Ga naar inhoud

Virus "Click to continue by Notification"

hendrikd
 Delen

Aanbevolen berichten

hendrikd Bijdrager

hendrikd

Geplaatst:
Geplaatst:

Sinds gisterenavond ineens willekeurige woorden op websites die "aanklikbaar" zijn. Als 'k er met de cursor boven kom, verschijnt "Click ...".

Malwarebytes Antimalware geïnstalleerd en laten scannen. "Infecties" verwijderd en opnieuw opgestart. Maar probleem is niet weg.

Log gemaakt met Hijackthis en RSIT:

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 10:47:59, on 31/01/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)

FIREFOX: 26.0 (nl)

Boot mode: Normal

Running processes:

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Hendrik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\BlueStacks\HD-Agent.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Hendrik\AppData\Roaming\Torque\Torque.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Users\Hendrik\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: (no name) - {DA5A2A9E-DF07-4a8e-B423-BC5CD4D1880C} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe

O4 - HKCU\..\Run: [Copy] "C:\Users\Hendrik\AppData\Roaming\Copy\CopyAgent.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_5AE393E819AF6946586466E0F295AD2F] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Hendrik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [internetCalls] "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Copy] "C:\Users\Hendrik\AppData\Roaming\Copy\CopyAgent.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Copy] "C:\Users\Hendrik\AppData\Roaming\Copy\CopyAgent.exe" (User 'Default user')

O4 - Startup: Dropbox.lnk = Hendrik\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Formulieren Invullen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA909DB0-20B5-4EBE-A315-307DB8EFE8ED}: NameServer = 192.168.10.110 0.0.0.0

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HitmanPro.Alert Service (hmpalertsvc) - SurfRight B.V. - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe

O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MEDIONmobile. OUC (MEDIONmobile. RunOuc) - Unknown owner - C:\Program Files (x86)\MEDIONmobile\UpdateDog\ouc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: MozyHome back-updienst (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 16986 bytes

Logfile of random's system information tool 1.09 (written by random/random)

Run by Hendrik at 2014-01-31 10:50:50

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 221 GB (62%) free of 356 GB

Total RAM: 7863 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:50:52, on 31/01/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)

Boot mode: Normal

Running processes:

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Hendrik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\BlueStacks\HD-Agent.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Hendrik\AppData\Roaming\Torque\Torque.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Users\Hendrik\Downloads\HijackThis.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files\trend micro\Hendrik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: (no name) - {DA5A2A9E-DF07-4a8e-B423-BC5CD4D1880C} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe

O4 - HKCU\..\Run: [Copy] "C:\Users\Hendrik\AppData\Roaming\Copy\CopyAgent.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_5AE393E819AF6946586466E0F295AD2F] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Hendrik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [internetCalls] "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Copy] "C:\Users\Hendrik\AppData\Roaming\Copy\CopyAgent.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Copy] "C:\Users\Hendrik\AppData\Roaming\Copy\CopyAgent.exe" (User 'Default user')

O4 - Startup: Dropbox.lnk = Hendrik\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Formulieren Invullen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA909DB0-20B5-4EBE-A315-307DB8EFE8ED}: NameServer = 192.168.10.110 0.0.0.0

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HitmanPro.Alert Service (hmpalertsvc) - SurfRight B.V. - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe

O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MEDIONmobile. OUC (MEDIONmobile. RunOuc) - Unknown owner - C:\Program Files (x86)\MEDIONmobile\UpdateDog\ouc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: MozyHome back-updienst (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 17039 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

winlogon.exe

"C:\Windows\system32\nvvsvc.exe"

C:\Windows\system32\svchost.exe -k RPCSS

"C:\Program Files\Microsoft Security Client\MsMpEng.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

"C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe" /service

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"

C:\Windows\system32\nvvsvc.exe -session -first

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"taskhost.exe"

"C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe"

"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"

"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe"

"C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe"

"C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe"

"C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe"

"C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service

"C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe"

"C:\ProgramData\DatacardService\DCSHelper.exe"

"C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe"

"C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

C:\ProgramData\MEDIONmobile\OnlineUpdate\ouc.exe "C:/Program Files (x86)/MEDIONmobile/UpdateDog/"

"C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe"

"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"

"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 3764

"C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android

"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL mmsys.cpl

"C:\Program Files (x86)\BlueStacks\HD-Network.exe"

\??\C:\Windows\system32\conhost.exe "355324742-778767920746167446985354385-20486221822040328029-10067773731919205068

"C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe"

\??\C:\Windows\system32\conhost.exe "1022152261-618972128-1726236675-912628399-170116341-19786093951456819750851938291

"C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe"

\??\C:\Windows\system32\conhost.exe "-181211616039620987701963890-838534694-13136858337592711341825245978-530721815

"C:\Program Files\Microsoft Security Client\NisSrv.exe"

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1

"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp

\??\C:\Windows\system32\conhost.exe "-1881826900-1405464768266816618-313321392-1294415457-1421630388783231299695012407

"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

"C:\Program Files\Elantech\ETDCtrl.exe"

"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe"

"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

C:\Windows\system32\igfxsrvc.exe -Embedding

"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe"

C:\Windows\system32\igfxext.exe -Embedding

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Users\Hendrik\AppData\Roaming\Copy\CopyAgent.exe"

"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe"

"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

"C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

"C:\Users\Hendrik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5712.0.276720601\1091898534" --disable-image-transport-surface --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,5,13,23 --disable-accelerated-video-decode --reduce-gpu-sandbox --gpu-vendor-id=0x8086 --gpu-device-id=0x0046 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2622 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Disabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_77/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5712.1.1001401950\723115815" /prefetch:673131151

"C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup

-nolaunchurl

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"C:\Program Files (x86)\Launch Manager\LManager.exe"

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\BlueStacks\HD-Agent.exe"

"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"

"C:\Program Files (x86)\Launch Manager\LMworker.exe"

"C:\Program Files\Elantech\ETDCtrlHelper.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Disabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_77/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5712.2.961884133\357804027" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Disabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_77/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5712.3.1847513193\44810932" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Disabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_77/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5712.4.1658718870\1283608251" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Disabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_77/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5712.5.993330996\1182422768" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Disabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_77/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5712.6.1055130556\2088240163" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Disabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_77/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5712.7.699026602\1771318239" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Disabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_77/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5712.8.341372724\1041659641" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Disabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_77/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5712.9.239222394\169856358" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Disabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_77/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5712.10.276677928\93806768" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Disabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_77/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5712.12.2059361005\179493288" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Disabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_77/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5712.13.1466331336\681159846" /prefetch:673131151

