Ga naar inhoud

malware pop ups en advertenties


 Delen

Aanbevolen berichten

Hey ik had hier een oud forum gelezen over pop ups , advertenties 

 

iK heb  RSIT 64 bit  eens effe laten runnen maar ik ken er niks van.

hiei onder log files 

 

Logfile of random's system information tool 1.10 (written by random/random)
Run by jan at 2016-08-15 13:27:44
Microsoft Windows 7 Ultimate  Service Pack 1
System drive C: has 108 GB (50%) free of 215 GB
Total RAM: 8172 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:27:49, on 15/08/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\jan\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\jan\AppData\Roaming\Dashlane\DashlanePlugin.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\jan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Dashlane BHO - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\jan\AppData\Roaming\Dashlane\ie\Dashlanei.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
O3 - Toolbar: Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\jan\AppData\Roaming\Dashlane\ie\KWIEBar.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [PlaysTV] "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [Dashlane] "C:\Users\jan\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: RUN.CMD (User 'Default user')
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgfwsa.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Plays.tv Update Service (PlaysService) - Plays.tv, LLC - C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung RAPID Mode Service (SamsungRapidSvc) - Unknown owner - C:\Windows\system32\RAPID\SamsungRapidSvc.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10757 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\Av\avgrsa.exe /boot
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AVG\Av\avgfwsa.exe"
"C:\Program Files (x86)\AVG\Av\avgidsagenta.exe"
taskeng.exe {376191A2-FA49-4360-8103-FADDA2B1B722}
"C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files (x86)\AVG\Av\avgwdsvca.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files (x86)\AVG\Av\avgnsa.exe"
"C:\Program Files (x86)\AVG\Av\avgemca.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe"
"C:\Users\jan\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
 /TRAYONLY
adb fork-server server
 /fmw.trayonly
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" 
system32\RAPID\SamsungRapidSvc.exe
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" 
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
"C:\Users\jan\AppData\Roaming\Dashlane\DashlanePlugin.exe " ws
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
"C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
ctfmon.exe
taskeng.exe {5D4B1B5F-1792-4AC0-9749-781F1C0CEEC6}
"C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe" /AUTOHIDE
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\jan\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=52.0.2743.116 --handshake-handle=0xb0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="8096.0.2059343082\2138767524" --mojo-application-channel-token=DAF043A8A443BCB7A05F7BBD2F35495B --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,*PreconnectMore<PreconnectMore,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableMediaRouter/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/Unused_2/OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/Default/PreconnectMore/Default/*QUIC/EnabledTimeLossDetectionJuly/ReportCertificateErrors/ShowAndPossiblySend/ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SchedulerExpensiveTaskBlocking/Enabled/SyncHttpContentCompression/Enabled/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_53/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UMA_CheckStates/Checks/ --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,12,13,27,55 --gpu-vendor-id=0x1002 --gpu-device-id=0x6819 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=16.300.2311.0 --gpu-driver-date=7-18-2016 --mojo-platform-channel-handle=1124 --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\AVG\Av\avgcsrva.exe /pipeName=44800c66-0200-0000-b08d-832c12216a78 /binaryPath="C:\Program Files (x86)\AVG\Av\\" /logPath=C:\Windows\system32\config\systemprofile\AppData\Local\Avg\log\av16 /logCfgPath=C:\ProgramData\Avg\log\av16
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,*PreconnectMore<PreconnectMore,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/Default/*PreconnectMore/Default/*QUIC/EnabledTimeLossDetectionJuly/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*SchedulerExpensiveTaskBlocking/Enabled/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_53/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UMA_CheckStates/Checks/ --primordial-pipe-token=0E06F2EA1F65E0AAB174ADC2AFE3091D --lang=nl --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=B2C1DE83B8920E59FE7466B38C6E33D6 --mojo-application-channel-token=BD44D380CF3A5FE4FDCEB2F091B0DB68 --channel="8096.70.1897657704\1987064165" --mojo-platform-channel-handle=4664 /prefetch:1
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,*PreconnectMore<PreconnectMore,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Aggressive/*AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Unused_2/OutOfProcessPac/Default/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*PasswordSmartBubble/Default/*PreconnectMore/Default/*QUIC/EnabledTimeLossDetectionJuly/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*SchedulerExpensiveTaskBlocking/Enabled/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_53/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UMA_CheckStates/Checks/ --primordial-pipe-token=4AD2BBBB23E680F37D99BAD21A8331A6 --lang=nl --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=7D89FC8782147C7CC3892F6316258364 --mojo-application-channel-token=BFC081F9DF3F67E498EB1C08F3F247F2 --channel="8096.76.1713807772\281269362" --mojo-platform-channel-handle=7980 /prefetch:1

"C:\Users\jan\Documents\Downloads\RSITx64.exe" 

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 

=========Mozilla firefox=========

ProfilePath - C:\Users\jan\AppData\Roaming\Mozilla\Firefox\Profiles\amripyqj.default

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "https://mysearch.avg.com/?cid={95234D42-D2AC-4B68-960E-5FA7DE2347FA}&mid=76c8efc176bc47d2b056bd2b2bda38ab-12f5cb7cc6ff5fac9715cf12ca91a111083fdcaf&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0615pii&pr=fr&d=2015-11-21 10:10:26&v=4.2.0.886&pid=wtu&sg=&sap=hp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.77.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.77.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Nero.com/KM]
"Description"=
"Path"=C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
belgiumeid@eid.belgium.be

