData\Roaming\ParetoLogic

2014-06-27 12:59:55 ----D---- C:\ProgramData\ParetoLogic

2014-06-27 12:59:55 ----D---- C:\Program Files (x86)\ParetoLogic

======List of files/folders modified in the last 1 month======

2014-07-24 19:41:33 ----D---- C:\Windows\SysWOW64

2014-07-24 19:41:24 ----D---- C:\Windows\system32\config

2014-07-24 19:38:02 ----D---- C:\Windows\Prefetch

2014-07-24 19:31:33 ----RD---- C:\Program Files

2014-07-24 19:28:32 ----D---- C:\Users\Sent\AppData\Roaming\Dropbox

2014-07-24 19:28:12 ----D---- C:\Windows\Temp

2014-07-24 19:27:51 ----D---- C:\Windows\system32\drivers\AVG

2014-07-24 19:27:40 ----A---- C:\Windows\wininit.ini

2014-07-24 19:26:29 ----SHD---- C:\System Volume Information

2014-07-24 19:23:15 ----A---- C:\Windows\SYSWOW64\log.txt

2014-07-21 21:19:06 ----D---- C:\Windows\SYSWOW64\drivers

2014-07-21 21:19:03 ----D---- C:\Windows\system32\drivers

2014-07-21 21:19:00 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-21 19:09:11 ----D---- C:\Windows\winsxs

2014-07-21 19:08:51 ----D---- C:\Windows\inf

2014-07-21 19:05:10 ----D---- C:\Program Files\Windows Journal

2014-07-21 19:05:09 ----SD---- C:\Windows\system32\CompatTel

2014-07-21 19:05:08 ----D---- C:\Windows\System32

2014-07-21 19:05:07 ----D---- C:\Windows\SYSWOW64\Dism

2014-07-21 19:05:05 ----D---- C:\Windows\system32\Dism

2014-07-21 19:05:01 ----D---- C:\Windows\ehome

2014-07-21 19:04:57 ----D---- C:\Windows\system32\nl-NL

2014-07-21 19:04:56 ----D---- C:\Program Files\Internet Explorer

2014-07-21 19:04:54 ----D---- C:\Windows\SYSWOW64\en-US

2014-07-21 19:04:51 ----D---- C:\Windows\system32\en-US

2014-07-21 19:04:48 ----D---- C:\Program Files (x86)\Internet Explorer

2014-07-12 22:10:33 ----SHD---- C:\Windows\Installer

2014-07-12 22:10:27 ----SHD---- C:\Config.Msi

2014-07-12 22:10:26 ----D---- C:\ProgramData\Microsoft Help

2014-07-12 22:05:56 ----D---- C:\Windows\system32\MRT

2014-07-10 23:37:25 ----D---- C:\Windows\system32\catroot

2014-07-10 23:37:24 ----D---- C:\Windows\system32\catroot2

2014-07-06 18:56:42 ----D---- C:\Windows\rescache

2014-07-04 19:39:55 ----SD---- C:\Users\Sent\AppData\Roaming\Microsoft

2014-07-03 17:22:58 ----D---- C:\Users\Sent\AppData\Roaming\mIRC

2014-07-01 16:54:28 ----D---- C:\Windows\debug

2014-07-01 15:45:15 ----D---- C:\Users\Sent\AppData\Roaming\TeamViewer

2014-06-27 16:46:02 ----D---- C:\Program Files (x86)\Full Tilt Poker.Eu

2014-06-27 15:51:39 ----D---- C:\Windows

2014-06-27 15:47:18 ----D---- C:\ProgramData\6b23133c43fb9f6

2014-06-27 15:47:17 ----D---- C:\Windows\Downloaded Program Files

2014-06-27 15:47:00 ----D---- C:\Program Files (x86)

2014-06-27 15:03:43 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-06-27 15:01:45 ----D---- C:\Windows\Tasks

2014-06-27 15:01:45 ----D---- C:\Windows\system32\Tasks

2014-06-27 14:54:36 ----D---- C:\Program Files\McAfee Security Scan

2014-06-27 14:44:08 ----D---- C:\Windows\system32\wfp

2014-06-27 14:44:07 ----D---- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-06-27 14:44:03 ----D---- C:\Windows\system32\wbem