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/np-rf-plugin.dll" --lang=nl --channel="5712.14.959589733\816331009" /prefetch:-390060480

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpbofogepkkeoockhkfcgngjkimndlp\0.8.4_0\plugins/npTorqueChrome.dll" --lang=nl --channel="5712.15.923160796\912493201" /prefetch:-390060480

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

"C:\Program Files\MozyHome\mozybackup.exe"

"C:\Program Files (x86)\Nero\Update\NASvc.exe"

"C:\Program Files\MozyHome\mozybackup.exe" /wts 5236 680 684

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

C:\Users\Hendrik\AppData\Roaming\Torque\Torque.exe

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=8680.1c4b5700.1493327905 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 8680 "\\.\pipe\gecko-crash-server-pipe.8680" plugin

"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe" --proxy-stub-channel=Flash5524.5B28B990.25676 --host-broker-channel=Flash5524.5B28B990.32235 --host-pid=5524 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll"

"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe" --channel=8620.005EF768.1743202188 --proxy-stub-channel=Flash5524.5B28B990.25676 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll" --host-npapi-version=27 --type=renderer

"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"

"C:\Windows\system32\SnippingTool.exe"

/QuitInfo:000000000000099C;00000000000008FC;

"C:\Users\Hendrik\Downloads\HijackThis.exe"

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Hendrik\Downloads\hijackthis.log

taskeng.exe {EC34D631-A765-428B-AA8A-0D1665DE20EC}

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 544 548 556 65536 552

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Users\Hendrik\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1191951822-230774151-2282679725-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1191951822-230774151-2282679725-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\bhb1zl6r.default

prefs.js - "browser.search.useDBForOrder" - "false"

prefs.js - "browser.startup.homepage" - "https://mail.google.com/mail/u/0/?shva=1#inbox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 12.0.0.43 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]

"Description"=

"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]

"Description"=Garmin GPS Control for Firefox

"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]

"Description"=Picasa3 plugin

"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 12.0.0.43 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\

belgiumeid@eid.belgium.be

C:\Program Files (x86)\Mozilla Firefox\plugins\

np-mswmp.dll

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\bhb1zl6r.default\extensions\

de-AT@dictionaries.addons.mozilla.org

donottrackplus@abine.com

fr-dicollecte@dictionaries.addons.mozilla.org

{5384767E-00D9-40E9-B72F-9CC39D655D6F}

{941E9C01-F8E0-493E-B814-E693BC99A1A1}

{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\bhb1zl6r.default\searchplugins\

duckduckgo.xml

ecosia.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]

RoboForm Toolbar Helper - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-10-21 24536280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-03-08 6669000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{887cdc33-0de3-4fd5-a5d3-eccd4b4b396c}]

PDN64BitBookMarkActivator.BookMark64BitActivator - C:\Windows\system32\mscoree.dll [2010-11-21 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]

RoboForm Toolbar Helper - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-10-21 18594008]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2013-03-08 4171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA5A2A9E-DF07-4a8e-B423-BC5CD4D1880C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-10-21 24536280]

{735abc4c-9266-4008-9ef6-bc60be8de31f} - Post-it® Digital Notes - C:\Windows\system32\mscoree.dll [2010-11-21 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-10-21 18594008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-06-22 10920552]

"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-04-13 649608]

"Acer ePower Management"=C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2011-01-05 860040]

"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-10 167704]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-10 392984]

"Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-10 417560]

"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-08-27 1028896]

"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2013-12-10 2279712]

"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2013-12-10 1100248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Copy"=C:\Users\Hendrik\AppData\Roaming\Copy\CopyAgent.exe [2014-01-03 15501456]

"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14 20584608]

"RoboForm"=C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-10-21 109784]

"GoogleChromeAutoLaunch_5AE393E819AF6946586466E0F295AD2F"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2014-01-23 866584]

"Spotify Web Helper"=C:\Users\Hendrik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2013-12-05 1168896]

"InternetCalls"=C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe [2013-10-17 19569480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29 497648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]

C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [2010-06-28 263936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

C:\Users\Hendrik\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Users\Hendrik\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-02 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_5AE393E819AF6946586466E0F295AD2F]

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2014-01-23 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]

C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2013-12-06 20203904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2013-08-27 248208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk]

C:\PROGRA~1\MozyHome\mozystat.exe [2013-05-21 6438216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Hendrik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stickies.lnk]

C:\PROGRA~2\Stickies\stickies.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-04-13 284696]

"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-08-10 975952]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

"BlueStacks Agent"=C:\Program Files (x86)\BlueStacks\HD-Agent.exe [2013-12-20 807696]

C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2012-01-10 390656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-03-08 6669000]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2013-03-08 4171464]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"vidc.XVID"=xvidvfw.dll

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-31 10:50:50 ----D---- C:\rsit

2014-01-31 10:50:50 ----D---- C:\Program Files\trend micro

2014-01-30 23:24:59 ----DC---- C:\Users\Hendrik\AppData\Roaming\Malwarebytes

2014-01-30 23:24:42 ----D---- C:\ProgramData\Malwarebytes

2014-01-30 23:24:39 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-30 23:24:39 ----A---- C:\Windows\system32\drivers\mbam.sys

2014-01-15 19:37:42 ----A---- C:\Windows\SYSWOW64\javaws.exe

2014-01-15 19:37:37 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

2014-01-15 19:37:37 ----A---- C:\Windows\SYSWOW64\javaw.exe

2014-01-15 19:37:37 ----A---- C:\Windows\SYSWOW64\java.exe

2014-01-15 10:26:47 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-01-15 10:26:47 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-01-15 10:26:47 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-01-15 10:26:46 ----A---- C:\Windows\system32\drivers\TsUsbGD.sys

