Zoek.exe v5.0.0.0 Updated 20-November-2014 Tool run by Kleine Fuhrer on vr 21-11-2014 at 9:02:57,54. Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kleine Fuhrer\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-11-20-163920.log 2040 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3569434992-788234770-3847869894-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} deleted successfully HKEY_USERS\S-1-5-21-3569434992-788234770-3847869894-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully HKEY_USERS\S-1-5-21-3569434992-788234770-3847869894-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Users\Kleine Fuhrer\AppData\Local\FluxSoftware\Flux\flux.exe C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files\Popcorn Time\Updater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\taskeng.exe C:\Users\Kleine Fuhrer\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Kleine Fuhrer\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskmgr.exe C:\Windows\System32\perfmon.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\KLEINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\a90lqj3y.default-1393406177277 ---- Lines WebSearch removed from prefs.js ---- user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.defaulturl", "http://websearch.exitingsearch.info/?pid=512&r=2014/03/05&hid=13293526893038579566&lg=EN&cc=NL&unqvl=50&l=1&q= user_pref("browser.search.order.1", "WebSearch"); user_pref("browser.search.order.1,S", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); user_pref("keyword.URL", "http://websearch.exitingsearch.info/?pid=512&r=2014/03/05&hid=13293526893038579566&lg=EN&cc=NL&unqvl=50&l=1&q="); ---- Lines offers removed from prefs.js ---- user_pref("extensions.fbp@fbpurity.com.fbpoptsjson-100001598072844", "{\"filterappmessages\":0,\"becamefriends\":1,\"becamefan\":1,\"joinedgroup\":1,\ ---- Lines extensions.ZPxMA_2 removed from prefs.js ---- user_pref("extensions.ZPxMA_2.epoch", "1405259456"); user_pref("extensions.ZPxMA_2.url", "http://toolkitjob.info/sync2/?q=hfZ9ofDSBShEAen0qjwGtMqLDe49CNU0jUEMCMlNhd9FqdaHrdkFqdw7rHwMBzqUojw9rdCFrTwHqjaHp ---- Lines extensions.pca1ksOO29i removed from prefs.js ---- user_pref("extensions.pca1ksOO29i.epoch", "1405259459"); user_pref("extensions.pca1ksOO29i.url", "http://jpi-proxy.info/sync2/?q=hfZ9ofV9CShEAen0rjY4rchTB6lKDzt4ok4rtNtVh7n0rjnEqjs5rjn9qjkFtMFHhd9Fqda6rjsFrH ---- Lines extensions.riNTUdqG_S7d removed from prefs.js ---- user_pref("extensions.riNTUdqG_S7d.epoch", "1405259457"); user_pref("extensions.riNTUdqG_S7d.url", "http://installsunny.us/sync2/?q=hfZ9ofq7B75MCyVUojw5pjaMg708BNmGWj8pjchGheDUojw9rdkGpdw9qdnHrihIC7n0rjnEqHwG ---- FireFox user.js and prefs.js backups ---- user_21-11-2014_2136_.backup prefs_21-11-2014_2136_.backup ProfilePath: C:\Users\KLEINE~1\AppData\Roaming\Thunderbird\Profiles\8dcv3wps.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_21-11-2014_2136_.backup ProfilePath: C:\Users\KLEINE~1\AppData\Roaming\wikipedia-5a5e8d6fac32c865a2cbcf250fceb54f\Profiles\lgarh2cd.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_21-11-2014_2136_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] ==== Deleting Files \ Folders ====================== C:\ProgramData\e1e45fe9175bd409 deleted C:\Users\Kleine Fuhrer\AppData\LocalLow\{0036F686-67C4-46EE-D0F6-4FEB5D78D64E} deleted C:\Users\Kleine Fuhrer\AppData\LocalLow\{9087C407-826F-C806-A31D-F02860F59548} deleted C:\Users\Kleine Fuhrer\AppData\LocalLow\{C606ED16-5AE0-499A-1979-BB9FF30F3915} deleted C:\Users\Kleine Fuhrer\AppData\LocalLow\{FE36AF08-B04E-FCAD-5395-0B14E7BB82E3} deleted C:\Users\Kleine Fuhrer\AppData\Local\19391 deleted C:\Users\Kleine Fuhrer\AppData\Local\23334 deleted C:\PROGRA~2\DivX deleted C:\PROGRA~2\Excellent4App deleted C:\PROGRA~2\TopApp soft deleted C:\Users\Kleine Fuhrer\.android deleted C:\PROGRA~2\SNT deleted C:\Users\Kleine Fuhrer\AppData\Roaming\System Uptime Full Plus_Record.ini deleted C:\Users\Kleine Fuhrer\AppData\Roaming\System Uptime Full Plus_Settings.ini deleted C:\Users\Kleine Fuhrer\AppData\Roaming\Alawar deleted C:\Users\Kleine Fuhrer\AppData\Roaming\Alawar Entertainment deleted C:\Users\Kleine Fuhrer\AppData\Roaming\AlawarEntertainment deleted C:\Users\Kleine Fuhrer\AppData\Roaming\YoudaGames deleted C:\Users\Kleine Fuhrer\AppData\Roaming\iWin deleted C:\PROGRA~2\Alawar deleted C:\PROGRA~2\AlawarWrapper deleted C:\PROGRA~2\cheapncheap deleted C:\PROGRA~2\WPM deleted C:\PROGRA~2\InstallMate deleted C:\PROGRA~2\Trymedia deleted C:\Users\Kleine Fuhrer\AppData\Local\CRE deleted C:\Users\Kleine Fuhrer\AppData\Local\cache deleted C:\Users\Kleine Fuhrer\AppData\Local\CrashRpt deleted C:\Windows\system32\config\systemprofile\AppData\Local\Clip Converter deleted C:\Users\Kleine Fuhrer\AppData\LocalLow\{688A3409-D6A6-4257-D4C1-B256BCD86347} deleted C:\Users\Kleine Fuhrer\AppData\LocalLow\{CA682FF2-27EA-6097-DA49-55C67EE9DAC0} deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\system32\GroupPolicy\Machine