C:\Users\jan\AppData\Roaming\Mozilla\Firefox\Profiles\amripyqj.default\extensions\
{6d0f26ba-45b8-4871-9c07-43ab341d5b73}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25 2111616]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}]
Dashlane BHO - C:\Users\jan\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-07-18 958848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-11 462400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25 1637504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-11 173120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{6c97a91e-4524-4019-86af-2aa2d567bf5c}
{669695BC-A811-4A9D-8CDF-BA8C795F261C} - Dashlane Toolbar - C:\Users\jan\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-07-18 136064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCN"=C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [2016-07-18 6626696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-09-26 6482200]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
"Spybot-S&D Cleaning"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [2016-03-21 5915776]
"Dashlane"=C:\Users\jan\AppData\Roaming\Dashlane\Dashlane.exe [2016-07-18 228224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUi]
C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [2016-07-20 186640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
C:\Program Files (x86)\AVG\Av\avuirunnerx.exe [2016-07-28 32528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Genius]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaysTV]
C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [2016-08-09 71440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [2016-08-02 58640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-01-23 7510232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SamsungRapidApp]
C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [2014-09-16 281776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-12-17 50385536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-20 595480]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"=C:\Program Files (x86)\AVG\Av\avuirunnerx.exe [2016-07-28 32528]
"AvgUi"=C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [2016-07-20 186640]
"Raptr"=C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [2016-08-02 58640]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2016-06-02 318128]
"PlaysTV"=C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [2016-08-09 71440]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=0
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoResolveSearch"=1
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.x264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.MLCY"=mlc.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-08-15 13:06:55 ----D---- C:\rsit
2016-08-15 13:06:55 ----D---- C:\Program Files\trend micro
2016-08-14 13:32:57 ----D---- C:\Users\jan\AppData\Roaming\ProductData
2016-08-14 13:32:00 ----D---- C:\ProgramData\BDLogging
2016-08-14 13:32:00 ----A---- C:\Windows\system32\drivers\trufos.sys
2016-08-14 13:27:49 ----D---- C:\Users\jan\AppData\Roaming\Dashlane
2016-08-14 13:27:49 ----D---- C:\Program Files (x86)\Dashlane
2016-08-14 13:20:57 ----D---- C:\Users\jan\AppData\Roaming\IObit
2016-08-14 13:20:53 ----D---- C:\ProgramData\ProductData
2016-08-14 13:20:49 ----D---- C:\Program Files (x86)\IObit
2016-08-14 13:20:35 ----D---- C:\ProgramData\IObit
2016-08-14 13:20:35 ----D---- C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-08-14 11:45:31 ----D---- C:\Program Files\Common Files\AV
2016-08-14 11:44:33 ----A---- C:\Windows\system32\sdnclean64.exe
2016-08-10 18:03:06 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-08-10 18:03:06 ----A---- C:\Windows\system32\schannel.dll
2016-08-10 18:03:06 ----A---- C:\Windows\system32\lsasrv.dll
2016-08-10 18:03:06 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-08-10 18:03:05 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\wdigest.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\TSpkg.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\sspisrv.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\sspicli.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\secur32.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\rpcrt4.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\rpchttp.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\ncrypt.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\msv1_0.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\msobjs.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\msaudite.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\lsass.exe
2016-08-10 18:03:05 ----A---- C:\Windows\system32\kerberos.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-08-10 18:03:05 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-08-10 18:03:05 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-08-10 18:03:05 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-08-10 18:03:05 ----A---- C:\Windows\system32\cryptbase.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\credssp.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\certcli.dll
2016-08-10 18:03:05 ----A---- C:\Windows\system32\auditpol.exe
2016-08-10 18:03:05 ----A---- C:\Windows\system32\adtschema.dll
2016-08-10 18:03:03 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-08-10 18:03:03 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-08-10 18:03:03 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-08-10 18:03:03 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-08-10 18:03:03 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-08-10 18:03:03 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-08-10 18:03:03 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-08-10 18:03:03 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-08-10 18:03:03 ----A---- C:\Windows\system32\inseng.dll
2016-08-10 18:03:03 ----A---- C:\Windows\system32\iernonce.dll
2016-08-10 18:03:03 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-08-10 18:03:03 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-08-10 18:03:03 ----A---- C:\Windows\system32\ie4uinit.exe
2016-08-10 18:03:02 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-08-10 18:03:02 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-08-10 18:03:02 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-08-10 18:03:02 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-08-10 18:03:02 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-08-10 18:03:02 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-08-10 18:03:02 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-08-10 18:03:02 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 18:03:01 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-08-10 18:03:01 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-08-10 18:03:01 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-08-10 18:03:01 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-08-10 18:03:01 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-08-10 18:03:01 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-08-10 18:03:01 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-08-10 18:03:01 ----A---- C:\Windows\system32\urlmon.dll
2016-08-10 18:03:01 ----A---- C:\Windows\system32\occache.dll
2016-08-10 18:03:01 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 18:03:01 ----A---- C:\Windows\system32\msfeeds.dll
2016-08-10 18:03:01 ----A---- C:\Windows\system32\iesetup.dll
2016-08-10 18:03:01 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 18:03:01 ----A---- C:\Windows\system32\iedkcs32.dll
2016-08-10 18:03:01 ----A---- C:\Windows\system32\dxtrans.dll
2016-08-10 18:03:00 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-08-10 18:03:00 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-08-10 18:03:00 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-08-10 18:03:00 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-08-10 18:03:00 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-08-10 18:03:00 ----A---- C:\Windows\system32\vbscript.dll
2016-08-10 18:03:00 ----A---- C:\Windows\system32\iertutil.dll
2016-08-10 18:03:00 ----A---- C:\Windows\system32\ieapfltr.dll
2016-08-10 18:02:59 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-08-10 18:02:59 ----A---- C:\Windows\system32\mshtmled.dll
2016-08-10 18:02:59 ----A---- C:\Windows\system32\jsproxy.dll
2016-08-10 18:02:59 ----A---- C:\Windows\system32\ieui.dll
2016-08-10 18:02:59 ----A---- C:\Windows\system32\ieframe.dll
2016-08-10 18:02:59 ----A---- C:\Windows\system32\dxtmsft.dll
2016-08-10 18:02:58 ----A---- C:\Windows\system32\wininet.dll
2016-08-10 18:02:58 ----A---- C:\Windows\system32\webcheck.dll
2016-08-10 18:02:58 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-08-10 18:02:58 ----A---- C:\Windows\system32\jscript9diag.dll
2016-08-10 18:02:58 ----A---- C:\Windows\system32\jscript9.dll
2016-08-10 18:02:58 ----A---- C:\Windows\system32\jscript.dll
2016-08-10 18:02:58 ----A---- C:\Windows\system32\ieUnatt.exe
2016-08-10 18:02:57 ----A---- C:\Windows\system32\msrating.dll
2016-08-10 18:02:57 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-08-10 18:02:57 ----A---- C:\Windows\system32\mshtml.dll
2016-08-10 18:02:48 ----A---- C:\Windows\system32\win32k.sys
2016-08-08 17:50:46 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-08-08 17:50:36 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-08 17:50:36 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-08-08 17:50:36 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-08-08 17:50:36 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-07-19 12:27:12 ----A---- C:\Windows\system32\drivers\avgmfx64.sys
2016-07-18 23:22:10 ----A---- C:\Windows\SYSWOW64\amdave32.dll
2016-07-18 23:22:10 ----A---- C:\Windows\system32\amdave64.dll
2016-07-18 23:22:04 ----A---- C:\Windows\system32\amdhcp64.dll
2016-07-18 23:22:02 ----A---- C:\Windows\SYSWOW64\amdhcp32.dll
2016-07-18 23:21:58 ----A---- C:\Windows\system32\atimpc64.dll
2016-07-18 23:21:58 ----A---- C:\Windows\system32\amdpcom64.dll
2016-07-18 23:21:56 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2016-07-18 23:21:56 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2016-07-18 23:21:42 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2016-07-18 23:21:40 ----A---- C:\Windows\system32\atiu9p64.dll
2016-07-18 23:21:38 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2016-07-18 23:21:30 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2016-07-18 23:21:20 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2016-07-18 23:21:12 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2016-07-18 23:21:04 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2016-07-18 23:20:54 ----A---- C:\Windows\system32\atiumd6a.dll
2016-07-18 23:20:50 ----A---- C:\Windows\system32\atiumd64.dll
2016-07-18 23:20:14 ----A---- C:\Windows\system32\drivers\amdacpksd.sys
2016-07-18 23:07:28 ----A---- C:\Windows\system32\amfrt64.dll
2016-07-18 23:06:02 ----A---- C:\Windows\SYSWOW64\amfrt32.dll
2016-07-18 23:04:46 ----A---- C:\Windows\system32\amdvlk64.dll
2016-07-18 22:54:52 ----A---- C:\Windows\SYSWOW64\amdvlk32.dll
2016-07-18 22:42:24 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2016-07-18 22:37:38 ----A---- C:\Windows\system32\atio6axx.dll
2016-07-18 22:31:54 ----A---- C:\Windows\system32\coinst_16.30.dll
2016-07-18 22:28:24 ----A---- C:\Windows\system32\clinfo.exe
2016-07-18 22:28:12 ----A---- C:\Windows\system32\amdocl64.dll
2016-07-18 22:27:00 ----A---- C:\Windows\SYSWOW64\amdocl.dll
2016-07-18 22:25:52 ----A---- C:\Windows\system32\OpenCL.dll
2016-07-18 22:25:48 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2016-07-18 22:22:58 ----A---- C:\Windows\system32\amdlvr64.dll
2016-07-18 22:22:16 ----A---- C:\Windows\SYSWOW64\amdlvr32.dll
2016-07-18 22:21:48 ----A---- C:\Windows\system32\amdocl12cl64.dll
2016-07-18 22:21:38 ----A---- C:\Windows\SYSWOW64\amdocl12cl.dll
2016-07-18 22:21:38 ----A---- C:\Windows\system32\mantle64.dll
2016-07-18 22:21:26 ----A---- C:\Windows\SYSWOW64\mantle32.dll
2016-07-18 22:21:10 ----A---- C:\Windows\system32\amdmantle64.dll
2016-07-18 22:11:18 ----A---- C:\Windows\SYSWOW64\amdmantle32.dll
2016-07-18 22:06:24 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2016-07-18 22:04:42 ----A---- C:\Windows\system32\amdmmcl6.dll
2016-07-18 22:04:38 ----A---- C:\Windows\SYSWOW64\amdmmcl.dll
2016-07-18 22:03:22 ----A---- C:\Windows\system32\mantleaxl64.dll
2016-07-18 22:03:14 ----A---- C:\Windows\SYSWOW64\mantleaxl32.dll
2016-07-18 21:46:50 ----A---- C:\Windows\system32\atiapfxx.exe
2016-07-18 21:46:44 ----A---- C:\Windows\system32\aticalrt64.dll
2016-07-18 21:46:40 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2016-07-18 21:46:32 ----A---- C:\Windows\system32\aticalcl64.dll
2016-07-18 21:46:30 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2016-07-18 21:46:18 ----A---- C:\Windows\system32\aticaldd64.dll
2016-07-18 21:45:20 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2016-07-18 21:39:22 ----A---- C:\Windows\system32\atisamu64.dll
2016-07-18 21:39:18 ----A---- C:\Windows\SYSWOW64\atisamu32.dll
2016-07-18 21:39:18 ----A---- C:\Windows\system32\atidemgy.dll
2016-07-18 21:39:14 ----A---- C:\Windows\system32\dgtrayicon.exe
2016-07-18 21:39:08 ----A---- C:\Windows\system32\GameManager64.dll
2016-07-18 21:39:04 ----A---- C:\Windows\SYSWOW64\GameManager32.dll
2016-07-18 21:39:00 ----A---- C:\Windows\system32\atieah64.exe
2016-07-18 21:38:58 ----A---- C:\Windows\SYSWOW64\atieah32.exe
2016-07-18 21:38:52 ----A---- C:\Windows\system32\amdgfxinfo64.dll
2016-07-18 21:38:50 ----A---- C:\Windows\SYSWOW64\amdgfxinfo32.dll
2016-07-18 21:38:50 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2016-07-18 21:38:48 ----A---- C:\Windows\system32\atimuixx.dll
2016-07-18 21:38:42 ----A---- C:\Windows\system32\atieclxx.exe
2016-07-18 21:38:24 ----A---- C:\Windows\system32\atiesrxx.exe
2016-07-18 21:37:38 ----A---- C:\Windows\system32\atitmm64.dll
2016-07-18 21:33:38 ----A---- C:\Windows\system32\atiadlxx.dll
2016-07-18 21:33:30 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2016-07-18 21:33:30 ----A---- C:\Windows\SYSWOW64\atiadlxx.dll
2016-07-18 21:33:22 ----A---- C:\Windows\system32\atig6pxx.dll
2016-07-18 21:33:18 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2016-07-18 21:33:18 ----A---- C:\Windows\system32\atiglpxx.dll
2016-07-18 21:33:14 ----A---- C:\Windows\system32\atig6txx.dll
2016-07-18 21:33:04 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2016-07-18 21:32:52 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2016-07-18 21:29:22 ----A---- C:\Windows\system32\hsa-thunk64.dll
2016-07-18 21:29:16 ----A---- C:\Windows\SYSWOW64\hsa-thunk.dll
2016-07-17 18:30:24 ----D---- C:\Windows\EOONotify