2014-01-15 10:26:46 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys

2014-01-15 10:26:46 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys

2014-01-15 10:26:44 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll

2014-01-15 10:26:44 ----A---- C:\Windows\SYSWOW64\tsgqec.dll

2014-01-15 10:26:44 ----A---- C:\Windows\SYSWOW64\rdpendp_winip.dll

2014-01-15 10:26:44 ----A---- C:\Windows\SYSWOW64\mstsc.exe

2014-01-15 10:26:44 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll

2014-01-15 10:26:44 ----A---- C:\Windows\SYSWOW64\aaclient.dll

2014-01-15 10:26:44 ----A---- C:\Windows\system32\wksprtPS.dll

2014-01-15 10:26:44 ----A---- C:\Windows\system32\wksprt.exe

2014-01-15 10:26:44 ----A---- C:\Windows\system32\TSWbPrxy.exe

2014-01-15 10:26:44 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll

2014-01-15 10:26:44 ----A---- C:\Windows\system32\tsgqec.dll

2014-01-15 10:26:44 ----A---- C:\Windows\system32\rdpudd.dll

2014-01-15 10:26:44 ----A---- C:\Windows\system32\rdpendp_winip.dll

2014-01-15 10:26:44 ----A---- C:\Windows\system32\MsRdpWebAccess.dll

2014-01-15 10:26:44 ----A---- C:\Windows\system32\aaclient.dll

2014-01-15 10:26:43 ----A---- C:\Windows\SYSWOW64\mstscax.dll

2014-01-15 10:26:43 ----A---- C:\Windows\system32\rdpcorets.dll

2014-01-15 10:26:43 ----A---- C:\Windows\system32\mstsc.exe

2014-01-15 10:26:42 ----A---- C:\Windows\system32\mstscax.dll

2014-01-15 10:22:16 ----A---- C:\Windows\system32\win32k.sys

2014-01-15 10:22:16 ----A---- C:\Windows\system32\drivers\usbuhci.sys

2014-01-15 10:22:16 ----A---- C:\Windows\system32\drivers\usbport.sys

2014-01-15 10:22:16 ----A---- C:\Windows\system32\drivers\usbohci.sys

2014-01-15 10:22:16 ----A---- C:\Windows\system32\drivers\usbhub.sys

2014-01-15 10:22:16 ----A---- C:\Windows\system32\drivers\usbehci.sys

2014-01-15 10:22:16 ----A---- C:\Windows\system32\drivers\usbd.sys

2014-01-15 10:22:16 ----A---- C:\Windows\system32\drivers\usbccgp.sys

2014-01-15 10:22:15 ----A---- C:\Windows\system32\drivers\netio.sys

2014-01-13 17:55:36 ----D---- C:\Program Files (x86)\BlueStacks

2014-01-02 18:12:14 ----DC---- C:\Users\Hendrik\AppData\Roaming\InternetCalls

2014-01-02 18:12:05 ----D---- C:\Program Files (x86)\InternetCalls.com

======List of files/folders modified in the last 1 month======

2014-01-31 10:50:50 ----RD---- C:\Program Files

2014-01-31 10:50:36 ----DC---- C:\Users\Hendrik\AppData\Roaming\Torque

2014-01-31 10:48:49 ----D---- C:\Windows\system32\config

2014-01-31 10:39:48 ----DC---- C:\Users\Hendrik\AppData\Roaming\BitTorrent

2014-01-31 10:38:20 ----D---- C:\Windows\Temp

2014-01-31 10:37:12 ----DC---- C:\Users\Hendrik\AppData\Roaming\Dropbox

2014-01-31 10:36:46 ----DC---- C:\Users\Hendrik\AppData\Roaming\Skype

2014-01-31 10:36:14 ----DC---- C:\Users\Hendrik\AppData\Roaming\Copy

2014-01-31 10:34:47 ----A---- C:\Windows\SYSWOW64\log.txt

2014-01-31 10:32:57 ----AD---- C:\ProgramData\Temp

2014-01-30 23:24:42 ----HD---- C:\ProgramData

2014-01-30 23:24:39 ----D---- C:\Windows\system32\drivers

2014-01-30 23:24:39 ----D---- C:\Program Files (x86)

2014-01-30 23:24:32 ----D---- C:\Windows\Prefetch

2014-01-30 16:51:41 ----SHD---- C:\System Volume Information

2014-01-29 11:17:11 ----A---- C:\Windows\BRWMARK.INI

2014-01-29 09:21:40 ----D---- C:\Config.Msi

2014-01-28 22:23:15 ----DC---- C:\Users\Hendrik\AppData\Roaming\Spotify

2014-01-28 15:36:25 ----D---- C:\Windows\System32

2014-01-28 15:36:25 ----D---- C:\Windows\inf

2014-01-28 15:36:25 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-01-26 23:23:30 ----D---- C:\Windows\SysWOW64

2014-01-26 15:03:44 ----DC---- C:\Users\Hendrik\AppData\Roaming\Tyre

2014-01-25 09:01:35 ----SHD---- C:\Windows\Installer

2014-01-25 09:01:33 ----DC---- C:\Users\Hendrik\AppData\Roaming\Mozilla

2014-01-22 16:33:42 ----D---- C:\Windows\system32\catroot2

2014-01-22 16:30:31 ----D---- C:\Program Files (x86)\Calibre2

2014-01-21 14:36:07 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2014-01-21 14:32:59 ----A---- C:\Windows\wininit.ini

2014-01-19 08:33:29 ----N---- C:\Windows\system32\MpSigStub.exe

2014-01-15 19:38:10 ----D---- C:\ProgramData\Oracle

2014-01-15 19:37:36 ----D---- C:\Program Files (x86)\Java

2014-01-15 13:30:19 ----D---- C:\Windows\rescache

2014-01-15 10:53:55 ----D---- C:\Windows\winsxs

2014-01-15 10:51:56 ----D---- C:\Windows\SYSWOW64\wbem

2014-01-15 10:51:56 ----D---- C:\Windows\SYSWOW64\nl-NL

2014-01-15 10:51:56 ----D---- C:\Windows\system32\wbem

2014-01-15 10:51:56 ----D---- C:\Windows\system32\nl-NL

2014-01-15 10:51:56 ----D---- C:\Windows\system32\drivers\nl-NL

2014-01-15 10:51:56 ----D---- C:\Windows\PolicyDefinitions

2014-01-15 10:51:55 ----D---- C:\Windows\system32\DriverStore

2014-01-15 10:27:02 ----D---- C:\Windows\system32\catroot

2014-01-15 10:26:13 ----D---- C:\Windows\system32\MRT

2014-01-15 10:23:11 ----D---- C:\Windows\debug

2014-01-15 10:22:58 ----A---- C:\Windows\system32\MRT.exe

2014-01-13 18:45:35 ----D---- C:\Windows\Microsoft.NET

2014-01-13 18:26:45 ----D---- C:\ProgramData\BlueStacksSetup

2014-01-13 18:25:08 ----RSD---- C:\Windows\assembly

2014-01-13 17:55:52 ----D---- C:\ProgramData\BlueStacks

2014-01-13 17:47:59 ----D---- C:\Windows

2014-01-13 17:33:48 ----D---- C:\Windows\Logs

2014-01-13 17:24:16 ----D---- C:\Program Files\CCleaner

2014-01-13 17:12:00 ----D---- C:\Program Files (x86)\Adobe

2014-01-13 17:10:40 ----DC---- C:\Users\Hendrik\AppData\Roaming\WildTangent

2014-01-13 17:10:40 ----D---- C:\ProgramData\WildTangent

2014-01-13 17:07:24 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2014-01-08 19:26:22 ----D---- C:\Windows\system32\Tasks