deleted C:\Windows\system32\GroupPolicy\User deleted C:\Windows\system32\GroupPolicy\gpt.ini deleted C:\Windows\System32\AI_RecycleBin deleted C:\Windows\system32\RegistryHelperLM.ocx deleted C:\Users\Public\Documents\AlawarWrapper deleted C:\Users\KLEINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\a90lqj3y.default-1393406177277\extensions\staged deleted C:\Users\KLEINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\a90lqj3y.default-1393406177277\extensions\2voio-nt@seoeuuioo.net deleted C:\Users\KLEINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\a90lqj3y.default-1393406177277\extensions\iiao7.zp2ea@o-uwkdml.edu deleted C:\Users\KLEINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\a90lqj3y.default-1393406177277\extensions\qx_7gsqa@oio-tqlh.edu deleted C:\Users\KLEINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\a90lqj3y.default-1393406177277\extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a} deleted "C:\Program Files\Splashtop" deleted ==== System Specs ====================== Windows: Windows 7 Enterprise Edition Service Pack 1 (Build 7601) Memory (RAM): 2303 MB CPU Info: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ CPU Speed: 2155,4 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: NVIDIA GeForce 6150SE nForce 430 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1360 X 768 - 32 bit Network: Network Present Network Adapters: Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller CD / DVD Drives: 2x (F: | L: | ) F: SONY DVD RW AW-G170A | L: DTSOFT BDROM Ports: COM2 LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 78,1GB | D: 78,1GB | E: 73,5GB | K: 68,3GB Hard Disks - Free: C: 24,6GB | D: 18,7GB | E: 41,2GB | K: 8,6GB Manufacturer *: Phoenix Technologies, LTD BIOS Info: AT/AT COMPATIBLE | 06/06/07 | PacBel - 42302e31 Time Zone: West-Europa (standaardtijd) Motherboard *: PACKARD BELL BV MCP61 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: ESET NOD32 Antivirus 8.0 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: ESET NOD32 Antivirus 8.0 disabled (Outdated) Default Browser: Google Chrome 38.0.2125.111 Internet Explorer Version: 11.0.9600.17420 Mozilla Firefox version: 19.0.2 (x86 nl) Google Chrome version: 40.0.2210.0 Adobe Reader version: 11.0.9.29 Sun Java version: 1.8.0_25 (32-bit) Flash Player version: 15.0.0.223 Shockwave Player version: 12.1.1r151 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-11-09 17:58:52 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\ResortingToDanger.INI ====== C:\Users\KLEINE~1\AppData\Local\Temp ==== 2014-11-19 21:46:29 3CE787E2FEBD66DB08B5BBF43D5F45FB 307400 ----a-w- C:\Users\Kleine Fuhrer\AppData\Local\Temp\InstHelper.exe ====== Java Cache ===== 2014-11-05 04:51:41 30810F09A3FCC03EC583120B033700BC 282329 ----a-w- C:\Users\Kleine Fuhrer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-718526d1 2014-11-05 04:51:40 67911F367EC150BDC8F2CB46397F0925 845 ----a-w- C:\Users\Kleine Fuhrer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-6cf9851b ====== C:\Windows\system32 ===== 2014-11-19 22:22:58 D9594763925F52C09628CC3E95B34245 1291280 ----a-w- C:\Windows\System32\nvspbridge.dll 2014-11-19 22:22:58 6C0F1C9338706F98031C2A4996ACEFE3 2197680 ----a-w- C:\Windows\System32\nvspcap.dll 2014-11-19 22:21:51 3CE5D0F1FC2127723B3AF13CAC41496F 32584 ----a-w- C:\Windows\System32\nvaudcap32v.dll 2014-11-19 00:58:39 98B3C919C6B9C5F810FF2CAFA339822B 186880 ----a-w- C:\Windows\System32\pku2u.dll 2014-11-19 00:58:37 ADFB31FA72AFE0298A60BF4AC1045A42 550912 ----a-w- C:\Windows\System32\kerberos.dll 2014-11-12 16:03:50 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\System32\oleaut32.dll 2014-11-12 16:03:40 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\System32\IMJP10K.DLL 2014-11-12 16:03:32 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\System32\msi.dll 2014-11-12 16:03:03 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\System32\msxml3.dll 2014-11-12 16:03:03 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2014-11-12 16:03:00 F4157B3CECF19B1C266C83AFF051C97A 475136 ----a-w- C:\Windows\System32\audiosrv.dll 2014-11-12 16:03:00 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\System32\AUDIOKSE.dll 2014-11-12 16:02:59 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\System32\AudioEng.dll 2014-11-12 16:02:59 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\System32\AudioSes.dll 2014-11-12 16:02:59 639B0199F4D995CD63D7328799A92B57 275968 ----a-w- C:\Windows\System32\EncDump.dll 2014-11-12 16:02:49 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\System32\schannel.dll 2014-11-12 16:02:48 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\System32\ncrypt.dll 2014-11-12 16:02:47 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\System32\msv1_0.dll 2014-11-12 16:02:46 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\System32\credssp.dll 2014-11-12 16:02:08 AB6F34F32648142224856F2159FF08BA 