======List of files/folders modified in the last 1 month======

2016-08-15 13:24:11 ----D---- C:\Windows\Temp
2016-08-15 13:10:54 ----D---- C:\Windows\system32\config
2016-08-15 13:06:55 ----D---- C:\Program Files
2016-08-15 12:55:36 ----D---- C:\ProgramData\MFAData
2016-08-15 12:55:17 ----SHD---- C:\Windows\Installer
2016-08-15 12:55:17 ----SHD---- C:\Config.Msi
2016-08-15 08:30:15 ----D---- C:\Windows\System32
2016-08-15 08:30:15 ----D---- C:\Windows\inf
2016-08-15 08:30:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-08-15 08:24:03 ----D---- C:\Users\jan\AppData\Roaming\PlaysTV
2016-08-14 17:23:37 ----D---- C:\Users\jan\AppData\Roaming\vlc
2016-08-14 17:22:34 ----D---- C:\Users\jan\AppData\Roaming\FileZilla
2016-08-14 17:09:53 ----D---- C:\Users\jan\AppData\Roaming\Vso
2016-08-14 13:57:42 ----D---- C:\Windows\Tasks
2016-08-14 13:57:42 ----D---- C:\Windows\SysWOW64
2016-08-14 13:57:42 ----D---- C:\Windows\system32\Tasks
2016-08-14 13:54:24 ----SHD---- C:\System Volume Information
2016-08-14 13:32:00 ----HD---- C:\ProgramData
2016-08-14 13:32:00 ----D---- C:\Windows\system32\drivers
2016-08-14 13:27:49 ----RD---- C:\Program Files (x86)
2016-08-14 13:20:52 ----D---- C:\Program Files (x86)\Common Files
2016-08-14 12:11:50 ----D---- C:\Windows\system32\drivers\etc
2016-08-14 11:45:31 ----D---- C:\Program Files\Common Files
2016-08-14 11:45:30 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-08-14 11:44:36 ----SD---- C:\ProgramData\Microsoft
2016-08-14 11:44:32 ----D---- C:\ProgramData\Spybot - Search & Destroy
2016-08-12 17:15:19 ----D---- C:\Windows\rescache
2016-08-11 09:15:14 ----D---- C:\Windows\winsxs
2016-08-11 09:15:07 ----D---- C:\Windows
2016-08-11 09:14:04 ----D---- C:\Windows\SYSWOW64\nl-NL
2016-08-11 09:14:04 ----D---- C:\Windows\SYSWOW64\en-US
2016-08-11 09:14:04 ----D---- C:\Windows\system32\nl-NL
2016-08-11 09:14:04 ----D---- C:\Program Files\Internet Explorer
2016-08-11 09:14:03 ----D---- C:\Windows\system32\en-US
2016-08-11 09:14:03 ----D---- C:\Program Files (x86)\Internet Explorer
2016-08-10 19:06:28 ----D---- C:\ProgramData\Microsoft Help
2016-08-10 19:05:42 ----D---- C:\Windows\system32\MRT
2016-08-10 19:02:30 ----D---- C:\Windows\debug
2016-08-10 19:02:26 ----AC---- C:\Windows\system32\MRT.exe
2016-08-10 18:02:16 ----D---- C:\Windows\system32\catroot2
2016-08-10 16:01:09 ----D---- C:\Windows\PLA
2016-08-07 09:44:56 ----D---- C:\Program Files\CPUID
2016-08-07 09:44:37 ----D---- C:\Program Files (x86)\Adobe
2016-08-05 14:16:39 ----D---- C:\Windows\system32\catroot
2016-08-05 14:16:24 ----D---- C:\Users\jan\AppData\Roaming\Raptr
2016-08-05 14:14:52 ----D---- C:\Windows\system32\DriverStore
2016-08-05 14:14:34 ----D---- C:\Program Files\AMD
2016-07-25 15:56:26 ----D---- C:\Windows\Microsoft.NET
2016-07-25 12:16:28 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2016-07-20 08:29:48 ----SD---- C:\Windows\SYSWOW64\GWX
2016-07-20 08:29:48 ----SD---- C:\Windows\system32\GWX
2016-07-19 09:12:50 ----D---- C:\Program Files (x86)\VulkanRT
2016-07-19 09:11:00 ----D---- C:\AMD
2016-07-18 23:21:44 ----A---- C:\Windows\system32\atiuxp64.dll
2016-07-18 23:21:34 ----A---- C:\Windows\system32\aticfx64.dll
2016-07-18 23:21:24 ----A---- C:\Windows\system32\atidxx64.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2016-06-01 261376]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2016-02-16 360736]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2016-07-19 261888]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2016-06-01 52992]
R0 avguniva;AVG Universal Driver; C:\Windows\system32\DRIVERS\avguniva.sys [2016-06-20 77056]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-11-16 632168]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-11-16 28008]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2012-09-17 123704]
R0 mv91cons;Marvell 91xx Config Device Driver; C:\Windows\system32\DRIVERS\mv91cons.sys [2013-04-01 27944]
R0 mvs91xx;mvs91xx; C:\Windows\system32\DRIVERS\mvs91xx.sys [2013-01-24 324392]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SamsungRapidDiskFltr;SAMSUNG RAPID Mode Disk Filter Driver; C:\Windows\system32\DRIVERS\SamsungRapidDiskFltr.sys [2014-09-16 268976]
R0 SamsungRapidFSFltr;SamsungRapidFSFltr; C:\Windows\system32\DRIVERS\SamsungRapidFSFltr.sys [2014-09-16 111280]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2016-05-13 163072]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2016-06-06 73480]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2016-06-30 314112]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2016-06-01 260352]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2016-07-12 298752]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-07-18 26708992]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-07-18 500736]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-03-30 96256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-01-23 3849304]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [2013-05-30 64280]
R3 lvpopf64;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-08-15 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 64896]
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2014-01-23 32344]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-01-23 64624]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2012-08-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2012-08-27 226696]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-12-18 888536]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-08-14 34544]
R4 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys []
S3 ALSysIO;ALSysIO; \??\C:\Users\jan\AppData\Local\Temp\ALSysIO64.sys []
S3 b06diag;Broadcom NetXtreme II Diag Driver; C:\Windows\system32\drivers\bxdiaga.sys [2012-03-08 88104]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service; C:\Windows\system32\drivers\Xeno7x64.sys [2012-02-22 157288]
S3 BFNVis64;Bigfoot Networks Killer Gaming Service; C:\Windows\system32\drivers\XenoVa64.sys [2012-02-22 157288]
S3 bxfcoe;bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [2012-02-22 178216]
S3 bxois;bxois; C:\Windows\system32\drivers\bxois.sys [2012-02-22 539176]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2016-01-08 120416]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2016-07-02 22200]
S3 E1G60;Stuurprogramma voor Intel(R) PRO/1000 NDIS 6-adapter; C:\Windows\system32\DRIVERS\E1G6032E.sys [2009-06-10 145792]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 GPU-Z;GPU-Z; \??\C:\Users\jan\AppData\Local\Temp\GPU-Z.sys []
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2013-10-17 36928]
S3 HtcVCom32;HTC Diagnostic Port; C:\Windows\system32\DRIVERS\HtcVComV64.sys [2010-03-08 121800]
S3 IAMTVE;Stuurprogramma voor Intel(R) Active Management Technology - KCS; C:\Windows\system32\drivers\IAMTVE.sys [2007-04-11 43416]
S3 IAMTXPE;Stuurprogramma voor Intel(R) Active Management Technology - KCS; C:\Windows\system32\drivers\IAMTXPE.sys [2007-04-11 51096]
S3 IFCoEMP;IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [2011-11-30 388368]
S3 IFCoEVB;IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [2011-11-30 78096]
S3 ioatdma1;ioatdma1; C:\Windows\System32\Drivers\qd162x64.sys [2009-11-16 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2; C:\Windows\System32\Drivers\qd262x64.sys [2009-11-16 42192]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2016-01-08 213088]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver; C:\Windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;Remote Deskotop USB Hub; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-07-18 269824]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [2016-07-28 2049016]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [2016-07-28 5267456]
R2 avgsvc;AVG Service; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-07-20 1097488]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2016-07-28 760024]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-05-25 1364096]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-05-25 1687680]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 HTCMonitorService;HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2014-06-27 87368]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-07-18 762192]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 PlaysService;Plays.tv Update Service; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [2016-08-09 32528]
R2 SamsungRapidSvc;Samsung RAPID Mode Service; C:\Windows\system32\RAPID\SamsungRapidSvc.exe [2014-09-16 28848]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-01-08 754784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2016-06-14 2960672]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 AvgAMPS;AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [2016-07-28 674552]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-08-02 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-11 114288]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------

 

Hopelijk kan iemand me helpen !

 

 

 

Link naar reactie
Delen op andere sites


Hallo,

 

Heb je last van popups enz dan en in welke browser.