2014-01-08 19:26:19 ----D---- C:\Program Files (x86)\WizMouse

2014-01-01 21:56:43 ----D---- C:\Program Files (x86)\Garmin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-04-13 540696]

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240]

R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2013-11-14 32544]

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]

R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys [2013-11-02 44744]

R1 mozyFilter;mozyFilter; C:\Windows\system32\DRIVERS\mozy.sys [2013-05-02 67808]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-12-20 114448]

R2 hmpalert;HitmanPro.Alert Support Driver; \??\C:\Windows\system32\drivers\hmpalert.sys [2013-11-23 17416]

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-05-11 2229608]

R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]

R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2009-09-17 56344]

R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2013-05-08 90112]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-10 12311904]

R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-06-22 2399848]

R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]

R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-06 18432]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-12-05 39200]

R3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2013-09-17 42184]

R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-06 16896]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2013-06-24 44672]

S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]

S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]

S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]

S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2013-05-08 117248]

S3 ewusbmbb;HUAWEI USB-WWAN miniport; C:\Windows\system32\DRIVERS\ewusbwwan.sys [2013-05-08 450048]

S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2012-04-18 19304]

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2013-05-08 225920]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]

S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-09-22 243712]

S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187.sys [2010-01-07 448512]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9; c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]

R2 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-12-20 402192]

R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-12-20 385808]

R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]

R2 ePowerSvc;Acer ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-01-05 867712]

R2 GREGService;GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]

R2 hmpalertsvc;HitmanPro.Alert Service; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2013-11-23 1830768]

R2 hshld;Hotspot Shield Service; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-11-02 906024]

R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-11-02 555304]

R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-03-14 346976]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

R2 Live Updater Service;Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-01-31 244624]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-03-18 268824]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 mozybackup;MozyHome back-updienst; C:\Program Files\MozyHome\mozybackup.exe [2013-04-19 55112]

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]

R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]

R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-10 1494304]

R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-10 15129376]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-11-11 922912]

R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-08-27 93072]

R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]

R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 116648]

S2 MEDIONmobile. RunOuc;MEDIONmobile. OUC; C:\Program Files (x86)\MEDIONmobile\UpdateDog\ouc.exe [2013-05-08 655712]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]

S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 116648]

S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]

S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [2013-11-02 78512]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-03-08 30798512]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-11 119408]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-04-28 1255736]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download 51a612a8b27e2-Zoek.pngZoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  {DA5A2A9E-DF07-4a8e-B423-BC5CD4D1880C};c
 C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\bhb1zl6r.default\searchplugins\duckduckgo.xml;f
 C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\bhb1zl6r.default\searchplugins\
 ecosia.xml;f
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA5A2A9E-DF07-4a8e-B423-BC5CD4D1880C}];r64
 C:\Users\Hendrik\AppData\Roaming\Torque;v
 C:\Users\Hendrik\AppData\Roaming\Tyre;v
 emptyfolderscheck;delete 
startupall; 
filesrcm;

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.
  • Do a Quick Scan

  • Auto Clean
  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites
hendrikd Bijdrager

hendrikd

Geplaatst:
  • Auteur
Geplaatst:

Heb pc heropgestart, zoek.exe opnieuw uitgevoerd en nu liep het duidelijk wel verder ;).

Log:

Zoek.exe v5.0.0.0 Updated 31-January-2014

Tool run by Hendrik on vr 31/01/2014 at 16:39:53,44.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Hendrik\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-01-31-125429.log 437 bytes

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully

C:\PROGRA~2\FileStream deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\Notificatoin deleted successfully

C:\Program Files\log deleted successfully

C:\ProgramData\Oracle deleted successfully

C:\Users\Hendrik\AppData\Roaming\BitTorrent deleted successfully

C:\Users\Hendrik\AppData\Roaming\Lite deleted successfully

C:\Users\Hendrik\AppData\Roaming\TP deleted successfully

C:\Users\Hendrik\AppData\Local\calibre-cache deleted successfully

C:\Users\Hendrik\AppData\Local\ms-drivers deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA5A2A9E-DF07-4a8e-B423-BC5CD4D1880C} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssTrayService deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssTrayService deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssWd deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\HssWd deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssWd deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\hshld deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hshld deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\hshld deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hshld deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA5A2A9E-DF07-4a8e-B423-BC5CD4D1880C}]

==== Deleting Files \ Folders ======================

C:\ProgramData\eSellerate deleted

C:\Users\Hendrik\AppData\Roaming\BitLord deleted

C:\Users\Hendrik\AppData\Roaming\Hotspot Shield deleted

C:\Users\Hendrik\AppData\Roaming\GetRightToGo deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield deleted

C:\Windows\wininit.ini deleted

C:\Windows\SysWow64\AI_RecycleBin deleted

C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\bhb1zl6r.default\jetpack deleted

C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\bhb1zl6r.default\extensions\{941E9C01-F8E0-493E-B814-E693BC99A1A1} deleted

"C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\bhb1zl6r.default\searchplugins\duckduckgo.xml" deleted

"C:\PROGRA~2\Hotspot Shield\bin\af_proxy.dll" deleted

"C:\PROGRA~2\Hotspot Shield\bin\HSSCP.exe" deleted

"C:\PROGRA~2\Hotspot Shield\bin\zlib1.dll" deleted

"C:\PROGRA~2\Hotspot Shield\bin\lang\gui-eng.dll" deleted

"C:\PROGRA~2\Hotspot Shield" deleted

"C:\ProgramData\Hotspot Shield" deleted

"C:\PROGRA~2\Hotspot Shield\bin" deleted

"C:\PROGRA~2\Hotspot Shield\bin\lang" deleted

"C:\ProgramData\Hotspot Shield\config" deleted

"C:\ProgramData\Hotspot Shield\config\hsspx" deleted

==== Folders Found In C:\Users\Hendrik\AppData\Roaming\Tyre ======================