2014-06-27 14:42:09 ----D---- C:\Windows\SYSWOW64\wbem

2014-06-27 14:42:09 ----D---- C:\Windows\SYSWOW64\nl-NL

2014-06-27 14:42:09 ----D---- C:\Windows\PolicyDefinitions

2014-06-27 14:41:14 ----D---- C:\Windows\system32\NDF

2014-06-27 14:41:13 ----D---- C:\Windows\system32\DriverStore

2014-06-27 14:41:13 ----D---- C:\Windows\system32\drivers\etc

2014-06-27 14:41:13 ----D---- C:\Windows\system32\CodeIntegrity

2014-06-27 14:41:08 ----D---- C:\Windows\pss

2014-06-27 14:41:07 ----RSD---- C:\Windows\Fonts

2014-06-27 14:40:57 ----D---- C:\Windows\AppCompat

2014-06-27 14:40:42 ----D---- C:\ProgramData\Symantec

2014-06-27 14:40:41 ----D---- C:\ProgramData\McAfee Security Scan

2014-06-27 14:40:40 ----D---- C:\Program Files\PB Accessory Store

2014-06-27 14:40:39 ----D---- C:\Program Files\Common Files\Microsoft Shared

2014-06-27 14:40:39 ----D---- C:\Program Files\CCleaner

2014-06-27 14:40:32 ----D---- C:\Program Files (x86)\Common Files

2014-06-27 14:40:30 ----D---- C:\Program Files (x86)\Google

2014-06-27 14:40:25 ----D---- C:\Program Files\Google

2014-06-27 14:39:24 ----D---- C:\Windows\registration

2014-06-27 14:36:23 ----D---- C:\Windows\system32\wdi

2014-06-27 14:35:21 ----D---- C:\Windows\NAPP_Dism_Log

2014-06-27 14:35:19 ----D---- C:\Windows\Microsoft.NET

2014-06-27 14:35:07 ----RSD---- C:\Windows\assembly

2014-06-27 14:34:25 ----D---- C:\Users\Sent\AppData\Roaming\MaxCoin

2014-06-27 14:34:25 ----D---- C:\Users\Sent\AppData\Roaming\Macromedia

2014-06-27 14:34:25 ----D---- C:\Users\Sent\AppData\Roaming\Ducats

2014-06-27 14:34:03 ----HD---- C:\ProgramData

2014-06-27 14:33:58 ----D---- C:\ProgramData\Malwarebytes

2014-06-27 14:33:58 ----D---- C:\ProgramData\Google

2014-06-27 14:33:44 ----D---- C:\Program Files (x86)\TeamViewer

2014-06-27 14:33:41 ----D---- C:\Program Files (x86)\MathType

2014-06-27 14:33:34 ----HD---- C:\OEM

2014-06-27 14:26:35 ----D---- C:\Windows\SoftwareDistribution

2014-06-27 13:13:00 ----D---- C:\Users\Sent\AppData\Roaming\BitTorrent

2014-06-27 13:13:00 ----D---- C:\ProgramData\Partner

2014-06-27 13:12:59 ----D---- C:\Windows\Panther

2014-06-27 13:12:59 ----D---- C:\Windows\Minidump

2014-06-27 13:12:59 ----D---- C:\Users\Sent\AppData\Roaming\Dogecoin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]

R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-12-17 538136]

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2012-11-12 312160]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]

R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-19 283200]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-12-06 13207552]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-12-06 626176]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-04-07 2216960]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-12-19 94720]

R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]

R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]

R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-12-29 2231584]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-03-21 321064]

R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-06 18432]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-12-10 301104]

R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-06 16896]

S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []

S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []

S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-08-24 63568]

S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-08-24 57936]

S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2010-08-24 41040]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-04-19 245280]

S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-12-02 213280]

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-12-06 239616]

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]

R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]

R2 ePowerSvc;Acer ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-03-17 866336]

R2 GREGService;GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-03-18 268824]

R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-03-09 250368]

R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]

R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

R2 Updater Service;Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-29 243232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-12-05 867080]

S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-19 111616]

S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-10-28 357456]

S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 289256]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]

S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S3 TurboBoost;TurboBoost; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe [2010-10-18 20549]

S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe [2010-12-24 8133120]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-08 1255736]

S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

24 juli 2014 aangepast door ULT

Dag ULT,

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie).