 

Download de 51a5c8edc4692-icon1337952077.pngFarbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links


Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

Farbar Recovery Scan Tool uitvoeren

  • Klik met de rechtermuisknop op FRST.exe en kies voor de optie "Als administrator uitvoeren".
  • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
  • Druk vervolgens op de Scan knop, er zal nu eerst een back-up van het register worden gemaakt.
  • Wanneer de scan gereed is worden er twee logbestanden aangemaakt met de naam (FRST.txt) & (Addition.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
  • Voeg beide logbestanden als bijlage toe aan het volgende bericht.

Link naar reactie
Delen op andere sites


Hallo,

 

 

1. Ga naar Start > Configuratiescherm > (Programma's en Onderdelen) en verwijder daar het onderstaande indien aanwezig.

  • Spybot - Search & Destroy 2


2. Schakel uw antivirussoftware tijdelijk uit en download 51a612a8b27e2-Zoek.pngZoek.exe naar het bureaublad.

Wanneer Internet Explorer of een andere browser of virusscanner  melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.


Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

  • Sluit eerst alle openstaande programma's en browsers.
  • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
  • Windows Vista, 7, 8 en 10 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
    firefoxlook;
    torpigcheck;
    emptyfolderscheck;delete
    chromelook;
    standardsearch;
    resethosts;
    iedefaults;http://www.google.nl/
    {6c97a91e-4524-4019-86af-2aa2d567bf5c};c
    ALSysIO;s
    esgiguard;s
    C:\Program Files\Enigma Software Group;fs
    C:\Program Files\Alwil Software;fs
    C:\Users\jan\AppData\Roaming\IObit;fs
    C:\Program Files (x86)\IObit;fs
    C:\ProgramData\IObit;fs
    C:\Users\jan\AppData\LocalLow\IObit;fs
    C:\ProgramData\ProductData;fs
    C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705};fs
    GPU-Z;s
    VGPU;s
    vmci;s
    VMnetAdapter;s
    filesrcm;
    services-list;
    autoclean;
    startupall;
    
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Voeg nu het geopende logbestand in het volgende bericht als bijlage. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)

 

Link naar reactie
Delen op andere sites


Hier het logje !

 


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by jan on ma 15/08/2016 at 18:56:45,95.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jan\Documents\Downloads\zoek.exe    [Scan all users] [Script inserted] 

==== System Restore Info ======================

15/08/2016 18:57:43 Zoek.exe System Restore Point Created Successfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll 


==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 

# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 

# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 

# For example: 

#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handled within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== Empty Folders Check ======================

C:\PROGRA~2\Adobe deleted successfully
C:\PROGRA~2\Anvisoft deleted successfully
C:\PROGRA~2\Lavasoft deleted successfully
C:\PROGRA~2\predm deleted successfully
C:\PROGRA~2\SiteLookup deleted successfully
C:\Program Files\CPUID deleted successfully
C:\Program Files\log deleted successfully
C:\PROGRA~3\DriverGenius deleted successfully
C:\PROGRA~3\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} deleted successfully
C:\Users\jan\AppData\Roaming\Philips deleted successfully
C:\Users\jan\AppData\Roaming\VMware deleted successfully
C:\Users\jan\AppData\Local\eSupport.com deleted successfully
C:\Users\jan\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully
HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully
HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43AC20F6-AA2E-4F0E-B718-ACF54927284} deleted successfully
HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C0817FD-71C0-4623-BDA4-9AA7F1D8CED0} deleted successfully
HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D5084BE-DCA9-468B-9EB5-27C15563E033} deleted successfully
HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C7B9BFF-155E-4526-B543-A4E05FF2224} deleted successfully
HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D08E29E-F673-47C6-9EA0-93425744E7E0} deleted successfully
HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1879DCE-4F58-436C-AA45-7090B51069B4} deleted successfully
HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0B342D2-7FD3-4DE2-9DDC-C538497B42C2} deleted successfully
HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE20E559-E355-4660-9997-683A7F8BC72} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
C:\Users\jan\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Users\jan\AppData\Roaming\Dashlane\DashlanePlugin.exe
C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Users\jan\Documents\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [avgfws] - AVG Firewall - c:\program files (x86)\avg\av\avgfwsa.exe
R2 - [avgsvc] - AVG Service - c:\program files (x86)\avg\framework\common\avgsvca.exe
R2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\av\avgwdsvca.exe
R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files (x86)\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe
R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files (x86)\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe
R2 - [HTCMonitorService] - HTCMonitorService - c:\program files (x86)\htc\htc sync manager\hsmserviceentry.exe
R2 - [NAUpdate] - Nero Update - c:\program files (x86)\nero\update\nasvc.exe
R2 - [PassThru Service] - Internet Pass-Through Service - c:\program files (x86)\htc\internet pass-through\passthrusvr.exe
R2 - [PlaysService] - Plays.tv Update Service - c:\program files (x86)\raptr inc\playstv\plays_service.exe
R2 - [SamsungRapidSvc] - Samsung RAPID Mode Service - system32\rapid\samsungrapidsvc.exe [x]
R2 - [ss_conn_service] - SAMSUNG Mobile Connectivity Service - c:\program files (x86)\samsung\usb drivers\27_ssconn\conn\ss_conn_service.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
S2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\av\avgidsagenta.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [LiveUpdateSvc] - LiveUpdate - c:\program files (x86)\iobit\liveupdate\liveupdate.exe
S2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [AvgAMPS] - AvgAMPS - c:\program files (x86)\avg\av\avgamps.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files (x86)\microsoft office\office12\grooveauditservice.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe
S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [rpcapd] - Remote Packet Capture Protocol v.0 (experimental) - c:\program files (x86)\winpcap\rpcapd.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET-statusservice - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALSysIO deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ALSysIO deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\esgiguard deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\esgiguard deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GPU-Z deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GPU-Z deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VGPU deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VGPU deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vmci deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmci deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\vmci deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vmci deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VMnetAdapter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VMnetAdapter deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\jan\AppData\Roaming\Mozilla\Firefox\Profiles\amripyqj.default

user.js not found
---- Lines {6d0f26ba-45b8-4871-9c07-43ab341d5b73} removed from prefs.js ----
user_pref("{6d0f26ba-45b8-4871-9c07-43ab341d5b73}.config_sm", "1431163778397");
user_pref("{6d0f26ba-45b8-4871-9c07-43ab341d5b73}.daysPassed", "{\"t2d\":true,\"t10d\":true,\"t7d\":true}");
user_pref("{6d0f26ba-45b8-4871-9c07-43ab341d5b73}.installtime", "1409085810.246");
user_pref("{6d0f26ba-45b8-4871-9c07-43ab341d5b73}.isFirstRun", "false");
user_pref("{6d0f26ba-45b8-4871-9c07-43ab341d5b73}.is_bundle", "true");
user_pref("{6d0f26ba-45b8-4871-9c07-43ab341d5b73}.lastC", "{\"li\":406696,\"sm\":406696,\"mo\":406696}");
user_pref("{6d0f26ba-45b8-4871-9c07-43ab341d5b73}.last_version", "");
user_pref("{6d0f26ba-45b8-4871-9c07-43ab341d5b73}.moEnabled", true);
user_pref("{6d0f26ba-45b8-4871-9c07-43ab341d5b73}.server", "https://s7921.webovernet.com");
user_pref("{6d0f26ba-45b8-4871-9c07-43ab341d5b73}.src", "7921");
user_pref("{6d0f26ba-45b8-4871-9c07-43ab341d5b73}.toolbarButtonInstalled", true);
user_pref("{6d0f26ba-45b8-4871-9c07-43ab341d5b73}.user_id", "A2E072B7-8512-43D4-94EB-45954C795013");
---- Lines {6d0f26ba-45b8-4871-9c07-43ab341d5b73} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"C:\\\\Program
---- FireFox user.js and prefs.js backups ---- 

prefs_20161508_1906_.backup

ProfilePath: C:\Users\jan\AppData\Roaming\Songbird2\Profiles\dvw2rxfl.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_20161508_1906_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Adobe not found
C:\PROGRA~2\Anvisoft not found
C:\PROGRA~2\Lavasoft not found
C:\PROGRA~2\predm not found
C:\PROGRA~2\SiteLookup not found
C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} not found
C:\PROGRA~3\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} not found
C:\Users\jan\AppData\Local\Adobe deleted
C:\Users\jan\AppData\Local\Anvisoft deleted
C:\Program Files\Enigma Software Group deleted
C:\Program Files\Alwil Software deleted
C:\Users\jan\AppData\Roaming\IObit deleted
C:\Program Files (x86)\IObit deleted
C:\ProgramData\IObit deleted
C:\Users\jan\AppData\LocalLow\IObit deleted
C:\ProgramData\ProductData deleted
C:\Users\jan\.android deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted
C:\PROGRA~2\Driver-Soft deleted
C:\PROGRA~2\globalUpdate deleted
C:\Users\jan\AppData\Roaming\pcouffin.log deleted
C:\Users\jan\AppData\Roaming\ProductData deleted
C:\PROGRA~3\Avg_Update_0215tb deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\jan\AppData\Local\globalUpdate deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip deleted
C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\SETA8A6.tmp deleted
C:\Windows\Syswow64\SETAC4F.tmp deleted
C:\Windows\Syswow64\SETACD4.tmp deleted
C:\Windows\Syswow64\SETB09D.tmp deleted
C:\Windows\Syswow64\SETB0D1.tmp deleted
C:\Windows\Syswow64\SETD520.tmp deleted
C:\Windows\Syswow64\SETD580.tmp deleted
C:\Windows\Syswow64\SETD72E.tmp deleted
C:\Windows\Syswow64\SETDAA6.tmp deleted
C:\Windows\Syswow64\SETDE17.tmp deleted
C:\Windows\Syswow64\SETDE67.tmp deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\jan\AppData\Roaming\Mozilla\Firefox\Profiles\amripyqj.default\extensions\{6d0f26ba-45b8-4871-9c07-43ab341d5b73} deleted
"C:\Users\jan\AppData\Roaming\Dashlane\Dashlane.exe" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\DashlanePlugin.exe" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.5.1.15044.dll" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.5.1.15044.dll" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.5.1.15044.dll" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.5.1.15044.dll" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.5.1.15044.dll" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.5.1.15044.dll" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.5.1.15044.dll" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.5.1.15044.dll" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.5.1.15044.dll" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.5.1.15044.dll" deleted
"C:\Users\jan\AppData\Roaming\Dashlane" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}" deleted
"C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components" deleted