2013-09-06 15:51:44 dc----w- C:\Users\Hendrik\AppData\Roaming\Tyre\BMW

2013-09-06 15:51:44 dc----w- C:\Users\Hendrik\AppData\Roaming\Tyre\DPTracks

2013-09-06 15:51:44 dc----w- C:\Users\Hendrik\AppData\Roaming\Tyre\TomTom

2013-09-06 15:52:36 dc----w- C:\Users\Hendrik\AppData\Roaming\Tyre\Tip

==== Files Found In C:\Users\Hendrik\AppData\Roaming\Tyre ======================

2006-12-01 08:13:48 40960 -c--a-w- FF4139F975A27DBCA2D41F4A2C1ED432 C:\Users\Hendrik\AppData\Roaming\Tyre\appstop.exe

2008-05-20 13:13:38 7823 -c--a-w- ADD667817F25BCE331A213AB3CC9621F C:\Users\Hendrik\AppData\Roaming\Tyre\loading.gif

2009-05-18 12:58:16 11 -c--a-w- 7918F9D419B1D3556FF8F4EB582DECA1 C:\Users\Hendrik\AppData\Roaming\Tyre\UTF8Code.txt

2010-01-11 12:38:48 16950 -c--a-w- F42547446D1F2A1D2A15F43281090B7A C:\Users\Hendrik\AppData\Roaming\Tyre\Tyre_dir.tdf

2010-11-01 15:18:12 61894 -c--a-w- 4EC7117AFEF1A2F5A7BE2DECB354FC7F C:\Users\Hendrik\AppData\Roaming\Tyre\bmw.png

2010-11-15 13:58:34 1171 -c--a-w- ED5968A370527FB4C8A1550547AA220D C:\Users\Hendrik\AppData\Roaming\Tyre\Ergens op aarde.itn

2011-05-20 11:12:26 373 -c--a-w- 0A3CF848C902D45E8500B9E585603177 C:\Users\Hendrik\AppData\Roaming\Tyre\Languages.tdf

2011-11-07 10:21:08 3097 -c--a-w- 8C5148195CE547A60431A3E306C5CA43 C:\Users\Hendrik\AppData\Roaming\Tyre\Tyre_lib.html

2011-11-07 10:25:04 2675 -c--a-w- 19B3643BD2741DCE5829B867C3D034FD C:\Users\Hendrik\AppData\Roaming\Tyre\Tyre_st.html

2011-11-07 10:25:36 3326 -c--a-w- 0B84381DEFE5275407EF650DFF283DE2 C:\Users\Hendrik\AppData\Roaming\Tyre\Tyre_sv.html

2012-04-10 13:39:44 7513 -c--a-w- E0C32D2F723BAE5988682F0F79923567 C:\Users\Hendrik\AppData\Roaming\Tyre\Tyre_wp_2.tdf

2012-04-10 13:40:36 3774 -c--a-w- 45F0325E5C04B8B29D5DF8B3B258EA00 C:\Users\Hendrik\AppData\Roaming\Tyre\Tyre_wp_1.tdf

2012-04-17 06:29:06 708 -c--a-w- 6F597231B742B25EF79990428BD61A2C C:\Users\Hendrik\AppData\Roaming\Tyre\pois.txt

2012-09-25 14:17:08 10461 -c--a-w- 8442126CAC57C559B18ABC1A1B461C22 C:\Users\Hendrik\AppData\Roaming\Tyre\Tyre_names.html

2012-11-09 15:22:00 41472 -c--a-w- 17C2E4281FADD04771695A94FB82D878 C:\Users\Hendrik\AppData\Roaming\Tyre\gpx2itn.exe

2012-12-07 20:13:58 21614 -c--a-w- 7A6DE14707F04C13B8CD220774137593 C:\Users\Hendrik\AppData\Roaming\Tyre\Tyre_routes.html

2012-12-07 20:39:26 32848 -c--a-w- 5AF59B371D9D085B4BE8EFCE80697EE2 C:\Users\Hendrik\AppData\Roaming\Tyre\Tyre_libs.html

2012-12-07 21:18:28 7930 -c--a-w- 8FB8CF14D2C99AACEE73D630464A61C6 C:\Users\Hendrik\AppData\Roaming\Tyre\Tyre_optwp.html

2012-12-07 21:24:04 6143 -c--a-w- 05D79BFECB12FB915980E7F294ECF4C8 C:\Users\Hendrik\AppData\Roaming\Tyre\Tyre_optwp_calc.html

2013-02-26 11:19:48 12579 -c--a-w- C2E75E99C9AF805110D71307EC5F0B87 C:\Users\Hendrik\AppData\Roaming\Tyre\Tyre_tracks.html

2013-06-24 19:54:40 124572 -c--a-w- DB14B8924FE69A55B19588A67E5C387A C:\Users\Hendrik\AppData\Roaming\Tyre\Tyre_6.tdf

2013-07-19 08:05:12 38420 -c--a-w- 0B90EE9243833FCF4DAA3A48CA3CD796 C:\Users\Hendrik\AppData\Roaming\Tyre\English.gtl

2013-07-19 08:07:44 41360 -c--a-w- FCF5A5CE105238909CF5D0140D962756 C:\Users\Hendrik\AppData\Roaming\Tyre\Frysk.gtl

2013-07-19 08:09:26 39816 -c--a-w- 53B248D7D8A78CFA5DF7EE63AAE0FA73 C:\Users\Hendrik\AppData\Roaming\Tyre\Catala.gtl

2013-07-19 08:10:26 41788 -c--a-w- 1DA8B4C4325F401A035C7B476F2894F9 C:\Users\Hendrik\AppData\Roaming\Tyre\Espanol.gtl

2013-07-19 08:10:38 43208 -c--a-w- F85658498699BA67A064FE28FEA8EC66 C:\Users\Hendrik\AppData\Roaming\Tyre\Francais.gtl

2013-07-19 08:11:42 40975 -c--a-w- 88848B0217F32DA3991EE19ADD853F53 C:\Users\Hendrik\AppData\Roaming\Tyre\Portugues.gtl