• 
  
• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

 
{0E8A89AD-95D7-40EB-8D9D-083EF7066A01};c
C:\Program Files\McAfee Security Scan;fs
McComponentHostService;s
C:\Program Files (x86)\ParetoLogic;fs
C:\Windows\tasks\ParetoLogic*;f
C:\Program Files (x86)\Common Files\ParetoLogic;fs
C:\Windows\tasks\RegCure Pro*;f
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk;f
C:\Users\Sent\AppData\Roaming\DriverCure;fs
C:\Users\Sent\AppData\Roaming\ParetoLogic;fs
C:\ProgramData\ParetoLogic;fs
C:\ProgramData\McAfee Security Scan;fs
esgiguard;fs
C:\Program Files\Enigma Software Group;fs
autoclean;
emptyfolderscheck;delete 
emptyclsid; 
startupall; 
filesrcm;

• 
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

• Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Beste Jion,

Hartelijk bedankt. Ik ben nu al van de vervelende adds af.

Het logbericht ziet er als volgt uit:

Zoek.exe v5.0.0.0 Updated 24-07-2014

Tool run by Sent on do 24-07-2014 at 21:27:54,72.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Sent\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

24-7-2014 21:30:53 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully

C:\Program Files\Google deleted successfully

C:\Users\Sent\AppData\Local\CrashDumps deleted successfully

C:\Users\Sent\AppData\Local\CutePDF Writer deleted successfully

C:\Users\Sent\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1656333082-1529687371-2864326458-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully

HKEY_USERS\S-1-5-21-1656333082-1529687371-2864326458-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\McComponentHostService deleted successfully

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\ParetoLogic not found

C:\Program Files (x86)\Common Files\ParetoLogic not found

C:\Users\Sent\AppData\Roaming\DriverCure not found

C:\Users\Sent\AppData\Roaming\ParetoLogic not found

C:\ProgramData\ParetoLogic not found

C:\ProgramData\McAfee Security Scan deleted

C:\Program Files\Enigma Software Group deleted

C:\PROGRA~3\boost_interprocess deleted

C:\PROGRA~3\AVG January 2013 Campaign deleted

C:\PROGRA~3\InstallMate deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Sent\AppData\Local\cache deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted

C:\Users\Sent\Searches deleted

C:\Windows\wininit.ini deleted

C:\Windows\tasks\ParetoLogic Update Version3_triggeronce.job deleted

C:\Windows\tasks\ROC_REG_JAN_DELETE.job deleted

C:\windows\SysNative\tasks\ROC_REG_JAN_DELETE deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

C:\Windows\SysWow64\AI_RecycleBin deleted

C:\Users\Sent\AppData\Roaming\Mozilla\Firefox\Profiles\iac8prmh.default\extensions\staged deleted

C:\Users\Sent\Desktop\Continue Ccleaner.lnk deleted

C:\Users\Sent\AppData\Local\TempFullTiltPokerEuSetup.exe deleted

"C:\Windows\tasks\RegCure Pro Startup.job" deleted

"C:\Windows\tasks\RegCure Pro_sch_1C1ACAD3-FDFB-11E3-A01A-88AE1DA2FBAB.job" deleted

"C:\Windows\Installer\1012d93.msi" deleted

"C:\PROGRA~3\6b23133c43fb9f6\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted

"C:\PROGRA~3\6b23133c43fb9f6\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted

"C:\PROGRA~3\6b23133c43fb9f6\{CA41BB14-E67B-1653-C57B-5CA99418A866}" deleted

"C:\PROGRA~3\6b23133c43fb9f6\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted

"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe" deleted

"C:\PROGRA~3\6b23133c43fb9f6" deleted

"C:\Program Files\McAfee Security Scan" not deleted

"C:\Program Files\McAfee Security Scan\3.8.150" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Sent\AppData\Local\Temp ====

2014-07-24 18:30:13 D8BE96BC224FB9A6034A01156A527271 43008 ----a-w- C:\Users\Sent\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl0p7eu.dll

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2014-07-24 18:22:46 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll

2014-07-24 17:41:33 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\SysWOW64\SBRC.dat

2014-07-10 21:38:30 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe

2014-07-10 21:38:27 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll

2014-07-10 21:38:22 F95E1E9D97D25C11F29CA34C843A6F4D 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll

2014-07-10 21:38:22 E3ECF5FFE3DEDF61DC6877B6A99ACBBF 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll

2014-07-10 21:38:22 C71CC796F0E2E9BD542C87532706FCFE 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll

2014-07-10 21:38:22 C61DDFE40204F3BE3DF111981D91560E 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll

2014-07-10 21:38:22 8BA721F76C97A219599E88722AA48875 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll

2014-07-10 21:38:22 6CB2616152ADCDF39F05B08E4858F476 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll

2014-07-10 21:38:22 1A0BE0092646F564FAF204E678AF8E03 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll

2014-07-10 21:38:19 67EA1BB7F6428A10C64D5A732976F871 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll

2014-07-10 21:38:19 448854C4FE94C0FA329CC38FF103DC74 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll

2014-07-10 21:38:18 E739AEDCA67F214F96C2520BA293B12B 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2014-07-10 21:38:18 E3065F51EE0BB099EAAE48C3FC3A25B6 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll

2014-07-10 21:38:18 BE0EA764820239F7785410CBE3880086 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-10 21:38:18 9385D7C5DF2566D01B1FB150F381D50B 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll

2014-07-10 21:38:18 91CF46BBB827E461C498A1D7D1A71AD6 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2014-07-10 21:38:18 7C44C697BA6D0B698B91AC6516A731C3 1139200 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2014-07-10 21:38:17 DFA59840BB1220AFD261FDAE83543959 17276416 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2014-07-10 21:38:17 42BF66A4DC35DAD3564065173372CCE9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2014-07-10 21:38:16 CE94480E78CC3A1A17B53F2BB65639BD 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2014-07-10 21:38:16 A9F8343A3234FC7A42DDA4569827B411 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2014-07-10 21:38:16 4B774E842F268D51DB942EF9637828B9 1964544 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl

2014-07-10 21:38:16 084FB28A790685F32A6D7D003777696D 2179072 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2014-07-10 21:38:15 FC733FD7721200D5136F6F8112E97B00 11742208 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2014-07-10 21:38:15 F2A99A4293CAF7956FF7801D36D5A3B2 442368 ----a-w- C:\Windows\SysWOW64\ieui.dll

2014-07-10 21:38:15 A98E303FCB7058C6E78FD1FBBCBB5EEF 240824 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll

2014-07-10 21:38:15 573E522A27210701EB8A6C476D36FFF6 239616 ----a-w- C:\Windows\SysWOW64\dxtrans.dll

2014-07-10 21:38:14 FDA05E78813F543A6E9AC6B23EC696F2 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll

2014-07-10 21:38:14 98C7B1AFA0A99EE3BE99EAABEFB72CA0 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2014-07-10 21:38:14 09CBE4B1AEF497FC05493B09EA2C1757 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2014-07-10 21:38:13 CCC198257901BEEA2FBF8EB1E7678356 1791488 ----a-w- C:\Windows\SysWOW64\wininet.dll

2014-07-10 21:38:13 8046CF629D8AE766C22145F4A6AFFBE1 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll

2014-07-10 21:38:13 557D60DF85D61C290A1D09E7115B294B 62464 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll

2014-07-10 21:38:13 175A663547805367C10746FC416D4605 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll

2014-07-10 21:38:13 045A91095A605BB20FF2B37546FE62B0 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll

2014-07-10 21:37:37 A0E053D8D97ED0F913D56E6AF21DD26F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll

2014-07-10 21:37:37 230AAF45031E87638CA4053C0399C1E6 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-07-10 21:38:37 980394E1FF94E460C4D71C1B098A0B4F 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll

2014-07-10 21:38:37 03282D1ADC4F64D27D697CBB63F972C2 519168 ----a-w- C:\Windows\Sysnative\aepdu.dll

2014-07-10 21:38:30 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\Sysnative\win32k.sys

2014-07-10 21:38:30 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\Sysnative\osk.exe

2014-07-10 21:38:27 D6AFBAA93169E6772565A1BC896D666B 624128 ----a-w- C:\Windows\Sysnative\qedit.dll

2014-07-10 21:38:22 E8E98B3B7A6E1250F4AA7AF8FA17D5BB 340992 ----a-w- C:\Windows\Sysnative\schannel.dll

2014-07-10 21:38:22 E23BA7A7BD97FC6B8AB5EA32A46D05CD 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll

2014-07-10 21:38:22 C9DD5C0D5AF2D7A54BA32E8FBD3B67F1 22016 ----a-w- C:\Windows\Sysnative\credssp.dll

2014-07-10 21:38:22 BFC98590EAB40C785D6134B1FA818A62 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll

2014-07-10 21:38:22 A805B5E68262302D1A60BE3DED5846C9 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll

2014-07-10 21:38:22 7D1017ED11B7C3B162628069742B5E58 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll

2014-07-10 21:38:22 79EE13A5A406E4603874686B8005DA72 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll

2014-07-10 21:38:19 FC50DF22550C565DD096ACFAF18A37ED 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll

2014-07-10 21:38:18 DA5BAC4C5BDB22BBC6771534EA95AD33 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2014-07-10 21:38:18 C2F62DF01E3552DB0571FEF4D514675B 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll

2014-07-10 21:38:18 C0F9F52C36E584C0339406ABF6DA1FBA 266424 ----a-w- C:\Windows\Sysnative\iedkcs32.dll

2014-07-10 21:38:18 5E646AD50848A409291418B5759595B9 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll

2014-07-10 21:38:16 73C7D1FCF6F58F3BF077FB42B0214BC0 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll

2014-07-10 21:38:16 391D68668CFC061F26BE593A61F745E0 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll

2014-07-10 21:38:15 D8E6706AECD7AA50764E126CE3F36555 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2014-07-10 21:38:15 CA67F68CEC788C0C69AD47C5125DDD8E 608768 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2014-07-10 21:38:15 7469D4E046BD7D155CAC2697BD28B58B 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll

2014-07-10 21:38:15 7176CB0FFAAC3E54ABB2014E821120F9 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe

2014-07-10 21:38:15 2E40D5E11BCC597352EE0314AF629A0F 452608 ----a-w- C:\Windows\Sysnative\dxtmsft.dll

2014-07-10 21:38:14 A21C6231459F4CAC212676A9367A1A68 2768384 ----a-w- C:\Windows\Sysnative\iertutil.dll

2014-07-10 21:38:14 1685AA234852657C4A6D253CCBBE84E0 2040832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl

2014-07-10 21:38:13 8B2ADE09864BF3F7AA6D395DAFEC41B5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2014-07-10 21:38:13 415DF2B045167D6D85223CFFF00FCFC7 292864 ----a-w- C:\Windows\Sysnative\dxtrans.dll

2014-07-10 21:38:12 CD76B3D60D28634A67B0AD7CB2E45929 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe

2014-07-10 21:38:12 945FA19B388FCF0FEA6124B5FD71C72F 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll

2014-07-10 21:38:12 854C5F171F5CEE272232AC0286F3B3B9 598016 ----a-w- C:\Windows\Sysnative\ieui.dll

2014-07-10 21:38:12 366FA6D38406DC8BED62825C196144D1 13527040 ----a-w- C:\Windows\Sysnative\ieframe.dll

2014-07-10 21:38:12 1FD6C2F6AC489C271565730F6E9E1A05 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll

2014-07-10 21:38:11 BDD4A74421B023C81DA63168BD10C01B 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll

2014-07-10 21:38:11 50FF2DD806CC6CF3B3F98F9A1A711603 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll

2014-07-10 21:38:11 4EC7738394D2BC7BCB5F7A3657F57252 5721088 ----a-w- C:\Windows\Sysnative\jscript9.dll

2014-07-10 21:38:11 2EE102DF0EDD8A1EDD3D1E9B99A91BEC 2266112 ----a-w- C:\Windows\Sysnative\wininet.dll

2014-07-10 21:38:11 00401347C3BC466E5F2516387EBBCA7D 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll

2014-07-10 21:38:10 FEC19C351EF1B2C998A85D1BFD765675 23464448 ----a-w- C:\Windows\Sysnative\mshtml.dll

2014-07-10 21:38:10 F876957CA193B20A21D52F91418657D7 195584 ----a-w- C:\Windows\Sysnative\msrating.dll

2014-07-10 21:38:10 89A53CDE0DA5680AF48A181D82C752CA 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll

2014-07-10 21:38:10 52012C83F7E9AF65D13F04415F0508F5 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe

2014-07-10 21:37:38 D4CCE15190269486A5E6D4D4E597F798 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll

====== C:\Windows\Sysnative\drivers =====

2014-07-10 21:38:27 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-07-24 17:31:33 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Sent\AppData\Roaming ======

====== C:\Users\Sent ======

2014-07-21 19:18:07 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Sent\Downloads\mbam-setup-2.0.2.1012 (1).exe

====== C: exe-files ==

2014-07-24 17:31:33 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Sent.exe