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8173 MB
CPU Info: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
CPU Speed: 3469,3 MHz
Sound Card: Luidsprekers (Realtek High Defi | 
Realtek Digital Output(Optical) | 
Realtek Digital Output (Realtek | 
1 - E2250 (AMD High Definition  | 
Display Adapters: AMD Radeon HD 7800 Series | AMD Radeon HD 7800 Series | AMD Radeon HD 7800 Series | AMD Radeon HD 7800 Series | AMD Radeon HD 7800 Series | AMD Radeon HD 7800 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; LG E2250(HDMI) | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GH22NS40
Ports: COM1 LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  209,5GB | D:  100,0MB | F:  461,9GB | H:  298,0GB
Hard Disks - Free: C:  108,1GB | D:  65,6MB | F:  76,4GB | H:  48,1GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 03/02/11 | _ASUS_ - 1072009
Time Zone: West-Europa (standaardtijd)
Motherboard *: MSI P67A-GD65 (MS-7681)
Country: Belgi‰ 
Language: NLB 

==== System Specs (Software) ======================

AV: AVG Internet Security Business Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Internet Security Business Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security Business Edition *Enabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
Default Browser: Google Chrome    52.0.2743.116
Internet Explorer Version: 11.0.9600.18426 
Mozilla Firefox version: 33.0 (x86 nl)
Google Chrome version: 52.0.2743.116
Sun Java version: 1.8.0_77 (32-bit) 
Sun Java version: 1.8.0_77 (64-bit) 