2013-07-19 08:14:52 39729 -c--a-w- 2A303192AE972684D662AD0F36E9DBF8 C:\Users\Hendrik\AppData\Roaming\Tyre\Cestina.gtl

2013-07-19 08:15:28 38834 -c--a-w- 3F902E53EFCFA13F822049E6EE223B26 C:\Users\Hendrik\AppData\Roaming\Tyre\Dansk.gtl

2013-07-19 08:15:46 42007 -c--a-w- 5D8119559DDBB04772F20227BFBEA8DE C:\Users\Hendrik\AppData\Roaming\Tyre\Deutsch.gtl

2013-07-19 08:16:26 42095 -c--a-w- 3D48311E1865B9C5AC56C70070E4DB6D C:\Users\Hendrik\AppData\Roaming\Tyre\Italiano.gtl

2013-07-19 08:16:50 38495 -c--a-w- 2C7464483F082EF2A641D1864F534E75 C:\Users\Hendrik\AppData\Roaming\Tyre\Norsk.gtl

2013-07-19 08:18:36 60461 -c--a-w- E5E9AF6D475839C5F457598BD79CF458 C:\Users\Hendrik\AppData\Roaming\Tyre\Russian.gtl

2013-07-19 08:19:02 39661 -c--a-w- BBDB16E3043FC6617C33E4F441A4EE23 C:\Users\Hendrik\AppData\Roaming\Tyre\Polski.gtl

2013-07-19 08:19:30 35777 -c--a-w- 7E8310C94DC6BDBC8F2A2F1C4A01C4ED C:\Users\Hendrik\AppData\Roaming\Tyre\Simplified Chinese.gtl

2013-07-19 08:19:56 38769 -c--a-w- 918DAF111749A0189D316879A15C3426 C:\Users\Hendrik\AppData\Roaming\Tyre\Suomi.gtl

2013-07-19 08:20:16 40045 -c--a-w- 1F45F982A57606EDC9C52C5C8D923AAA C:\Users\Hendrik\AppData\Roaming\Tyre\Svenska.gtl

2013-07-19 08:20:36 35782 -c--a-w- BCC5D91CA741773F18F2A41AD13C7BF4 C:\Users\Hendrik\AppData\Roaming\Tyre\Traditional Chinese.gtl

2013-07-19 08:21:02 39439 -c--a-w- B798B9AB7ED048F50BFA256213A25716 C:\Users\Hendrik\AppData\Roaming\Tyre\Turkce.gtl

2013-08-01 08:37:52 41982 -c--a-w- 9F1C581D5850978CA2575DBE867D96BF C:\Users\Hendrik\AppData\Roaming\Tyre\Nederlands.gtl

2013-09-06 15:51:53 2584148 -c--a-w- 08C57DA8CDB05CDC80DD20D97D50C675 C:\Users\Hendrik\AppData\Roaming\Tyre\TyreSetup.exe

2013-09-06 15:52:35 15 -c--a-w- AD4410705C973EF1D2B699A3C0D0CEB6 C:\Users\Hendrik\AppData\Roaming\Tyre\Default.tfl

2013-09-06 15:52:35 15 -c--a-w- AD4410705C973EF1D2B699A3C0D0CEB6 C:\Users\Hendrik\AppData\Roaming\Tyre\favorites.txt

2014-01-25 15:39:56 1816 -c--a-w- 701705F335C3AF4318F86FAFD9F93D87 C:\Users\Hendrik\AppData\Roaming\Tyre\MessageToUsers.html

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Hendrik\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2014-01-30 22:24:39 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2014-01-15 09:26:46 AD64450A4ABE076F5CB34CC08EEACB07 30208 ----a-w- C:\Windows\Sysnative\drivers\TsUsbGD.sys

2014-01-15 09:26:46 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys

2014-01-15 09:26:46 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys

2014-01-15 09:22:16 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys

2014-01-15 09:22:16 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys

2014-01-15 09:22:16 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys

2014-01-15 09:22:16 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys

2014-01-15 09:22:16 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys

2014-01-15 09:22:16 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys

2014-01-15 09:22:16 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys

2014-01-15 09:22:15 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-01-31 09:50:50 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

2014-01-13 16:55:36 -------- d-----w- C:\PROGRA~2\BlueStacks

2014-01-02 17:12:05 -------- d-----w- C:\PROGRA~2\InternetCalls.com

======= C: =====

====== C:\Users\Hendrik\AppData\Roaming ======

2014-01-02 17:12:14 -------- dc----w- C:\Users\Hendrik\AppData\Roaming\InternetCalls

====== C:\Users\Hendrik ======

2014-01-31 09:50:20 662C39FC1E27131551D557862CEC47F0 935175 -c--a-w- C:\Users\Hendrik\Downloads\RSITx64.exe

2014-01-30 22:23:52 683FDD3D773C58B262DC07CD0C6CE938 10285040 -c--a-w- C:\Users\Hendrik\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-26 22:23:04 22557C4952C896BFD1028A82FFEAEC48 2546497 -c--a-w- C:\Users\Hendrik\Downloads\PoiEdit2007-2-NLD.exe

2014-01-21 20:05:28 -------- dc----r- C:\Users\Hendrik\Music

2014-01-15 18:37:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-01-13 16:55:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks

2014-01-13 16:16:47 -------- dc----w- C:\Users\Hendrik\decrypt

2014-01-02 17:12:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetCalls

====== C: exe-files ==

2014-01-31 10:09:43 3F05C52C278B707C16652E648A57902E 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1191951822-230774151-2282679725-1000\$IH0JXNB.exe

2014-01-31 09:50:51 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Hendrik.exe

2014-01-31 09:50:20 662C39FC1E27131551D557862CEC47F0 935175 -c--a-w- C:\Users\Hendrik\Downloads\RSITx64.exe

2014-01-30 22:23:52 683FDD3D773C58B262DC07CD0C6CE938 10285040 -c--a-w- C:\Users\Hendrik\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-29 17:18:13 95538B9357EE263A75A3349550974262 364288 -c--a-w- C:\Users\Hendrik\AppData\Local\NVIDIA\NvBackend\Packages\0000577a\updatus.17734322_RUNASUSER.exe