254464 ----a-w- C:\Windows\System32\generaltel.dll 2014-11-12 16:02:07 B1C9CACC1E667E4C6FC0AFC15474035C 203776 ----a-w- C:\Windows\System32\aepdu.dll 2014-11-12 16:02:05 BC322704472B89D2C48C9B525FE7AD90 302592 ----a-w- C:\Windows\System32\aeinv.dll 2014-11-12 16:02:04 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\System32\packager.dll 2014-11-12 16:01:54 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\Windows\System32\adtschema.dll 2014-11-12 16:01:53 1D4B52E5F3FD3875A5B3B6296F2BEB11 1059840 ----a-w- C:\Windows\System32\lsasrv.dll 2014-11-12 16:01:52 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\Windows\System32\msaudite.dll 2014-11-12 16:01:18 843BD9DAF03ABB6761DEE6D155301F28 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-11-12 16:01:18 7760760CDC8BC42644A8F641BD64E496 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-11-12 16:01:18 5D5640C34C4A97467F77489DBB157568 47616 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-11-12 16:01:16 B6273619A3DF28F03B64E911E45A6AB2 30720 ----a-w- C:\Windows\System32\iernonce.dll 2014-11-12 16:01:16 6E0CFB5D1EF8A193A77364BE460A621E 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-11-12 16:01:16 17AF9A2CB9971C95245754BD5F8BC79C 683008 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-11-12 16:01:15 FB56C76FEA44693752BD99D7D9930ABA 341168 ----a-w- C:\Windows\System32\iedkcs32.dll 2014-11-12 16:01:14 6DDC0F44A70976C492CB1666BA9A7912 47104 ----a-w- C:\Windows\System32\jsproxy.dll 2014-11-12 16:01:14 4F8CD74CD69A94ED1A5D7E837A356F4E 115712 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-11-12 16:01:13 A1A2EE55A2C69F79AED00973E604B9C4 418304 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-11-12 16:01:13 8A46404AC1AEB22AA2D4C906D0FC86C2 620032 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-11-12 16:01:13 5E01004CBC35A78FE2AB4016CCAD4760 708096 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-11-12 16:01:13 26EE6C9780A8FC872C60F9E35D7EBD4B 688640 ----a-w- C:\Windows\System32\msfeeds.dll 2014-11-12 16:01:12 5972510EF1C6097D9C14C17387A5EDB2 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-11-12 16:01:10 7748B3DDDC92C7FC11F7462DB872E8E7 2051072 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-11-12 16:01:09 19D68FDEE62519C5A0387EB4E88A01EF 62464 ----a-w- C:\Windows\System32\iesetup.dll 2014-11-12 16:01:09 139E85C4E5DF322AE1BF6544D8C32B0A 168960 ----a-w- C:\Windows\System32\msrating.dll 2014-11-12 16:01:07 E31840C3603948EDE6D9F97C617E8E0A 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-11-12 16:01:05 66F4FFDBCD501260ABC198317D2B0D10 285696 ----a-w- C:\Windows\System32\dxtrans.dll 2014-11-12 16:01:04 8585BC27224F97458C186AA085B754A7 478208 ----a-w- C:\Windows\System32\ieui.dll 2014-11-12 16:01:03 36EE0A2A981617610F921BCBB997DB06 12819456 ----a-w- C:\Windows\System32\ieframe.dll 2014-11-12 16:01:02 A6E51BDCB8F4B84E874F918F0452763D 76288 ----a-w- C:\Windows\System32\mshtmled.dll 2014-11-12 16:01:01 4169C6A6613856D69224498620F0C2B5 1155072 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-11-12 16:01:00 755D0A90CFC4BCB178D7070B0351F0AE 64000 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-11-12 16:00:59 FA310BD4A5DE904445DDDE54C5A654F2 2277376 ----a-w- C:\Windows\System32\iertutil.dll 2014-11-12 16:00:57 93074C4FA92A8399404D032F6AF72C1B 19781632 ----a-w- C:\Windows\System32\mshtml.dll 2014-11-12 16:00:54 AE39939F1E25401B9A4952A7A8D372AC 4298240 ----a-w- C:\Windows\System32\jscript9.dll ====== C:\Windows\system32\drivers ===== 2014-11-19 22:21:51 BE6832BA702EBC3527D7BC7A37DAB052 33096 ----a-w- C:\Windows\System32\drivers\nvvad32v.sys 2014-11-12 16:01:53 1E1845606C5A4579F7F3D95796CC1ED1 136632 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== 2014-10-28 05:49:52 101E5BC3D3ED7AD722D38BF50457F369 4018 ----a-w- C:\Windows\system32\Tasks\User_Feed_Synchronization-{39383F0B-2041-4147-87C3-CF70C247C9A3} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-11-20 16:26:23 -------- d-----w- C:\Program Files\Common Files\Java 2014-11-20 16:24:58 -------- d-----w- C:\Program Files\Java 2014-11-19 21:45:15 -------- d-----w- C:\Program Files\ESET 2014-11-17 07:31:39 -------- d-----w- C:\Program Files\QuickTime 2014-11-15 12:46:09 -------- d-----w- C:\Program Files\VideoLAN 2014-10-30 06:20:23 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\Kleine Fuhrer\AppData\Roaming ====== 2014-11-19 22:59:28 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\ESET 2014-11-19 22:27:05 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Local\ESET 2014-11-19 22:25:41 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Local\NVIDIA 2014-11-11 15:11:18 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Roaming\Big Top Games 2014-11-05 19:24:10 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Roaming\VS Revo Group 2014-11-05 06:02:56 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Local\Runefall 2014-11-05 06:02:24 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Runefall 