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\jan\AppData\Local\Temp ====
2016-08-14 12:21:48    358D68AADE77E120C9C1ABC29B916F9E    513528    ----a-w-    C:\Users\jan\AppData\Local\Temp\Dashlane_Launcher_1437420342.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2016-08-10 17:03:06    8241C71BECB78FE347E26F1444FF0408    251392    ----a-w-    C:\Windows\SysWOW64\schannel.dll
2016-08-10 17:03:05    FF80DB2A3E58752C0D3DF84A8C122F92    22016    ----a-w-    C:\Windows\SysWOW64\secur32.dll
2016-08-10 17:03:05    F5C14A878BF2E5910E10659B17301A0A    141312    ----a-w-    C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 17:03:05    B0357E6AD7A705F10B975638F984D003    260608    ----a-w-    C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 17:03:05    A5E65D7561D393E8C8653E242AEA5CC2    65536    ----a-w-    C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 17:03:05    8371D7D799B02E9856F87C4A5836C4E7    60416    ----a-w-    C:\Windows\SysWOW64\msobjs.dll
2016-08-10 17:03:05    7B5FD967AE05EF838F478684281FC6C1    36352    ----a-w-    C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 17:03:05    6D6BDDB5C612877C7A2968F2811B738D    553472    ----a-w-    C:\Windows\SysWOW64\kerberos.dll
2016-08-10 17:03:05    61FA0F6C5D5AA1EF14B0A78DEDA31577    172032    ----a-w-    C:\Windows\SysWOW64\wdigest.dll
2016-08-10 17:03:05    5FF4AD435A1EFF524409B220ACCD78B4    146432    ----a-w-    C:\Windows\SysWOW64\msaudite.dll
2016-08-10 17:03:05    54111CE7EFC1EF72FAFB927C316FB2EE    690688    ----a-w-    C:\Windows\SysWOW64\adtschema.dll
2016-08-10 17:03:05    4CD27D535C6A15CCA00EDEBF8176C9E9    50176    ----a-w-    C:\Windows\SysWOW64\auditpol.exe
2016-08-10 17:03:05    41241C3AE0B3229362AB5DE477BD7BC8    223232    ----a-w-    C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 17:03:05    39AB21759ADB139F8E8F8206F051491D    96768    ----a-w-    C:\Windows\SysWOW64\sspicli.dll
2016-08-10 17:03:05    2CB48AD27A4A7CEB91874DB5FE313966    666112    ----a-w-    C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 17:03:05    1C77420F4551C8D71ECEA95E16117077    342528    ----a-w-    C:\Windows\SysWOW64\certcli.dll
2016-08-10 17:03:05    0F6EA0C965294B39E1B2029CF8FCEB28    17408    ----a-w-    C:\Windows\SysWOW64\credssp.dll
2016-08-10 17:03:03    F3EA89E72E6ADD295790092B57800DF8    91136    ----a-w-    C:\Windows\SysWOW64\inseng.dll
2016-08-10 17:03:03    CF8D63650B723AD146882DE7238A21A4    346312    ----a-w-    C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 17:03:03    CAAFB21C8A0F20E3C422E284B077B28B    47616    ----a-w-    C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 17:03:03    64CEAFB38C22478231B1DA2A0BC6CDF7    76288    ----a-w-    C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 17:03:03    586B9F1848F16DC8DD5E706ED1A3F27F    1316352    ----a-w-    C:\Windows\SysWOW64\urlmon.dll
2016-08-10 17:03:03    2E8B78648D278FCB07F5467F0431E3EF    30720    ----a-w-    C:\Windows\SysWOW64\iernonce.dll
2016-08-10 17:03:03    2B46512370A9EC8A8833C42998B4AC20    64000    ----a-w-    C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 17:03:03    227AABB662FFB3FA84D548CE0096D45E    130048    ----a-w-    C:\Windows\SysWOW64\occache.dll
2016-08-10 17:03:02    F549CF4F85F6744F9BD836EFD0F2BB02    279040    ----a-w-    C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 17:03:02    EB0157E1E081D4B24E39819054187803    2724864    ----a-w-    C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 17:03:02    B234B83E0EFCA74F50E9EB6F6F899928    20343808    ----a-w-    C:\Windows\SysWOW64\mshtml.dll
2016-08-10 17:03:02    917A2834DD5B0715967C2B570B0F6307    497664    ----a-w-    C:\Windows\SysWOW64\vbscript.dll
2016-08-10 17:03:02    8CD353AE6565B8BA274DF7637F05F99A    60416    ----a-w-    C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 17:03:02    8394C481B63B959C1650AE5F73FF8E39    62464    ----a-w-    C:\Windows\SysWOW64\iesetup.dll
2016-08-10 17:03:02    10D8F6B20CDC95F058446A0A6468BB34    710144    ----a-w-    C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 17:03:02    0EC9E3CA8AFD25FD2DF1C1051C07C754    692736    ----a-w-    C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 17:03:01    F8868261CE69123E9271AD9E12AB9693    476160    ----a-w-    C:\Windows\SysWOW64\ieui.dll
2016-08-10 17:03:01    F2905A16B566C8C7D32CF1F0BBEC3880    620032    ----a-w-    C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 17:03:01    C8DD4301F421E2B5633F86A94F7E2F56    13808128    ----a-w-    C:\Windows\SysWOW64\ieframe.dll
2016-08-10 17:03:01    BCF01E6EFF578F68407CC0B36C38EF17    416256    ----a-w-    C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 17:03:01    A63EB09E14B5502C489262D4DE9C1FF3    47104    ----a-w-    C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 17:03:01    8560664EC9AFDB4DB83F32A326509259    2055680    ----a-w-    C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 17:03:01    3398621BF58F9A352B01E56FB52C5EEE    2286592    ----a-w-    C:\Windows\SysWOW64\iertutil.dll
2016-08-10 17:03:01    29AA0A28C71C3DF34B651C43FCCACC6A    663552    ----a-w-    C:\Windows\SysWOW64\jscript.dll
2016-08-10 17:03:00    B269D6CE33447A716668291DBD9E5C22    1155072    ----a-w-    C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 17:03:00    74F975346D32CAB73552A9331CDA8C42    230400    ----a-w-    C:\Windows\SysWOW64\webcheck.dll
2016-08-10 17:03:00    64829F4ED34D8339EC39D32204718ADD    2393088    ----a-w-    C:\Windows\SysWOW64\wininet.dll
2016-08-10 17:03:00    616FE9AB9C7A398500CA7D0921F0FF85    4608000    ----a-w-    C:\Windows\SysWOW64\jscript9.dll
2016-08-10 17:03:00    2B9F2BBB8FE8A95A81D2388B60C3E042    115712    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 17:02:59    56610536AAA4C3D96FEAEF7595034007    168960    ----a-w-    C:\Windows\SysWOW64\msrating.dll
2016-08-10 17:02:59    56276DD3F64D583675B2F183B1BEFF03    341504    ----a-w-    C:\Windows\SysWOW64\html.iec
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2016-08-10 17:03:06    B6000CC0F681D94F2AFC15BE6193F241    343552    ----a-w-    C:\Windows\Sysnative\schannel.dll
2016-08-10 17:03:06    A648773888E64002EFBB7B5CE35DA7D7    1464320    ----a-w-    C:\Windows\Sysnative\lsasrv.dll
2016-08-10 17:03:05    F83C586FD2443B5138F74E10B9F46F95    312320    ----a-w-    C:\Windows\Sysnative\ncrypt.dll
2016-08-10 17:03:05    EEF212F3B6A6645D93CD0B2D424CF48A    135680    ----a-w-    C:\Windows\Sysnative\sspicli.dll
2016-08-10 17:03:05    D0CEF11E5B55B717AD6E8066CA9F2AC2    463872    ----a-w-    C:\Windows\Sysnative\certcli.dll
2016-08-10 17:03:05    BA3BF48B745D3D5C90B360477A39AD52    690688    ----a-w-    C:\Windows\Sysnative\adtschema.dll
2016-08-10 17:03:05    B287DB3318E465176A97953BD464C034    64000    ----a-w-    C:\Windows\Sysnative\auditpol.exe
2016-08-10 17:03:05    A05D21704365D26EB2ED4F45A354CD50    22016    ----a-w-    C:\Windows\Sysnative\credssp.dll
2016-08-10 17:03:05    9B09C31B1F32D0D408E531135C4915F8    28672    ----a-w-    C:\Windows\Sysnative\sspisrv.dll
2016-08-10 17:03:05    93ABBD493174AE383BA5234826CFB51E    146432    ----a-w-    C:\Windows\Sysnative\msaudite.dll
2016-08-10 17:03:05    85AE555C473DA14AF08A0515BA8E2D27    190464    ----a-w-    C:\Windows\Sysnative\rpchttp.dll
2016-08-10 17:03:05    816606DFF52714CB2F80EB11388C720A    730624    ----a-w-    C:\Windows\Sysnative\kerberos.dll
2016-08-10 17:03:05    814D408924CF9B4109216BBC458517A9    43520    ----a-w-    C:\Windows\Sysnative\cryptbase.dll
2016-08-10 17:03:05    7770EE0B98AEC80A737652DC557C7F7E    86528    ----a-w-    C:\Windows\Sysnative\TSpkg.dll
2016-08-10 17:03:05    47819B3FCC240EA34A696E5AC57DA4E8    316416    ----a-w-    C:\Windows\Sysnative\msv1_0.dll
2016-08-10 17:03:05    246A1663CA201B55796E9DDC027EB8ED    28160    ----a-w-    C:\Windows\Sysnative\secur32.dll
2016-08-10 17:03:05    18459FCD4B657CF6452D992D984740DB    60416    ----a-w-    C:\Windows\Sysnative\msobjs.dll
2016-08-10 17:03:05    13FE29C1C8E782829C7FAA3B14F4A666    30720    ----a-w-    C:\Windows\Sysnative\lsass.exe
2016-08-10 17:03:05    0FD231D3BB3867BD2CF35D76E35E4157    210432    ----a-w-    C:\Windows\Sysnative\wdigest.dll
2016-08-10 17:03:05    0CB631D7FAAAD66FECCFE64AF7502961    1212928    ----a-w-    C:\Windows\Sysnative\rpcrt4.dll
2016-08-10 17:03:03    FB5E30FD58CFCB42C4C58AC4F6B193B4    48640    ----a-w-    C:\Windows\Sysnative\ieetwproxystub.dll
2016-08-10 17:03:03    F34FCCD107EEE8F32E973B88B1B6879F    724992    ----a-w-    C:\Windows\Sysnative\ie4uinit.exe
2016-08-10 17:03:03    30AA13DD3AB392D31EE1F8280F02419F    2724864    ----a-w-    C:\Windows\Sysnative\mshtml.tlb
2016-08-10 17:03:03    231B7E1CF644F83DEE1D14C96D1CE64A    107520    ----a-w-    C:\Windows\Sysnative\inseng.dll
2016-08-10 17:03:03    1DCC47231EF77587C6058D0DB1C619BE    34304    ----a-w-    C:\Windows\Sysnative\iernonce.dll
2016-08-10 17:03:03    0795C990F18769F138B9C6DF757A1262    114688    ----a-w-    C:\Windows\Sysnative\ieetwcollector.exe
2016-08-10 17:03:02    C6CBF1C307BD7FBC15DF4245C4466B13    77824    ----a-w-    C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2016-08-10 17:03:01    F20E4D8EB4B99BCC109AE599193243FD    394440    ----a-w-    C:\Windows\Sysnative\iedkcs32.dll
2016-08-10 17:03:01    F13C89FB78ACFF5540F198EBF36FCA9F    152064    ----a-w-    C:\Windows\Sysnative\occache.dll
2016-08-10 17:03:01    F09B558573C9BBBC949FA6B3D3200456    66560    ----a-w-    C:\Windows\Sysnative\iesetup.dll
2016-08-10 17:03:01    D30B023DC798FAC4ABA25D0B637C568A    315392    ----a-w-    C:\Windows\Sysnative\dxtrans.dll
2016-08-10 17:03:01    C588FEF8EE8AD70A1A739B23EF4B987A    969216    ----a-w-    C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2016-08-10 17:03:01    BE5436294A01E3C7DD4DD231C724F5C4    4096    ----a-w-    C:\Windows\Sysnative\ieetwcollectorres.dll
2016-08-10 17:03:01    7EE91314F7FFC8A566ADDCD13DD51242    806400    ----a-w-    C:\Windows\Sysnative\msfeeds.dll
2016-08-10 17:03:01    3E154893570038A59F73A8F7418DCF75    1550848    ----a-w-    C:\Windows\Sysnative\urlmon.dll
2016-08-10 17:03:00    F685AC29447B34F623D85C973E028287    572416    ----a-w-    C:\Windows\Sysnative\vbscript.dll
2016-08-10 17:03:00    C7C7C333FDBECF16C29A39635B84A1EA    2894336    ----a-w-    C:\Windows\Sysnative\iertutil.dll
2016-08-10 17:03:00    50828D61E8A3205B337DC49A7C3FFF38    2131456    ----a-w-    C:\Windows\Sysnative\inetcpl.cpl
2016-08-10 17:03:00    22336934420C6862F0847DED6C437B76    800768    ----a-w-    C:\Windows\Sysnative\ieapfltr.dll
2016-08-10 17:02:59    EFB4DC94975BAFFE5FB0465E64A1E54B    54784    ----a-w-    C:\Windows\Sysnative\jsproxy.dll
2016-08-10 17:02:59    CA73619BE9ADCEB3934551C223F6ADD0    92160    ----a-w-    C:\Windows\Sysnative\mshtmled.dll
2016-08-10 17:02:59    8F9762BB257CAC7B119CB643212AAD75    489984    ----a-w-    C:\Windows\Sysnative\dxtmsft.dll
2016-08-10 17:02:59    679442D0595FBF5A6D91705D364784A3    615936    ----a-w-    C:\Windows\Sysnative\ieui.dll
2016-08-10 17:02:59    311416EBB1CFB6F39D0AE6176E79D2C2    15412224    ----a-w-    C:\Windows\Sysnative\ieframe.dll
2016-08-10 17:02:58    C29752ECB73D5C92003568123975EA7C    1359360    ----a-w-    C:\Windows\Sysnative\mshtmlmedia.dll
2016-08-10 17:02:58    8BE7C72DB66A760B2DC57DE1D99EDCA1    6047744    ----a-w-    C:\Windows\Sysnative\jscript9.dll
2016-08-10 17:02:58    76A937F27F14BE9AB31901319335CED6    262144    ----a-w-    C:\Windows\Sysnative\webcheck.dll
2016-08-10 17:02:58    710634B4F8003066FB7329D776D0C5BE    144384    ----a-w-    C:\Windows\Sysnative\ieUnatt.exe
2016-08-10 17:02:58    429E72773966866CE5F6BBA9E07B750D    817664    ----a-w-    C:\Windows\Sysnative\jscript.dll
2016-08-10 17:02:58    33821B684222F236711F7F8C78AA9247    2868224    ----a-w-    C:\Windows\Sysnative\wininet.dll
2016-08-10 17:02:58    2FC7C339A0310E9E7A55384B2B798F06    814080    ----a-w-    C:\Windows\Sysnative\jscript9diag.dll
2016-08-10 17:02:57    E3E3B1226692DB497226CCD7F43AD7DF    25808384    ----a-w-    C:\Windows\Sysnative\mshtml.dll
2016-08-10 17:02:57    51BD4D3D74CDF4EFB6C8023C86914C6D    199680    ----a-w-    C:\Windows\Sysnative\msrating.dll
2016-08-10 17:02:57    2BCC67A19D5C041AE694DBCA3BA0A290    417792    ----a-w-    C:\Windows\Sysnative\html.iec
2016-08-10 17:02:57    133BDD30B98E9158649E73B38434F673    88064    ----a-w-    C:\Windows\Sysnative\MshtmlDac.dll
2016-08-10 17:02:48    F599F9438186D88E6A9D0F38806C1217    3218944    ----a-w-    C:\Windows\Sysnative\win32k.sys
2016-08-05 13:15:10    F85BEEBE6288B73B03E193DB6162CC11    65536    ----a-w-    C:\Windows\Sysnative\spu_storage.bin
====== C:\Windows\Sysnative\drivers =====
2016-08-14 12:32:00    3E75A47D2DEFD2683DCA409572FBE8B2    452040    ----a-w-    C:\Windows\Sysnative\drivers\trufos.sys
2016-08-10 17:03:06    CFBA6BCBBDC7E33813D92FFB3460FA07    95464    ----a-w-    C:\Windows\Sysnative\drivers\ksecdd.sys
2016-08-10 17:03:05    CE66825289EE8326CB52C4E9E785ACB0    154856    ----a-w-    C:\Windows\Sysnative\drivers\ksecpkg.sys
2016-08-10 17:03:05    B7FADA5E1E55BB63F90EB9F8F016113B    159744    ----a-w-    C:\Windows\Sysnative\drivers\mrxsmb.sys
2016-08-10 17:03:05    34AFF1849B3EC042C40C5EEC9D78562A    291328    ----a-w-    C:\Windows\Sysnative\drivers\mrxsmb10.sys
2016-08-10 17:03:05    058CE7A55E140EB0C72FBA6FD2FA72DE    129536    ----a-w-    C:\Windows\Sysnative\drivers\mrxsmb20.sys
2016-08-08 16:50:46    78488AF2AB2111D67B3C4044707A519B    192216    ----a-w-    C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2016-08-08 16:50:36    78BFF5425E044086E74E78650A359FBB    27008    ----a-w-    C:\Windows\Sysnative\drivers\mbam.sys
2016-08-08 16:50:36    452ACB7A9914398D9E18CCCFFCF92208    64896    ----a-w-    C:\Windows\Sysnative\drivers\mwac.sys
2016-08-08 16:50:36    1239597BAB7EED2BB16D035AF87E65D9    140672    ----a-w-    C:\Windows\Sysnative\drivers\mbamchameleon.sys
2016-07-19 11:27:12    A1E22774E01EDB88EC9620EF017B3ABE    261888    ----a-w-    C:\Windows\Sysnative\drivers\avgmfx64.sys
2016-07-18 22:20:14    85958749829568FE01B1A110DCA74775    305032    ----a-w-    C:\Windows\Sysnative\drivers\amdacpksd.sys
2016-07-18 21:42:24    D15395F5818B327E64E5D8B93EDACFC0    26708992    ----a-w-    C:\Windows\Sysnative\drivers\atikmdag.sys
2016-07-18 20:38:50    1648836B52C9194AC6AEE2E04FB142DD    43520    ----a-w-    C:\Windows\Sysnative\drivers\ati2erec.dll
2016-07-18 20:32:52    B283403E7717FB0D41AD962C643FB7AC    500736    ----a-w-    C:\Windows\Sysnative\drivers\atikmpag.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2016-08-15 12:06:55    --------    d-----w-    C:\Program Files\trend micro
2016-08-14 10:45:31    --------    d-----w-    C:\Program Files\Common Files\AV
======= C:\PROGRA~2 =====
2016-08-14 12:27:49    --------    d-----w-    C:\PROGRA~2\Dashlane
2016-08-14 12:20:52    --------    d-----w-    C:\PROGRA~2\COMMON~1\IObit
======= C: =====
====== C:\Users\jan\AppData\Roaming ======
2016-08-14 12:28:30    --------    d-----w-    C:\Users\jan\AppData\Locallow\Dashlane
2016-08-14 12:27:49    --------    d-----w-    C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2016-08-14 12:27:49    --------    d-----w-    C:\Users\jan\AppData\Local\Packages
====== C:\Users\jan ======
2016-08-14 12:32:00    --------    d-----w-    C:\ProgramData\BDLogging
2016-08-05 13:15:43    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings

====== C: exe-files ==
2016-08-15 17:03:08    6B1B84C7E236995227B78EDE92870108    2394624    ----a-w-    C:\Users\jan\Documents\Downloads\FRST64 (1).exe
2016-08-15 16:48:41    6B1B84C7E236995227B78EDE92870108    2394624    ----a-w-    C:\Users\jan\Documents\Downloads\FRST64.exe
2016-08-15 12:06:56    9A2347903D6EDB84C10F288BC0578C1C    388608    ----a-w-    C:\Program Files\trend micro\jan.exe
2016-08-15 12:06:21    8045ABB21A3BDD66A48E1ED5C0F0EF6A    1222144    ----a-w-    C:\Users\jan\Documents\Downloads\RSITx64.exe
2016-08-14 12:28:22    938967D6A55B1CAB5C0E1798C282537F    13312    ----a-w-    C:\Program Files (x86)\Dashlane\Dashlane_launcher.exe
2016-08-14 12:28:21    938967D6A55B1CAB5C0E1798C282537F    13312    ----a-w-    C:\Users\jan\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlane_launcher.exe
2016-08-14 12:28:21    7D9783DDCA177415AFC212810549454F    286080    ----a-w-    C:\Users\jan\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\DashlanePlugin_new.exe
2016-08-14 12:28:21    7D9783DDCA177415AFC212810549454F    286080    ----a-w-    C:\Users\jan\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\DashlanePlugin.exe
2016-08-14 12:28:21    6B8E0F1C220C29D16F86DF4FE501C016    515776    ----a-w-    C:\Users\jan\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.5.1.15044\procdump.exe
2016-08-14 12:28:21    1131979E8FEEE4496F16A516DA353895    228224    ----a-w-    C:\Users\jan\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlane_new.exe
2016-08-14 12:28:21    1131979E8FEEE4496F16A516DA353895    228224    ----a-w-    C:\Users\jan\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlane.exe
2016-08-14 12:28:04    5689D43C3B201DD3810FA3BBA4A6476A    4216840    ----a-w-    C:\Users\jan\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.5.1.15044\bin\Prerequisites\vcredist_x86_sp1.exe
2016-08-14 12:28:04    40395C175553CB14D2050888EFCCDF00    4961800    ----a-w-    C:\Users\jan\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.5.1.15044\bin\Prerequisites\x64\vcredist_x64_sp1.exe
2016-08-14 12:21:48    358D68AADE77E120C9C1ABC29B916F9E    513528    ----a-w-    C:\Users\jan\AppData\Local\Temp\Dashlane_Launcher_1437420342.exe
2016-08-14 11:51:03    44D446241A2B9582294DED8B9D156F80    43739048    ----a-w-    C:\Users\jan\Documents\malware fighter\IObit-Malware-Fighter-Setup.exe
2016-08-10 17:03:05    B287DB3318E465176A97953BD464C034    64000    ----a-w-    C:\Windows\System32\auditpol.exe
2016-08-10 17:03:05    4CD27D535C6A15CCA00EDEBF8176C9E9    50176    ----a-w-    C:\Windows\SysWOW64\auditpol.exe
2016-08-10 17:03:05    13FE29C1C8E782829C7FAA3B14F4A666    30720    ----a-w-    C:\Windows\System32\lsass.exe
2016-08-10 17:03:03    F34FCCD107EEE8F32E973B88B1B6879F    724992    ----a-w-    C:\Windows\System32\ie4uinit.exe
2016-08-10 17:03:03    83F98F75E0F3ED7C02B35B17853F6CAB    221184    ----a-w-    C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2016-08-10 17:03:03    0795C990F18769F138B9C6DF757A1262    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2016-08-10 17:03:01    F782AA6A534AE1536E2EB33A85E23A7B    474112    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2016-08-10 17:03:01    C588FEF8EE8AD70A1A739B23EF4B987A    969216    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2016-08-10 17:03:01    BEEA90201596E8E30E9543A0E05837A6    222720    ----a-w-    C:\Program Files\Internet Explorer\ielowutil.exe
2016-08-10 17:03:00    6DC6F88B59CAE7DDEB356BF6075B90D6    491008    ----a-w-    C:\Program Files\Internet Explorer\ieinstal.exe
2016-08-10 17:03:00    2B9F2BBB8FE8A95A81D2388B60C3E042    115712    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 17:02:58    710634B4F8003066FB7329D776D0C5BE    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2016-08-10 15:17:21    C99AD59FAC80FAA0266493AFD566D83A    78608    ----a-w-    C:\ProgramData\Avg\Setup\av\avguirux.exe
2016-08-10 15:17:21    059AFB5B1037DCE5ADE6743FB12DBDE1    6107296    ----a-w-    C:\ProgramData\Avg\Setup\av\avgmfapx.exe
2016-08-10 15:16:32    9B67F38DEBF526731309CEDCA08E6A5F    384272    ----a-w-    C:\Program Files (x86)\AVG\Av\avgndisa.exe
2016-08-10 15:01:36    527BD8B4CD598E4A6EC4DF0B501E9444    59772984    ----a-w-    C:\Users\jan\AppData\Roaming\PlaysTV\playstv-1.13.1-r115223-release.exe
2016-08-09 20:14:44    B4AD5A4E91BC286C69A79E6A6CBD5AED    4214544    ----a-w-    C:\Program Files (x86)\Raptr Inc\PlaysTV\vcredist_x86.exe
2016-08-09 20:14:44    7B2C78984E6F5ECC56DE88C165D289ED    61200    ----a-w-    C:\Program Files (x86)\Raptr Inc\PlaysTV\upload_logs.exe
2016-08-09 20:14:42    FFFE7BEEC525DFE7995EF6CC9583CB25    74512    ----a-w-    C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
2016-08-09 20:14:42    AB3C494C6971AB686C44BFC341F93826    1107216    ----a-w-    C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_encoder_server64-114978.exe
2016-08-09 20:14:42    7C9ED47213D04958BD3CE0D0DB9F471D    71440    ----a-w-    C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe
2016-08-09 20:14:42    04325377B3D504927184CBAABF9D47FA    32528    ----a-w-    C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
2016-08-09 20:14:40    C7F2B95545BF3C2FFE759A1EA5350EE4    1028880    ----a-w-    C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_encoder_server-114978.exe
2016-08-09 20:14:40    96C013213142D0113A432178283EA9BC    58640    ----a-w-    C:\Program Files (x86)\Raptr Inc\PlaysTV\f2p_ping.exe
=== C: other files ==
2016-08-14 12:32:00    3E75A47D2DEFD2683DCA409572FBE8B2    452040    ----a-w-    C:\Windows\System32\drivers\trufos.sys
2016-08-14 12:28:30    F6C0856FFE46F68032AFBFAA27D88CCF    834507    ----a-w-    C:\Users\jan\AppData\Roaming\Mozilla\Firefox\Profiles\amripyqj.default\extensions\jetpack-extension@dashlane.com.xpi
2016-08-14 12:28:20    F6C0856FFE46F68032AFBFAA27D88CCF    834507    ----a-w-    C:\Users\jan\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.5.1.15044\Extensions\JetPack_xpi\jetpack-extension@dashlane.com-4.0.0.xpi
2016-08-14 12:28:20    A65B5ABC1D905AC98440BD05A382ECD8    157    ----a-w-    C:\Users\jan\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\4.5.1.15044\bin\IEInstaller.bat
2016-08-10 17:03:06    CFBA6BCBBDC7E33813D92FFB3460FA07    95464    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2016-08-10 17:03:05    CE66825289EE8326CB52C4E9E785ACB0    154856    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2016-08-10 17:03:05    B7FADA5E1E55BB63F90EB9F8F016113B    159744    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2016-08-10 17:03:05    34AFF1849B3EC042C40C5EEC9D78562A    291328    ----a-w-    C:\Windows\System32\drivers\mrxsmb10.sys
2016-08-10 17:03:05    058CE7A55E140EB0C72FBA6FD2FA72DE    129536    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2016-08-10 17:02:48    F599F9438186D88E6A9D0F38806C1217    3218944    ----a-w-    C:\Windows\System32\win32k.sys
2016-08-09 20:14:38    EAE40FC468EDCFFBFA0BA06235CC0D41    12050221    ----a-w-    C:\Program Files (x86)\Raptr Inc\PlaysTV\library.zip