2014-01-29 17:17:58 F1F92AD02D1B24779EDB2B9D99EB7450 3193160 -c--a-w- C:\Users\Hendrik\AppData\Local\NVIDIA\NvBackend\Packages\00005773\dao.17731592.exe

2014-01-29 09:22:06 BD556495B9E1E00A2A55D4E6131C2EA0 981160 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.102\32.0.1700.102_32.0.1700.76_chrome_updater.exe

2014-01-28 19:07:07 9769BD78485E5C4F8AD5CAB3B1F8A029 32710608 -c--a-w- C:\Users\Hendrik\AppData\Roaming\Spotify\Spotify_new.exe

2014-01-27 15:09:52 6226A8E84105B0B90EF8946FD60FF03F 8257536 -c--a-w- C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOHAP8XW\SpotifyFullSetup[1].exe

2014-01-26 22:23:04 22557C4952C896BFD1028A82FFEAEC48 2546497 -c--a-w- C:\Users\Hendrik\Downloads\PoiEdit2007-2-NLD.exe

=== C: other files ==

2014-01-31 09:39:47 F93171B9F1DD602A6676DA5AE350DB7B 103 -c--a-w- C:\Users\Hendrik\AppData\Local\Temp\utt1D21.tmp.bat

2014-01-30 22:24:39 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-01-30 21:19:59 75EC11CC5F3F039E81113ABFB908110E 536213 ----a-w- C:\Users\Hendrik\Downloads\Tor Browser\FirefoxPortable\Data\profile\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Copy"="C:\Users\Hendrik\AppData\Roaming\Copy\CopyAgent.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1191951822-230774151-2282679725-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Copy"="C:\Users\Hendrik\AppData\Roaming\Copy\CopyAgent.exe"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

"GoogleChromeAutoLaunch_5AE393E819AF6946586466E0F295AD2F"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"

"Spotify Web Helper"="C:\Users\Hendrik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"InternetCalls"="C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe -nosplash -minimized"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"Copy"="C:\Users\Hendrik\AppData\Roaming\Copy\CopyAgent.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Copy"="C:\Users\Hendrik\AppData\Roaming\Copy\CopyAgent.exe"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

"GoogleChromeAutoLaunch_5AE393E819AF6946586466E0F295AD2F"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"

"Spotify Web Helper"="C:\Users\Hendrik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"InternetCalls"="C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe -nosplash -minimized"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"Acer ePower Management"="C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe"

"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

"ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeAAMUpdater-1.0"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BackupManagerTray"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\NewTech Infosystems\\Packard Bell MyBackup\\BackupManagerTray.exe\" -h -k"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BCSSync"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BitTorrent"

"hkey"="HKCU"

"command"="\"C:\\Users\\Hendrik\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe\" /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Google Update"

"hkey"="HKCU"

"command"="\"C:\\Users\\Hendrik\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_5AE393E819AF6946586466E0F295AD2F]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GoogleChromeAutoLaunch_5AE393E819AF6946586466E0F295AD2F"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleDriveSync]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GoogleDriveSync"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Google\\Drive\\googledrivesync.exe\" /autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="TomTomHOME.exe"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MozyHome Status.lnk"

"backup"="C:\\Windows\\pss\\MozyHome Status.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\MozyHome\\mozystat.exe "

"item"="MozyHome Status"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Hendrik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stickies.lnk]

"path"="C:\\Users\\Hendrik\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Stickies.lnk"

"backup"="C:\\Windows\\pss\\Stickies.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~2\\Stickies\\stickies.exe "

"item"="Stickies"

==== Startup Folders ======================

2013-06-20 20:35:15 1069 -c--a-w- C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26/04/2013 06:05]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26/04/2013 06:05]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1191951822-230774151-2282679725-1000Core.job --a------ C:\Users\Hendrik\AppData\Local\Google\Update\GoogleUpdate.exe [02/05/2013 16:39]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1191951822-230774151-2282679725-1000UA.job --a------ C:\Users\Hendrik\AppData\Local\Google\Update\GoogleUpdate.exe [02/05/2013 16:39]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Hendrik-laptop-Hendrik" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1191951822-230774151-2282679725-1000Core" [C:\Users\Hendrik\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1191951822-230774151-2282679725-1000UA" [C:\Users\Hendrik\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMNJMJHMJMOMHMLJMMCNIMPMOMJJCNLMOMPMNMCNOJOMKMLJCNMJJMPMLJOMHMHMNMGMPMNJLJJNJICMIMCNGMCNNMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMIJAJLILJOMFMOMIMHMJNHICMMJBJKJLIMJJNBJCMHLKJBJLJNIGJEJJNKJCMJNNICMJNDJCMBJDJ"]

"C:\Windows\SysNative\tasks\Run RoboForm TaskBar Icon" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]

"C:\Windows\SysNative\tasks\{4185EE75-E4C7-4233-AA57-E7EDB97F5860}" [C:\Users\Hendrik\Downloads\Spotify Installer.exe]

"C:\Windows\SysNative\tasks\{4F496252-F4C9-4106-A959-64146F53F52B}" [C:\Users\Hendrik\AppData\Roaming\Spotify\spotify.exe]

"C:\Windows\SysNative\tasks\{57B76FA6-9C99-4DFE-B312-821621DE86D7}" [C:\Users\Hendrik\Downloads\SpotifySetup.exe]

"C:\Windows\SysNative\tasks\{867C6285-A589-469F-8CF2-8FACB16A8CCC}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]

"C:\Windows\SysNative\tasks\{8A2A25A0-5226-4422-9915-B7556B7EABFD}" [C:\Users\Hendrik\Downloads\Spotify Installer.exe]

"C:\Windows\SysNative\tasks\{D41CBA3A-66F3-4A33-AA80-D0DD81A560CA}" [C:\Users\Hendrik\Downloads\SpotifySetup.exe]

"C:\Windows\SysNative\tasks\{FCD8829B-DD4C-4C34-A800-D7802777874A}" [C:\Users\Hendrik\Downloads\SpotifySetup.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [21/10/2013 10:17]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\bhb1zl6r.default

- Deutsches Wrterbuch erweitert fr sterreich - %ProfilePath%\extensions\de-AT@dictionaries.addons.mozilla.org

- DoNotTrackMe: Online Privacy Protection - %ProfilePath%\extensions\donottrackplus@abine.com

- Dictionnaires franais - %ProfilePath%\extensions\fr-dicollecte@dictionaries.addons.mozilla.org

- EPUBReader - %ProfilePath%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi

- AutoCopy 2 - %ProfilePath%\extensions\autocopy2@teo.pl.xpi

- Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi

- Gmelius - %ProfilePath%\extensions\gmailadsremover@florian.bersier.xpi

- ahsweN Forum Smiley - %ProfilePath%\extensions\info@ahswen.com.xpi

- Lightbeam - %ProfilePath%\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi

- cleanr Videos for YouTube - %ProfilePath%\extensions\jid1-rVWl1u7MJL7d2g@jetpack.xpi

- Deutsch DE Language Pack - %ProfilePath%\extensions\langpack-de@firefox.mozilla.org.xpi

- Ecosia - The search engine that plants trees em:descriptionEcosia is a search engine that donates 80 of its income to a tree planting program in Brazil. By searching with Ecosia you can help the environment for free - %ProfilePath%\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

- Hotspot Shield Extension - %AppDir%\browser\extensions\afext@anchorfree.com

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\bhb1zl6r.default

2557FBC582910A71CDEB0F22886D118D - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash

C36444D7301A8C881FC7296B092609C7 - C:\Users\Hendrik\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update

68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\Hendrik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator

99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\Hendrik\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer

AF42019A3B0EDBFA6878F75B9377A792 - C:\Users\Hendrik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin

==== Deleted Firefox Extensions ======================

C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com deleted

==== Chrome Look ======================

Google Docs - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

Open with Office Web Apps Viewer - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcknfcclbcpdeopdopomkdbjmldgdeld

Sothink Flash Downloader for Chrome - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\biceobciobbhhkplgocbaigojbnepcoi

YouTube - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

HelloFax 50 Free Fax Pages - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm

Last updated at time on date - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Ecosia - The search engine that plants trees - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc

Google Search - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Free Smileys & Emoticons - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadohofilecbkoopckifdpenihdpdbfm

Gmail Offline - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk

DoNotTrackMe Online Privacy Protection - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd

Free Smileys Emoticons - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl

Hola Better Internet - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio

ProxMate - Proxy on steroids - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm

BitTorrent Surf (Beta) - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpbofogepkkeoockhkfcgngjkimndlp

The Great Suspender - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg

Video Downloader - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp

Google Wallet - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl deleted successfully

C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjbbjfdilbioabojmcplalojlmdngbjl_0.localstorage deleted successfully

C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjbbjfdilbioabojmcplalojlmdngbjl_0.localstorage-journal deleted successfully

C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl deleted successfully

C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadohofilecbkoopckifdpenihdpdbfm deleted successfully

C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp deleted successfully

C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage deleted successfully

C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://packardbell.msn.com/"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"

"Default_Search_URL"="http://www.google.com/ie"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://www.google.com/search?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://www.google.com/ie"

"Default_Search_URL"="http://www.google.com/ie"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://packardbell.msn.com/"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{E653FCC0-8214-4D64-84DE-880B9B40BDC5} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4A17X4RH will be deleted at reboot

C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOHAP8XW will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Hendrik\AppData\Local\Mozilla\Firefox\Profiles\bhb1zl6r.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=563 folders=105 39926505 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Hendrik\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Hendrik\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4A17X4RH" not found

"C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOHAP8XW" not found

==== EOF on vr 31/01/2014 at 17:07:59,47 ======================

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Doe wel nog even dit:

Dubbelklik op Zoek.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  C:\Windows\SysNative\tasks\{4185EE75-E4C7-4233-AA57-E7EDB97F5860};fs
 C:\Windows\SysNative\tasks\{4F496252-F4C9-4106-A959-64146F53F52B};fs
 C:\Windows\SysNative\tasks\{57B76FA6-9C99-4DFE-B312-821621DE86D7};fs C:\Windows\SysNative\tasks\{867C6285-A589-469F-8CF2-8FACB16A8CCC};fs
 C:\Windows\SysNative\tasks\{8A2A25A0-5226-4422-9915-B7556B7EABFD};fs
 C:\Windows\SysNative\tasks\{D41CBA3A-66F3-4A33-AA80-D0DD81A560CA};fs 
 C:\Windows\SysNative\tasks\{FCD8829B-DD4C-4C34-A800-D7802777874A};fs

  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites
hendrikd Bijdrager

hendrikd

Geplaatst:
  • Auteur
Geplaatst:

Zoek.exe v5.0.0.0 Updated 31-January-2014

Tool run by Hendrik on vr 31/01/2014 at 21:16:35,08.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Hendrik\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-01-31-125429.log 437 bytes

C:\zoek-results2014-01-31-160759.log 36742 bytes

==== Deleting Files \ Folders ======================

C:\Windows\SysNative\tasks\{4185EE75-E4C7-4233-AA57-E7EDB97F5860} deleted

C:\Windows\SysNative\tasks\{4F496252-F4C9-4106-A959-64146F53F52B} deleted

C:\Windows\SysNative\tasks\{57B76FA6-9C99-4DFE-B312-821621DE86D7} deleted

C:\Windows\SysNative\tasks\{8A2A25A0-5226-4422-9915-B7556B7EABFD} deleted

C:\Windows\SysNative\tasks\{D41CBA3A-66F3-4A33-AA80-D0DD81A560CA} deleted

C:\Windows\SysNative\tasks\{FCD8829B-DD4C-4C34-A800-D7802777874A} deleted

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== C:\zoek_backup content ======================

C:\zoek_backup (files=569 folders=105 39945221 bytes)

==== EOF on vr 31/01/2014 at 21:26:05,32 ======================

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download 52147fb3b2536-AdwCleaner_99_3_16x16x32.pngAdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik vervolgens op de knop Scan.
  • Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  • Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  • Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  • Plaats dit logbestand in het volgende bericht.

Link naar reactie
Delen op andere sites
hendrikd Bijdrager

hendrikd

Geplaatst:
  • Auteur
Geplaatst:

# AdwCleaner v3.018 - Report created 01/02/2014 at 10:08:47

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Hendrik - HENDRIK-LAPTOP

# Running from : C:\Users\Hendrik\Downloads\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKCU\Software\anchorfree

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\AppDataLow\Software\smartbar

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (nl)

[ File : C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\bhb1zl6r.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/u/0/?shva=1#inbox");

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1814 octets] - [01/02/2014 10:05:04]

AdwCleaner[s0].txt - [1589 octets] - [01/02/2014 10:08:47]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1649 octets] ##########

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.