2014-11-04 17:15:46 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Roaming\HdO Adventure 2014-11-03 20:03:25 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Locallow\Play 2014-11-03 09:50:22 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Roaming\BigFish 2014-10-30 06:30:47 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Razer 2014-10-28 20:24:20 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Roaming\Feedreader 2014-10-28 06:09:32 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Canary-apps 2014-10-26 20:11:44 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Roaming\Realore_Whiterra Roads Of Rome 3 2014-10-26 10:37:01 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Roaming\Silverback Productions 2014-10-26 08:19:01 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Local\Splashtop 2014-10-26 08:15:56 202EDA15BF153F47AD2F6920B9AB1E5C 61536 ----a-w- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-23 22:04:58 -------- d-----w- C:\Users\Kleine Fuhrer\AppData\Roaming\World-Loom ====== C:\Users\Kleine Fuhrer ====== 2014-11-20 16:25:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-19 22:22:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-11-19 21:45:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2014-11-19 21:45:15 -------- d-----w- C:\ProgramData\ESET 2014-11-17 07:34:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-11-17 07:32:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-11-15 12:46:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-11-14 19:09:08 -------- d-----w- C:\ProgramData\AirportMania 2014-11-10 20:35:38 -------- d-----w- C:\Users\Public\Documents\oberon 2014-11-09 15:59:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire 2014-11-05 01:31:32 -------- d-----w- C:\ProgramData\quickpick 2014-11-04 06:47:40 -------- d-----w- C:\Users\Kleine Fuhrer\Airstream 2014-11-04 06:47:33 424FEB2FCED9CB3C58CA5FBC599F1886 634 ----a-w- C:\Users\Kleine Fuhrer\.pri 2014-11-04 06:47:33 4201329D9CB1B5E9DBEA1F8688808AFD 128 ----a-w- C:\Users\Kleine Fuhrer\.airStream 2014-11-03 09:50:22 -------- d-----w- C:\ProgramData\BigFish 2014-11-02 22:31:32 -------- d-----w- C:\ProgramData\Rare Treasures - Dinnerware Trading Company 2014-10-28 20:24:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader ====== C: exe-files == 2014-11-20 16:25:35 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\pack200.exe 2014-11-20 16:25:35 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmid.exe 2014-11-20 16:25:35 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\orbd.exe 2014-11-20 16:25:35 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\policytool.exe 2014-11-20 16:25:35 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\unpack200.exe 2014-11-20 16:25:35 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ssvagent.exe 2014-11-20 16:25:35 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmiregistry.exe 2014-11-20 16:25:35 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\servertool.exe 2014-11-20 16:25:35 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\tnameserv.exe 2014-11-20 16:25:34 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jjs.exe 2014-11-20 16:25:34 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\keytool.exe 2014-11-20 16:25:34 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\kinit.exe 2014-11-20 16:25:34 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jp2launcher.exe 2014-11-20 16:25:34 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\klist.exe 2014-11-20 16:25:34 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ktab.exe 2014-11-20 16:25:33 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jabswitch.exe 2014-11-20 16:25:33 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java.exe 2014-11-20 16:25:33 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe 2014-11-20 16:25:33 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java-rmi.exe 2014-11-20 16:25:33 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe 2014-11-20 16:25:33 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaws.exe 2014-11-19 22:25:31 D4CB34878C35990AD3973BA2D180CA32 915784 ----a-w- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe 2014-11-19 22:22:58 F7AA1B8C0473214A146B57207148B132 2830152 ----a-w- C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe 2014-11-19 22:22:56 BEB10564C6245948B59FDAA7495A02D7 86160 ----a-w- C:\Program Files\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe 2014-11-19 22:22:56 4DD746CD8F9EF8A8D07B13CF21FCEDB6 127296 ----a-w- C:\Program Files\NVIDIA Corporation\LED Visualizer\NvLedVisualizer.exe 2014-11-19 22:22:49 CB69A7A849220D5A2EF78562562DDCD3 18182984 ----a-w- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe 2014-11-19 22:22:49 B103F2CCDA4FE5E7DC1F43378EB061F8 3998024 ----a-w- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe 2014-11-19 22:22:49 3794BF69D2A8DDEAB9610D5094EE044B 