==== Orphaned Tasks deleted from Registry ======================

avast Emergency Update deleted

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
"Dashlane"="C:\Users\jan\AppData\Roaming\Dashlane\Dashlane.exe autoLaunchAtStartup"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\Av\avuirunnerx.exe C:\Program Files (x86)\AVG\Av\avgui.exe"
"AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe /lps=fmw"
"Raptr"="C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe --startup"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"PlaysTV"="C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe --startup"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
"Dashlane"="C:\Users\jan\AppData\Roaming\Dashlane\Dashlane.exe autoLaunchAtStartup"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCN"="C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe atlogon"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AvgUi]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AvgUi"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\AVG\\Framework\\Common\\avguirnx.exe\" /lps=fmw"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AVG_UI"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\AVG\\Av\\avuirunnerx.exe\" C:\\Program Files (x86)\\AVG\\Av\\avgui.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Driver Genius]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Driver Genius"
"hkey"="HKLM"
"command"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PlaysTV]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PlaysTV"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Raptr Inc\\PlaysTV\\playstv_launcher.exe\" --startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Raptr]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Raptr"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Raptr Inc\\Raptr\\raptrstub.exe\" --startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDVCPL"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe\" -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SamsungRapidApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SamsungRapidApp"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\RAPID\\CacheFilter\\SamsungRapidApp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


==== Startup Folders ======================

2012-07-12 11:46:02    306    ----a-w-    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD
2012-07-12 11:46:02    306    ----a-w-    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/08/2015 11:00]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/08/2015 11:00]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\AMD Updater" ["C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe"]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\SamsungMagician" ["C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe"]
"C:\Windows\SysNative\tasks\{846C1C80-F664-446C-9D4E-3D5017AD1027}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2016-02-27 15:30:43    --------    d-----w-    C:\PROGRA~3\HTC
2016-04-20 15:00:58    --------    d-----w-    C:\PROGRA~3\Avg
2016-04-20 15:01:02    --------    d-----w-    C:\PROGRA~3\MFAData
2016-05-29 07:41:29    --------    d-----w-    C:\PROGRA~3\install_clap
2016-05-29 07:41:29    --------    d-----w-    C:\PROGRA~3\SUPPORTDIR
2016-05-29 07:41:57    --------    d-----w-    C:\PROGRA~3\CyberLink
2016-05-29 07:42:21    --------    d-----w-    C:\PROGRA~3\PDVD
2016-05-29 07:59:26    --------    d-----w-    C:\PROGRA~3\Temp
2016-08-14 12:32:00    --------    d-----w-    C:\PROGRA~3\BDLogging

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{442718d9-475e-452a-b3e1-fb1ee16b8e9f}"="C:\Users\jan\AppData\Roaming\Dashlane\4.5.1.15044\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\jan\AppData\Roaming\Mozilla\Firefox\Profiles\amripyqj.default
- Dashlane - %ProfilePath%\extensions\jetpack-extension@dashlane.com.xpi

ProfilePath: C:\Users\jan\AppData\Roaming\Songbird2\Profiles\dvw2rxfl.default
- Undetermined - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[25/05/2016 10:31]

Google Slides - jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage deleted successfully
C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage-journal deleted successfully
C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"=""
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\Wow6432Node\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
HKCU\SearchScopes "DefaultScope"="{D15200C5-79C8-40A8-A0CF-D7223E606AB4}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
HKCU\SearchScopes\{D15200C5-79C8-40A8-A0CF-D7223E606AB4} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully
HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully
HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfully
HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B236E3E-80B2-4322-B6A2-529D751B7FB1} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\Mozilla\Firefox\Extensions\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [PlaysTV] "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [Dashlane] "C:\Users\jan\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: RUN.CMD (User 'Default user')
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgfwsa.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - Unknown owner - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Plays.tv Update Service (PlaysService) - Plays.tv, LLC - C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung RAPID Mode Service (SamsungRapidSvc) - Unknown owner - C:\Windows\system32\RAPID\SamsungRapidSvc.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2214 folders=326 365652707 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\jan\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\jan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on ma 15/08/2016 at 19:12:17,41 ======================
 

Link naar reactie
Delen op andere sites

Hallo,

 

Download  55e20d7d29661-adwcleaner.pngAdwCleaner by Xplode naar het bureaublad (verwijder eerst eventuele aanwezige oudere versies van deze tool op je PC, zodat je nu de meest recente database van AdwCleaner kan gebruiken).

Als de link naar AdwCleaner niet werkt, probeer dan deze link.

De download start automatisch na enkele seconden.
 

  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner om hem te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik op Scan (Engelse versie) of Scannen (Nederlandstalige versie)
  • Mocht u gevonden items willen behouden, verwijder deze dan nu uit het lijstje.
  • Klik vervolgens op Clean (Engelse versie) of Verwijderen (Nederlandstalige versie)
  • Klik bij popup-scherm "AdwCleaner Herstart" op OK.


Nadat de PC opnieuw is opgestart, opent meestal onmiddellijk een logfile van AdwCleaner.
Anders is het logfile hier terug te vinden C:\AdwCleaner\AdwCleaner[S0].txt.

Logbestand plaatsen

  • Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[S0].txt als bijlage toe aan het volgende bericht.
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier

Meer informatie vind je in de handleiding.

Link naar reactie
Delen op andere sites

***** [ Register ] *****

[-] hersteldHKLM\SOFTWARE\Classes\PepperZip
[-] hersteld[x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] hersteld[x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] hersteld[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] hersteldHKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] hersteldHKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
[-] hersteldHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] hersteldHKU\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\eSupport.com
[-] hersteldHKU\S-1-5-21-2882025041-3884981816-3174003818-1000\Software\GlobalUpdate
[#] *Key deleted on reboot: HKCU\Software\eSupport.com
[#] *Key deleted on reboot: HKCU\Software\GlobalUpdate
[-] hersteldHKLM\SOFTWARE\SiteSee
[-] hersteldHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius Professional Edition_is1
[-] hersteldHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[-] hersteld[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] hersteldHKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] hersteldHKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] hersteldHKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] hersteldHKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}


***** [ Internetbrowsers ] *****

*************************

:: "Tracing" sleutels verwijderd
:: Winsock instellingen gereset

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2463 bytes] - [15/08/2016 20:25:01]
C:\AdwCleaner\AdwCleaner[S0].txt - [2670 bytes] - [15/08/2016 20:24:26]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2609 bytes] ##########
 

Link naar reactie
Delen op andere sites

  • abbs sloot dit topic
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen

×
×
  • Nieuwe aanmaken...