=== C: other files ==

2014-07-21 21:01:56 D732AC5645E4AB4C0E2579962D19F9DE 1129037 ----a-w- C:\Users\Sent\AppData\Roaming\Dropbox\bin\xui_resources.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1656333082-1529687371-2864326458-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"LightShot"="C:\Users\Sent\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue"

"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

"Google Update"="C:\Users\Sent\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 - Windows Help /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 - Windows Help /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe -h -k"

"NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED"

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG10\avgtray.exe"

"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"PlusService"="C:\Program Files (x86)\Yuna Software\Messenger Plus\PlusService.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin"

"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"

"AdobeCS5.5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe -launchedbylogin"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LightShot"="C:\Users\Sent\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue"

"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

"Google Update"="C:\Users\Sent\AppData\Local\Google\Update\GoogleUpdate.exe /c"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"Acer ePower Management"="C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe"

"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]

"item"="GamersFirst LIVE!"

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GamersFirst LIVE!.lnk"

"backup"="C:\\Windows\\pss\\GamersFirst LIVE!.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~2\\GAMERS~1\\LIVE!\\Live.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoWebCamera.exe.lnk]

"item"="VideoWebCamera.exe"

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\VideoWebCamera.exe.lnk"

"backup"="C:\\Windows\\pss\\VideoWebCamera.exe.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~2\\VIDEOW~1\\VIDEOW~1.EXE"

==== Startup Folders ======================

2012-09-24 10:00:58 1059 ----a-w- C:\Users\Sent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1656333082-1529687371-2864326458-1001Core.job --a------ C:\Users\Sent\AppData\Local\Google\Update\GoogleUpdate.exe [05-12-2010 22:14]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1656333082-1529687371-2864326458-1001UA.job --a------ C:\Users\Sent\AppData\Local\Google\Update\GoogleUpdate.exe [05-12-2010 22:14]

C:\Windows\tasks\update-S-1-5-21-1656333082-1529687371-2864326458-1001.job --a------ C:\Program Files (x86)\Skillbrains\Updater\Updater.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Sent-PC-Sent" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1656333082-1529687371-2864326458-1001Core" [C:\Users\Sent\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1656333082-1529687371-2864326458-1001UA" [C:\Users\Sent\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\update-S-1-5-21-1656333082-1529687371-2864326458-1001" [C:\Program Files (x86)\Skillbrains\Updater\Updater.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"uise@qwpf.net"="C:\Users\Sent\AppData\Roaming\Mozilla\Firefox\Profiles\iac8prmh.default\extensions" [24-07-2014 21:40]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Sent\AppData\Roaming\Mozilla\Firefox\Profiles\iac8prmh.default

- AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4

- Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

- Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

- Check4Change - %ProfilePath%\extensions\check4change-owner@mozdev.org

- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\Sent\AppData\Roaming\Mozilla\Firefox\Profiles\iac8prmh.default

E64819B6014A93E2503BB52419A0F6F3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll - Shockwave Flash

==== Chrome Look ======================

YTBookMark - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld

grreatsaaver - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk

YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa

Classic Popup Blocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp

Classic Popup Blocker - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp

YTBookMark - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld

grreatsaaver - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk

YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa

Classic Popup Blocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp

YTBookMark - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld

grreatsaaver - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk

YoutubeAdblocker - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa

Classic Popup Blocker - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp

Classic Popup Blocker - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp

YTBookMark - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld

grreatsaaver - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk

YoutubeAdblocker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa

Classic Popup Blocker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp

YTBookMark - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld

grreatsaaver - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk

YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa

Classic Popup Blocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp

Classic Popup Blocker - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp

YTBookMark - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld

grreatsaaver - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk

YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa

Classic Popup Blocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp

YTBookMark - Sent\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld

grreatsaaver - Sent\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk

YoutubeAdblocker - Sent\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa

Classic Popup Blocker - Sent\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp

Nederland.FM - Sent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahopcicfccpamfcapccjfoichdnplpch

Oeps Google Chrome kan geen verbinding maken met localhost - Sent\AppData\Local\Google\Chrome\User Data\Default\Extensions\behpapjjikbaegcfhigmjdogoppioaip

Firebug Lite for Google Chrome\u2122 - Sent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench

Tampermonkey - Sent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo

Google Finance - Sent\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp

AdBlock - Sent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

PT - Sent\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgohkgndpahjklgpdihieeedjeneoke

StayFocusd - Sent\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji

Classic Popup Blocker - Sent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp

Graph.tk - Sent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk

Picky Wallpapers - Sent\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj

YTBookMark - Sent\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld

grreatsaaver - Sent\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk

YoutubeAdblocker - Sent\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa

Classic Popup Blocker - Sent\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp

==== Chrome Fix ======================

C:\Users\Sent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully

C:\Users\Sent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld deleted successfully

C:\Users\Sent\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld deleted successfully

C:\Users\Sent\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adgldnmoelbfkiklpjjeaeomjbbpijld deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa deleted successfully

C:\Users\Sent\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa deleted successfully

C:\Users\Sent\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmabjdpkgeheekofpidaecbmkpjkbgoa deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk deleted successfully

C:\Users\Sent\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk deleted successfully

C:\Users\Sent\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\egababbbohdgloakenjmjjgkhmcbephk deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp deleted successfully

C:\Users\Sent\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp deleted successfully

C:\Users\Sent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp deleted successfully

C:\Users\Sent\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp deleted successfully

C:\Users\Sent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lijicndbkjoplmhnclmoahmcaffaeapp_0.localstorage deleted successfully

C:\Users\Sent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lijicndbkjoplmhnclmoahmcaffaeapp_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tm85&r=273612108705l0494z175f4732c306"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_nlNL408"

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1656333082-1529687371-2864326458-1001\Software\Mozilla\Firefox\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\a5215b3b-7dc8-4131-b13b-54cff2195dfa deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\cc6be57b-c6d4-43a7-a135-19155483c5b6 deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Sent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Sent\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=449 folders=141 68110240 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Sent\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Sent\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files\McAfee Security Scan" not found

==== EOF on do 24-07-2014 at 22:09:39,42 ======================

Er zijn nog wat andere zaken die je aandacht vereisen:

1.

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Ga naar Java en download daar de correcte Java versie.

• 
  
• Klik op "Gratis Java-download".
  
• Ga akkoord met de licentiebepalingen en klik op de button voor de gratis download.
  
• Het bestand JavaSetup wordt aangeboden - kies hier voor "bestand opslaan".
  
• Sluit alle programma's die eventueel open zijn - zeker je web browser!
  
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  
• Vink alles aan met Java Runtime Environment (JRE of J2SE of JAVA) in de naam.
  
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  
• Herhaal dit tot alle oudere versies verdwenen zijn.
  
• Na het verwijderen van alle oudere versies, herstart je pc.
  
• Klik vervolgens op JavaSetup om de nieuwste versie van Java te installeren.
  
• Vink de installatie van de Ask toolbar uit en ga dan verder met de installatie.
  

2.

Je AVG antivirus is ook verouderd. Update deze tool naar de meest recente versie om degelijk beschermt te blijven.

3.

Doe hierna nog eens een scan met deze tool:

Download AdwCleaner by Xplode naar het bureaublad.

• 
  
• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik op Scan.
  
• Klik vervolgens op Clean.
  
• Klik bij Herstarten Noodzakelijk op OK
  

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[s0].txt.

Logbestand plaatsen

• 
  
• Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[s0].txt als bijlage toe aan het volgende bericht.
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
  

Opnieuw heel hartelijk bedankt!

De log ziet er nu als volgt uit:

# AdwCleaner v3.216 - Rapport aangemaakt 24/07/2014 op 23:34:07

# Laatste Update 17/07/2014 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruikersnaam : Sent - SENT-PC

# Gestart vanuit : C:\Users\Sent\Desktop\adwcleaner_3.216.exe

# Optie : Verwijderen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v3.6.25 (nl)

[ Bestand : C:\Users\Sent\AppData\Roaming\Mozilla\Firefox\Profiles\iac8prmh.default\prefs.js ]

-\\ Google Chrome v

[ Bestand : C:\Users\Sent\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8927 octets] - [24/07/2014 20:21:55]

AdwCleaner[R1].txt - [1042 octets] - [24/07/2014 23:32:56]

AdwCleaner[s0].txt - [9098 octets] - [24/07/2014 20:25:39]

AdwCleaner[s1].txt - [968 octets] - [24/07/2014 23:34:07]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1027 octets] ##########

Dat ziet er netjes uit.

Om de gebruikte tools en de besmette herstelpunten mag je als laatste deze tool nog uitvoeren:

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

• 
  
• Remove disinfection tools
  
• Purge System Restore
  

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.