638784 ----a-w- C:\Program Files\NVIDIA Corporation\NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe 2014-11-19 22:22:27 9CE7866EA7458388334788285DC4DC4C 4816016 ----a-w- C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe 2014-11-19 22:22:27 1E2DC1FDB458714F70CD8E08253564FF 595600 ----a-w- C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\7z.exe 2014-11-19 22:22:23 C08AF3D7162084119A3089D40240E592 2464072 ----a-w- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe 2014-11-19 22:21:56 C79630A4E45514E2015395F839BA8FAE 411976 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\SETUP.EXE 2014-11-19 22:21:54 E024300408694566DDF65AB5E004F880 1795912 ----a-w- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe 2014-11-19 22:21:52 6FD2A69BE76EEBFE31FD4751A47DF60B 196424 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Update.Core.{C2FDD84A-DF1A-4E60-9552-3288DB3645A8}\WLMerger.exe 2014-11-19 22:21:51 E024300408694566DDF65AB5E004F880 1795912 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Network.Service.{8F6EE558-049B-4241-BB64-6C42494FEADD}\NVNetworkService.exe 2014-11-19 22:21:51 C08AF3D7162084119A3089D40240E592 2464072 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Update.Core.{C2FDD84A-DF1A-4E60-9552-3288DB3645A8}\NvBackend.exe 2014-11-19 22:21:02 C79630A4E45514E2015395F839BA8FAE 411976 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{8B329B43-04AD-46E9-BDC8-9434536F9175}\setup.exe 2014-11-19 21:46:19 9F13484F3744BC31DA1B9EED2CFEA316 3711896 ----a-w- C:\Program Files\ESET\ESET NOD32 Antivirus\speclean.exe === C: other files == 2014-11-20 16:25:36 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files\Java\jre1.8.0_25\lib\deploy\ffjcext.zip 2014-11-19 22:22:49 2920A0EE1EF8F3B98B239BDD274D62B3 18760 ----a-w- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 2014-11-19 22:21:56 58852424393393EDD45FDC1E3F67B78F 14664 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2SystemService32.sys 2014-11-19 22:21:56 39809533994B997161B93618C6742B1B 15688 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2SystemService64.sys 2014-11-19 22:21:54 CE9812A9B6695E0FA4ACBDF18AC9076B 16032 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{791DD78B-3C45-4E8E-83A5-BC0E0BEF818E}\NVSWCFilter32.sys 2014-11-19 22:21:53 17D21ADA263B31EEDB7EA344AEA4F2E7 19616 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{791DD78B-3C45-4E8E-83A5-BC0E0BEF818E}\NVSWCFilter64.sys 2014-11-19 22:21:51 BE6832BA702EBC3527D7BC7A37DAB052 33096 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{C42F678A-D4FD-459E-91A7-368E93D8A8AF}\nvvad32v.sys 2014-11-19 22:21:51 1FE5C1F4CCA8EAEA75C90FB2A85D9CC3 38216 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{C42F678A-D4FD-459E-91A7-368E93D8A8AF}\nvvad64v.sys 2014-11-19 22:21:02 58852424393393EDD45FDC1E3F67B78F 14664 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{8B329B43-04AD-46E9-BDC8-9434536F9175}\NVI2SystemService32.sys 2014-11-19 22:21:02 39809533994B997161B93618C6742B1B 15688 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{8B329B43-04AD-46E9-BDC8-9434536F9175}\NVI2SystemService64.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Exetender"="C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Exetender"="C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Exetender"="C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3569434992-788234770-3847869894-1000\Software\Microsoft\Windows\CurrentVersion\Run] "f.lux"="C:\Users\Kleine Fuhrer\AppData\Local\FluxSoftware\Flux\flux.exe /noshow" "feedreader.exe"="D:\KF Bestanden Kroam\FeedReader30\feedreader.exe" "iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe" "Logitech Vid"="C:\Program Files\Logitech\Logitech Vid\vid.exe -bootmode" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Exetender"="C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "WhatPulse"="D:\KF Bestanden Kroam\WhatPulse2\whatpulse.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice" "NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "LogitechQuickCamRibbon"="C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe /hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "f.lux"="C:\Users\Kleine Fuhrer\AppData\Local\FluxSoftware\Flux\flux.exe /noshow" "feedreader.exe"="D:\KF Bestanden Kroam\FeedReader30\feedreader.exe" "iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe" "Logitech Vid"="C:\Program Files\Logitech\Logitech Vid\vid.exe -bootmode" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="C:\\Program Files\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApplePhotoStreams] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ApplePhotoStreams" "hkey"="HKCU" "command"="C:\\Program Files\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Kleine Fuhrer\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesAirMessage] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPreload" "hkey"="HKCU" "command"="C:\\Program Files\\Samsung\\Kies\\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSC" "hkey"="HKLM" "command"="\"C:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkyDrive] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SkyDrive" "hkey"="HKCU" "command"="\"C:\\Users\\Kleine Fuhrer\\AppData\\Local\\Microsoft\\SkyDrive\\SkyDrive.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Kleine Fuhrer\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] "command"="\"c:\\program files\\real\\realplayer\\update\\realsched.exe\" -osboot" "hkey"="HKLM" "item"="TkBellExe" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Kleine Fuhrer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Kleine Fuhrer\AppData] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Kleine Fuhrer\AppData\Local] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Kleine Fuhrer\AppData\Local\Microsoft] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Kleine Fuhrer\AppData\Local\Microsoft\SkyDrive] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Kleine Fuhrer\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Uninstall C:\\Users\\Kleine Fuhrer\\AppData\\Local\\Microsoft\\SkyDrive\\16.4.6010.0727" "hkey"="HKCU" "command"="C:\\Windows\\system32\\cmd.exe /q /c rmdir /s /q \"C:\\Users\\Kleine Fuhrer\\AppData\\Local\\Microsoft\\SkyDrive\\16.4.6010.0727\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Kleine Fuhrer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Uninstall C:\\Users\\Kleine Fuhrer\\AppData\\Local\\Microsoft\\SkyDrive\\16.4.6013.0910" "hkey"="HKCU" "command"="C:\\Windows\\system32\\cmd.exe /q /c rmdir /s /q \"C:\\Users\\Kleine Fuhrer\\AppData\\Local\\Microsoft\\SkyDrive\\16.4.6013.0910\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Kleine Fuhrer\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Uninstall C:\\Users\\Kleine Fuhrer\\AppData\\Local\\Microsoft\\SkyDrive\\17.0.2006.0314" "hkey"="HKCU" "command"="C:\\Windows\\system32\\cmd.exe /q /c rmdir /s /q \"C:\\Users\\Kleine Fuhrer\\AppData\\Local\\Microsoft\\SkyDrive\\17.0.2006.0314\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Kleine Fuhrer\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Uninstall C:\\Users\\Kleine Fuhrer\\AppData\\Local\\Microsoft\\SkyDrive\\17.0.2010.0530" "hkey"="HKCU" "command"="C:\\Windows\\system32\\cmd.exe /q /c rmdir /s /q \"C:\\Users\\Kleine Fuhrer\\AppData\\Local\\Microsoft\\SkyDrive\\17.0.2010.0530\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Kleine Fuhrer\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Uninstall C:\\Users\\Kleine Fuhrer\\AppData\\Local\\Microsoft\\SkyDrive\\17.0.2011.0627" "hkey"="HKCU" "command"="C:\\Windows\\system32\\cmd.exe /q /c rmdir /s /q \"C:\\Users\\Kleine Fuhrer\\AppData\\Local\\Microsoft\\SkyDrive\\17.0.2011.0627\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Kleine Fuhrer\\AppData\\Roaming\\uTorrent\\uTorrent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Kleine Fuhrer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "path"="C:\\Users\\Kleine Fuhrer\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\KLEINE~1\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe" "item"="Dropbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMScheduler] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvUpdatusService] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16-11-2014 09:57] C:\Windows\tasks\DriverToolkit Autorun.job --a------ C:71C:\Program Files\DriverToolkit\DriverToolkit.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11-05-2014 09:33] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11-05-2014 09:33] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3569434992-788234770-3847869894-1000Core.job --a------ C:\Users\Kleine Fuhrer\AppData\Local\Google\Update\GoogleUpdate.exe [05-06-2014 21:01] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3569434992-788234770-3847869894-1000UA.job --a------ C:\Users\Kleine Fuhrer\AppData\Local\Google\Update\GoogleUpdate.exe [05-06-2014 21:01] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\Driver Booster SkipUAC (Kleine Fuhrer)" [C:\Program Files\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\system32\tasks\DriverToolkit Autorun" [C:\Program Files\DriverToolkit\DriverToolkit.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3569434992-788234770-3847869894-1000Core" [C:\Users\Kleine Fuhrer\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3569434992-788234770-3847869894-1000UA" [C:\Users\Kleine Fuhrer\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3569434992-788234770-3847869894-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3569434992-788234770-3847869894-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{39383F0B-2041-4147-87C3-CF70C247C9A3}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\{05730AEB-8D1B-4686-BFB8-3EE7148EAFAB}" [D:\KF Gamess\DASH & TIME MANAGEMENT\Style Quest\Style Quest.exe] "C:\Windows\system32\tasks\{14E6121E-58B5-4A71-BE9B-37859CA7E80A}" [D:\KF Gamess\Style Quest.exe] "C:\Windows\system32\tasks\{14FC8E63-0F5A-411C-9EE1-A77EAF083EA7}" [D:\KF Gamess\Style Quest.exe] "C:\Windows\system32\tasks\{1CF06C95-0380-4636-B53C-57BED6056038}" [D:\KF Bestanden Kroam\TV\ProgDVB\ProgTV.exe] "C:\Windows\system32\tasks\{4F36766D-5B52-474F-B5AE-66D55823EAC8}" [D:\KF Gamess\DASH & TIME MANAGEMENT\Style Quest\Style Quest.exe] "C:\Windows\system32\tasks\{50A89041-DDFB-44AD-8D66-B072C956871D}" [D:\KF Gamess\DASH & TIME MANAGEMENT\Style Quest\Style Quest.exe] "C:\Windows\system32\tasks\{5D794C39-1FFD-42BE-9125-EB8E1C295ACA}" [D:\KF Gamess\Style Quest.exe] "C:\Windows\system32\tasks\{6DA82E1F-5F67-44F3-A258-3EFBC50231B2}" [D:\KF Gamess\DASH & TIME MANAGEMENT\Style Quest\Style Quest.exe] "C:\Windows\system32\tasks\{75B05EDE-E259-4E4C-9CA2-99D8347CB643}" [D:\KF Gamess\Style Quest.exe] "C:\Windows\system32\tasks\{CC18482F-2F29-4001-938B-12EC6AE12281}" [D:\KF Gamess\HOG GAMES\Pahelika Secret Legends\PahelikaRelease.exe] "C:\Windows\system32\tasks\{DA33E558-24D7-4A4F-BA07-EA071CC34274}" [D:\KF Gamess\DASH & TIME MANAGEMENT\Style Quest\Style Quest.exe] "C:\Windows\system32\tasks\{EE8DC907-9FEA-464B-8BC7-60C9A91A41D7}" [D:\KF Gamess\DASH & TIME MANAGEMENT\Style Quest\Style Quest.exe] "C:\Windows\system32\tasks\{FF6B5FE3-DDED-4802-8D1B-25775EC47177}" [D:\KF Bestanden Kroam\TV\ProgDVB\ProgTV.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions ====================== ProfilePath: C:\Users\KLEINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\a90lqj3y.default-1393406177277 - Undetermined - C:\Users\Kleine Fuhrer\AppData\Roaming\Mozilla\Firefox\Profiles\a90lqj3y.default-1393406177277\extensions\ascsurfingprotection@iobit.com - Undetermined - C:\Program Files\IObit Apps Toolbar\FF - FT DeepDark - %ProfilePath%\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} - Page Zoom Button - %ProfilePath%\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi - F.B. Purity - Cleans Up Facebook - %ProfilePath%\extensions\fbp@fbpurity.com.xpi - YouTube ALL HTML5 - %ProfilePath%\extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi - SmartVideo For YouTube - %ProfilePath%\extensions\mytube@ashishmishra.in.xpi - NewScrollbars aka NoiaScrollbars - %ProfilePath%\extensions\NoiaScrollbars@ArisT2_Noia4dev.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Kleine Fuhrer\AppData\Roaming\Mozilla\Firefox\Profiles\a90lqj3y.default-1393406177277 446BCAE59E26321802E000FC3E0C390A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 64C4ADE063A9C93D3BAE09922AD90C27 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director 847C1A6B649D406FDB721E1BCE4E1E38 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.6 B239D122D14692FC5EFBA7121C770F61 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.6 0900BBAB5745ECEC21C5E8254F05B7B0 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.6 17D7FEB824594E6446059EB3987D1AA9 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.6 59492511D7A8BC90A2F6023218E80F9C - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.6 54740489C66AFC8B78CF9A2893A5DA63 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector F733C59712465B0BD2130BB7C1A6D6E3 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll - Shockwave Flash 3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Torch deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Guest\AppData\Local\Torch deleted Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Guest\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Kleine Fuhrer\AppData\Local\Torch deleted Fake profile C:\Users\Kleine Fuhrer\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Kleine Fuhrer\AppData\Local\Chromatic Browser deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Kleine Fuhrer\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] Google Slides - Kleine Fuhrer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Kleine Fuhrer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Kleine Fuhrer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Kleine Fuhrer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Kleine Fuhrer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Kleine Fuhrer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Wallet - Kleine Fuhrer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Kleine Fuhrer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia A Quotation - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aafpohheobbibbehfjogminpinjhlpmg Entanglement Web App - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd PhotoMania - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajjfnbkfaofifbiflcicanlgaiafcamj Google Drive - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Jewel Quest Puzzle Game - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bcgnikgdalbkgelgiihhgpcecnkbcpnp Billiards - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bfejfcfbaebdlbpjkibiddmjgmngican YouTube - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Spotify - Music for every moment - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh Google Search - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Fire Theme [FVD] - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcoddccpkfbamigkbaaehdnnjccbgipe MusicTV - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dimbohlgicfjfehdempmibdbboppdhal Best Apps - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gekkkgddoohlaojggcdmihoeahbnlomf Fairway Solitaire - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkpbdfapchjogkmfpcmnfjdimgijhdho Mahjong Words - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmefkohhpkdnaieghlijadogfapogebe Google Keep - notes and lists - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki wikiHow Survival Kit - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl Glitterboo - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ikkpgihagilojnkmkkfcbhlainmnkicp Legend Of The Golden Mask - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\janlcfemglecoedjapgofmobnokdpaan Custom Googleâ„¢ Background - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg Build your airport service and land airplanes\u003Cbr>your passengers will be pleased as punch - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap Last updated at time on date - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd Google Play - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi Mahjong Solitaire - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc Google Wallet - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Deezer - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh Picky Wallpapers - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj Online Muziek Luisteren - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olacollommkcihebibpjdbhkngcnhgdg Gmail - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Similar Pages beta by Google - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjnfggphgdjblhfjaphkjhfpiiekbbej Writer - Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog ==== Chromium Fix ====================== C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_ares.nl.softonic.com_0.localstorage deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_ares.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_frostwire.nl.softonic.com_0.localstorage deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_frostwire.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_grabit.nl.softonic.com_0.localstorage deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_grabit.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.similarsitesearch.com_0.localstorage deleted successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.similarsitesearch.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.awesomehp.com/web/?type=ds&ts=1393363373&from=vtt&uid=395049983_397233_74417C9B&q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{438AF284-9807-432E-9684-8CE796D6E423}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {438AF284-9807-432E-9684-8CE796D6E423} Google Url="https://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{94D27965-D7EF-AB85-AC56-4EFF8D696AEE} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B8FE299F-E9F4-EC01-97E9-848764743C61} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D12AFA56-25B2-9966-AC82-F8CC281D87E3} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F41E470D-39F2-E9EE-18F8-4A568F5F5E2E} deleted successfully HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Groove GFS Browser Helper - {4DB74D06-491C-440D-305E-012400990F3E} - C:\Windows\system32\cattsrvut.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s O4 - HKLM\..\Run: [WhatPulse] "D:\KF Bestanden Kroam\WhatPulse2\whatpulse.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [f.lux] "C:\Users\Kleine Fuhrer\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow O4 - HKCU\..\Run: [feedreader.exe] "D:\KF Bestanden Kroam\FeedReader30\feedreader.exe" O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user') O8 - Extra context menu item: Download met MiPony - file://C:\Program Files\MiPony\Browser\IEContext.htm O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.2.1 O15 - ESC Trusted IP range: http://192.168.2.1 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{327FAC99-AA92-404B-82F3-6DD656B37A0F}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{327FAC99-AA92-404B-82F3-6DD656B37A0F}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS2\Services\Tcpip\..\{327FAC99-AA92-404B-82F3-6DD656B37A0F}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Update service - Company - C:\Program Files\Popcorn Time\Updater.exe ==== Empty IE Cache ====================== C:\Users\Kleine Fuhrer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kleine Fuhrer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Kleine Fuhrer\AppData\Local\Google\Chrome SxS\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully