Chrome omnibox : standaard zoekmachine bij opstarten terug naar yahoo. hijack log

[berg444]

Hallo,

Chrome omnibox om te zoeken in adresbalk springt steeds terug op standaardzoekmachine yahoo. Ook als ik deze heb verwijderd in beheer.

alle apps en extenties uitgeschakeld.

Pc start traag op. afbeeldingen in Java werkt traag. In Firefox werkt deze beter.

malwarefighter malwarebytes uitgevoerd.

Ik zou héééél blij zijn als ik alles eraf kan halen wat eventueel schadelijk en hinderlijk is op mijn PC.

Onderstaand Hijack log.

Groeten Ellie

Logfile of Trend Micro HijackThis v2.0.5Scan saved at 19:20:23, on 30-1-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Unable to get Internet Explorer version!

FIREFOX: 26.0 (nl)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Users\Hendriks\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo Zoeken - zoeken op het web

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~2\IDA\idaiehlp.dll

O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: (no name) - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - (no file)

O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files (x86)\IDA\idaieall.htm

O8 - Extra context menu item: Download alles met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download remotely with IDA - C:\Program Files (x86)\IDA\remdown.htm

O8 - Extra context menu item: Download selectie met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files (x86)\IDA\idaie.htm

O8 - Extra context menu item: Formulieren Invullen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

O23 - Service: CNG Key Isolation (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: Interactive Services Detection (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Credential Manager (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Virtual Disk (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Windows Activation Technologies-service (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe

O23 - Service: WMI Performance Adapter (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 13587 bytes

[iEscape]

@ berg444,

Van zodra 1 van de experts online is zal deze je zeker verder helpen aangaande je vraag/probleem.

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo Zoeken - zoeken op het web

O2 - BHO: (no name) - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

Bekijk ook de instructievideo.

[berg444]

Hartelijk dank voor de hulp.

Ik heb de twee regels verwijderd zoals uitgelegd.

Hierbij de actuele log:

MvG Ellie

Logfile of random's system information tool 1.09 (written by random/random)

Run by Hendriks at 2014-02-01 13:04:00

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 392 GB (87%) free of 451 GB

Total RAM: 1996 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:04:09, on 1-2-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Wise\Wise Care 365\WiseMemoryOptimzer.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\Hendriks.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~2\IDA\idaiehlp.dll

O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: (no name) - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - (no file)

O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files (x86)\IDA\idaieall.htm

O8 - Extra context menu item: Download alles met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download remotely with IDA - C:\Program Files (x86)\IDA\remdown.htm

O8 - Extra context menu item: Download selectie met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files (x86)\IDA\idaie.htm

O8 - Extra context menu item: Formulieren Invullen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

O23 - Service: CNG Key Isolation (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: Interactive Services Detection (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Credential Manager (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Virtual Disk (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Windows Activation Technologies-service (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe

O23 - Service: WMI Performance Adapter (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 14494 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

"C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe"

C:\Windows\system32\svchost.exe -k RPCSS

"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

atieclxx

C:\Windows\system32\Hpservice.exe

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dfd64b50-3197-4347-bee9-2a307a69e2a8 -SystemEventPortName:HostProcess-83b149bd-f4ef-4ce9-9618-a3a8a6adf1db -IoCancelEventPortName:HostProcess-bb902ea2-3c79-49a3-8390-b20140048788 -NonStateChangingEventPortName:HostProcess-9443a45e-eef5-43d5-bcb9-4c3be7a7c8a3 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2ee0939f-2303-41a9-bad3-d1ee2e51f35e -DeviceGroupId:

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

"C:\Program Files\AVAST Software\Avast\afwServ.exe"

"C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe"

"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

C:\Windows\System32\spoolsv.exe

taskeng.exe {3A70FCCB-DB70-4C66-8393-64742860D148}

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"

"taskhost.exe"

taskeng.exe {304E8E02-F1AB-435D-B17E-1DC080423921}

"C:\Program Files (x86)\Wise\Wise Care 365\WiseMemoryOptimzer.exe" -a

"C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe" /auto

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe"

"C:\Program Files\IDT\WDM\AESTSr64.exe"

C:\Windows\System32\alg.exe

"C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe"

C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

"C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"

"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"

taskeng.exe {7BEC607C-AAAF-4BC6-883E-ADEE5016B3E9}

"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"

"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"

"C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe"

"C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"

"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"

C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"

"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

C:\Windows\SysWow64\perfhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\locator.exe

C:\Windows\system32\svchost.exe -k SDRSVC

"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"

C:\Windows\system32\UI0Detect.exe

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

C:\Windows\System32\vds.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\svchost.exe -k wcssvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\System32\svchost.exe -k secsvcs

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\SearchIndexer.exe /Embedding

WLIDSvcM.exe 4852

"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"

"C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /showtip "exptip"

C:\Windows\system32\DllHost.exe /Processid:{48DA6741-1BF0-4A44-8325-293086C79077}

"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"

C:\Windows\servicing\TrustedInstaller.exe

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3736.0.1974306006\738351252" --disable-image-transport-surface --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,5,13,23 --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.3223 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group4 pct:10d stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3736.2.1268885690\896012742" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/np-rf-plugin.dll" --lang=nl --channel="3736.3.591189309\533856519" /prefetch:-390060480

"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

C:\Windows\System32\msdtc.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"

C:\Windows\System32\svchost.exe -k swprv

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group4 pct:10d stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3736.4.1572871627\738136331" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group4 pct:10d stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3736.6.385019025\1189164585" /prefetch:673131151

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3736.8.60968474\1346539105" --ppapi-flash-args --lang=nl --ignored=" --type=renderer " /prefetch:-632637702

C:\Windows\system32\AUDIODG.EXE 0x7f0

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group4 pct:10d stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3736.9.1139863828\1106160869" /prefetch:673131151

"C:\Users\Hendriks\Downloads\RSITx64.exe"

"C:\Users\Hendriks\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\Driver Booster Update.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2200064268-249005537-2647804445-1000Core.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2200064268-249005537-2647804445-1000UA.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\Wise Care 365 PC Checkup Task.job

C:\Windows\tasks\Wise Disk Cleaner Schedule Task.job

C:\Windows\tasks\Wise Memory Optimizer Task.job

C:\Windows\tasks\Wise Registry Cleaner Schedule Task.job

C:\Windows\tasks\Wise Turbo Checker.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default

prefs.js - "browser.startup.homepage" - "http://nl.search.yahoo.com/?type=198484&fr=spigot-yhp-ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 12.0.0.43 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]

"Description"=Picasa3 plugin

"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 12.0.0.43 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\

websitelogon@truesuite.com

{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Program Files (x86)\Mozilla Firefox\components\

nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\

nppdf32.DEU

nppdf32.dll

nppdf32.FRA

nppdf32.JPN

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

yahoo.xml

C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\

adsremoval@adsremoval.net

idamm@westbyte.com

idapluginff@westbyte.com

idaremote@westbyte.com

savingsslider@mybrowserbar.com

searchads@instair.net

{58d2a791-6199-482f-a9aa-9b725ec61362}

C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\plugins\

npida.dll

C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\searchplugins\

yahoo_ff.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]

ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2014-01-22 2486592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-06 1372864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]

RoboForm Toolbar Helper - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-12-29 24536280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]

TrueSuite Website Log On - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-05-05 1746760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-06 1372864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A646672-9C3A-4C28-9A7A-1FB0F63F28B6}]

IE 4.x-6.x BHO for Internet Download Accelerator - C:\PROGRA~2\IDA\idaiehlp.dll [2013-09-20 168224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]

RoboForm Toolbar Helper - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-12-29 18594008]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-16 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]

TrueSuite Website Log On - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-05-05 1598280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-06 1138536]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-16 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-12-29 24536280]

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-06 1372864]

{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-06 1372864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-12-29 18594008]

{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-06 1138536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"=C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-12-29 109784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29 497648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare Ultimate]

C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe /AutoStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

C:\Program Files\Apoint2K\Apoint.exe [2011-02-19 569200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]

C:\Program Files (x86)\BlueStacks\HD-Agent.exe [2013-08-07 601928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]

C:\Users\Hendriks\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-28 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeAC]

C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [2011-11-22 1327440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

C:\Windows\system32\hkcmd.exe [2013-10-11 399856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP CoolSense]

c:\program files (x86)\hewlett-packard\hp coolsense\coolsense.exe [2011-05-31 1342008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

c:\program files (x86)\hp\hp software update\hpwuschd2.exe [2011-05-10 49208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPOSD]

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-06-13 336440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\Windows\system32\igfxtray.exe [2013-10-11 172016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [2013-12-13 1573184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

C:\Windows\system32\igfxpers.exe [2013-10-11 442352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefault]

C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [2011-06-27 42808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowBatteryBar]

c:\program files\batterybar\showbatterybar.exe [2013-04-11 89600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinnyClock]

C:\Program Files (x86)\XDTK\Skinny Clock\SkinnyClock.exe [2013-01-18 1769472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

c:\program files (x86)\skype\phone\skype.exe [2013-10-02 20472992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall C:]

[]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-01-06 3764024]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\SYSTEM32\igfxdev.dll [2013-10-11 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-27 17:42:56 ----D---- C:\Users\Hendriks\AppData\Roaming\Eusing

2014-01-26 22:41:41 ----D---- C:\rsit

2014-01-26 22:41:41 ----D---- C:\Program Files\trend micro

2014-01-26 22:13:18 ----D---- C:\Program Files (x86)\MyPC Backup

2014-01-26 22:11:35 ----D---- C:\AdwCleaner

2014-01-23 22:31:54 ----A---- C:\Windows\system32\SmartDefragBootTime.exe

2014-01-23 22:31:11 ----A---- C:\Windows\system32\IObitSmartDefragExtension.dll

2014-01-22 18:35:20 ----D---- C:\ProgramData\ProductData

2014-01-22 18:35:03 ----D---- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}

2014-01-20 16:30:42 ----A---- C:\Windows\system32\drivers\HECIx64.sys

2014-01-20 16:30:26 ----D---- C:\Program Files\Synaptics

2014-01-20 16:30:16 ----A---- C:\Windows\system32\drivers\Smb_driver_Intel.sys

2014-01-16 19:22:49 ----A---- C:\Windows\SYSWOW64\javaws.exe

2014-01-16 19:22:38 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

2014-01-16 19:22:38 ----A---- C:\Windows\SYSWOW64\javaw.exe

2014-01-16 19:22:38 ----A---- C:\Windows\SYSWOW64\java.exe

2014-01-15 09:23:30 ----A---- C:\Windows\system32\drivers\usbehci.sys

2014-01-15 09:23:29 ----A---- C:\Windows\system32\drivers\usbuhci.sys

2014-01-15 09:23:29 ----A---- C:\Windows\system32\drivers\usbport.sys

2014-01-15 09:23:29 ----A---- C:\Windows\system32\drivers\usbohci.sys

2014-01-15 09:23:29 ----A---- C:\Windows\system32\drivers\usbhub.sys

2014-01-15 09:23:29 ----A---- C:\Windows\system32\drivers\usbd.sys

2014-01-15 09:23:29 ----A---- C:\Windows\system32\drivers\usbccgp.sys

2014-01-15 09:23:28 ----A---- C:\Windows\system32\win32k.sys

2014-01-15 09:23:27 ----A---- C:\Windows\system32\drivers\netio.sys

2014-01-07 10:17:00 ----D---- C:\DPD

2014-01-07 10:09:25 ----D---- C:\Users\Hendriks\AppData\Roaming\TeamViewer

2014-01-06 23:55:39 ----A---- C:\Windows\system32\drivers\aswstm.sys

======List of files/folders modified in the last 1 month======

2014-02-01 12:57:36 ----D---- C:\Windows

2014-02-01 12:56:13 ----D---- C:\Windows\Temp

2014-02-01 12:54:22 ----D---- C:\Users\Hendriks\AppData\Roaming\Wise Care 365

2014-02-01 12:54:14 ----D---- C:\Windows\system32\config

2014-02-01 12:53:33 ----A---- C:\Windows\SYSWOW64\log.txt

2014-02-01 12:52:48 ----D---- C:\Windows\registration

2014-02-01 12:51:48 ----D---- C:\Windows\debug

2014-02-01 12:31:27 ----D---- C:\Windows\system32\catroot2

2014-02-01 10:38:43 ----D---- C:\Users\Hendriks\AppData\Roaming\SoftGrid Client

2014-02-01 08:58:56 ----D---- C:\Windows\system32\Tasks

2014-02-01 08:50:30 ----D---- C:\Windows\SoftwareDistribution

2014-02-01 08:44:30 ----D---- C:\Windows\system32\LogFiles

2014-02-01 01:26:24 ----SHD---- C:\boot

2014-01-31 23:56:06 ----D---- C:\Windows\SYSWOW64\config

2014-01-31 23:46:22 ----SHD---- C:\System Volume Information

2014-01-31 23:45:11 ----SHD---- C:\Windows\Installer

2014-01-31 23:43:55 ----D---- C:\Windows\SysWOW64

2014-01-31 23:09:29 ----D---- C:\Users\Hendriks\AppData\Roaming\Skype

2014-01-30 17:14:47 ----D---- C:\Program Files\CCleaner

2014-01-30 12:28:16 ----D---- C:\Program Files (x86)\Mozilla Firefox

2014-01-28 00:31:43 ----D---- C:\Windows\system32\wdi

2014-01-27 17:42:50 ----D---- C:\Program Files (x86)\Eusing Cleaner

2014-01-27 12:00:31 ----D---- C:\Windows\System32

2014-01-27 12:00:31 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-01-27 12:00:30 ----D---- C:\Windows\inf

2014-01-27 01:07:25 ----D---- C:\Users\Hendriks\AppData\Roaming\Internet Download Accelerator

2014-01-26 23:57:47 ----D---- C:\Program Files (x86)

2014-01-26 22:41:41 ----RD---- C:\Program Files

2014-01-26 22:13:15 ----HD---- C:\ProgramData

2014-01-26 21:44:29 ----D---- C:\Program Files (x86)\Google

2014-01-26 09:41:08 ----D---- C:\Program Files (x86)\Opera

2014-01-26 02:04:41 ----D---- C:\Program Files\Enigma Software Group

2014-01-26 02:01:50 ----D---- C:\Users\Hendriks\AppData\Roaming\Common

2014-01-26 02:01:50 ----D---- C:\Program Files (x86)\SarbyxTrayClock

2014-01-26 02:01:44 ----D---- C:\Program Files (x86)\Common Files

2014-01-25 20:22:37 ----D---- C:\Program Files (x86)\IObit

2014-01-24 10:48:45 ----D---- C:\Windows\system32\FxsTmp

2014-01-23 22:31:09 ----D---- C:\Windows\system32\drivers

2014-01-23 22:31:03 ----D---- C:\Users\Hendriks\AppData\Roaming\IObit

2014-01-22 18:51:16 ----D---- C:\Windows\Panther

2014-01-22 18:34:59 ----D---- C:\ProgramData\IObit

2014-01-20 16:31:35 ----D---- C:\Windows\system32\catroot

2014-01-20 16:30:43 ----D---- C:\Windows\system32\DriverStore

2014-01-20 16:22:39 ----D---- C:\Windows\Tasks

2014-01-17 09:50:32 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2014-01-16 19:28:39 ----D---- C:\ProgramData\Oracle

2014-01-15 17:39:37 ----D---- C:\Windows\winsxs

2014-01-15 17:06:52 ----D---- C:\Windows\system32\MRT

2014-01-15 17:03:54 ----A---- C:\Windows\system32\MRT.exe

2014-01-07 10:17:00 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2014-01-06 23:55:28 ----A---- C:\Windows\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-10-28 65776]

R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-01-06 207904]

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-27 30008]

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-04-26 557848]

R0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2012-12-30 236216]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]

R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2013-12-24 21184]

R1 aswKbd;aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [2013-10-28 28184]

R1 aswNdisFlt;Avast! Firewall Driver; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [2014-01-08 439648]

R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-10-28 92544]

R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2014-01-06 1034464]

R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2014-01-06 422216]

R1 RapportCerberus_44365;RapportCerberus_44365; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys [2012-12-10 508024]

R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-12-30 224024]

R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-12-30 357272]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2014-01-06 78648]

R2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-08-07 70984]

R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-27 43320]

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2011-02-22 351864]

R3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [2014-01-06 79672]

R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-07-01 4745280]

R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-10-11 5361920]

R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]

R3 MEIx64;Intel® Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2014-01-20 64624]

R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]

R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]

R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]

R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]

R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-01-20 32496]

R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10305; C:\Windows\system32\DRIVERS\stwrt64.sys [2011-05-27 528384]

S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-05-08 9259520]

S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-05-08 301568]

S3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2011-06-16 133160]

S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]

S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]

S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]

S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]

S3 btwaudio;Bluetooth-audioapparaat; C:\Windows\system32\drivers\btwaudio.sys []

S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys []

S3 BTWDPAN;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\btwdpan.sys [2011-05-21 89640]

S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []

S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []

S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]

S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-07-28 57280]

S3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]

S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 RapportIaso;RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [2012-12-10 175352]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-31 19456]

S3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2013-11-19 34848]

S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512]

S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]

S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-10-31 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-10-31 30208]

S3 UrlFilter;UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2013-11-19 23016]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S4 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-03-23 23048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]

R2 AdvancedSystemCareService7;Advanced SystemCare Service 7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-12-09 881440]

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-05-08 203776]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-01-06 50344]

R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-01-06 113704]

R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-08-07 384840]

R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]

R2 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448]

R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-27 30520]

R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]

R2 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]

R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-11-11 341824]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-23 212944]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2011-02-22 326168]

R2 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

R2 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-12-30 1115992]

R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]

R2 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]

R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-17 257928]

S2 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-08-07 393032]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-21 136176]

S2 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]

S2 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-05-21 818232]

S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-12-03 2151200]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]

S2 WatAdminSvc;Windows Activation Technologies-service; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-08 1255736]

S3 cphs;Intel® Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-10-11 279024]

S3 FPLService;TrueSuiteService; C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-05-05 263496]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-21 136176]

S3 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]

S3 STacSV;Audio Service; C:\Program Files\IDT\WDM\STacSV64.exe [2011-05-27 301568]

S4 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-01-14 1024384]

-----------------EOF-----------------

[kape]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  {EF5F59BA-B2AB-48D8-9747-54DF806C73B8};c
 C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com;fs
 C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml;f
 C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\[email="savingsslider@mybrowserbar.com"]savingsslider@mybrowserbar.com[/email];fs
 C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\[email="idamm@westbyte.com"]idamm@westbyte.com[/email];fs
 C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\[email="idapluginff@westbyte.com"]idapluginff@westbyte.com[/email];fs
 C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\[email="idaremote@westbyte.com"]idaremote@westbyte.com[/email];fs
 C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\[email="searchads@instair.net"]searchads@instair.net[/email];fs
 C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362};fs
 C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\searchplugins\yahoo_ff.xml;f
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}];r64
 C:\Program Files (x86)\MyPC Backup;fs
 C:\ProgramData\ProductData;fs
 C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D};fs
 emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[berg444]

Foutmelding: C:\Users\Hendriks\Appdata\Local\Temp\Zoek.hta is geen geldige Win32-toepassing.

Later deze tekst :

Zoek.exe v5.0.0.0 Updated 25-January-2014

Tool run by Hendriks on za 01-02-2014 at 16:31:06,86.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode No Internet Access Detected

Launched: C:\Users\Hendriks\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

===== Runcheck 16:39:07,23 =====

--- Create Environment Variables 16:39:07,98

--- Create System Restore Point 16:39:21,05

--- Checking Input 16:39:56,23

--- AU AppData Check 16:40:18,60

--- Remove From Windows Installer 16:40:25,26

[kape]

Het laatste lijstje wijst er op dat zoek.exe wel degelijk gestart is. Dan moet je dit tooltje nog een hele tijd laten doorlopen tot het alle opdrachten uitgevoerd heeft. Dan krijgt je het finale log te zien. Mocht het toch niet verschijnen, kan je het vinden op je C-partitie onder zoek-results.log. Hang dat log in een volgende bericht.

[berg444]

Zoek results log:

Zoek.exe v5.0.0.0 Updated 25-January-2014

Tool run by Hendriks on za 01-02-2014 at 16:31:06,86.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode No Internet Access Detected

Launched: C:\Users\Hendriks\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

1-2-2014 16:39:54 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\Bonjour deleted successfully

C:\Program Files\Common Files\Apple deleted successfully

C:\ProgramData\Oracle deleted successfully

C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully

C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully

C:\Users\Hendriks\AppData\Roaming\Common deleted successfully

C:\Users\Hendriks\AppData\Roaming\FlashGetBHO deleted successfully

C:\Users\Hendriks\AppData\Roaming\FlashgetSetup deleted successfully

C:\Users\Hendriks\AppData\Roaming\OfferMosquito deleted successfully

C:\Users\Hendriks\AppData\Roaming\TP deleted successfully

C:\Users\Hendriks\AppData\Local\CrashDumps deleted successfully

C:\Users\Hendriks\AppData\Local\DriverTuner deleted successfully

C:\Users\Hendriks\AppData\Local\FuzeZip deleted successfully

C:\Users\Hendriks\AppData\Local\MigWiz deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2200064268-249005537-2647804445-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB41F8EF-7F81-4B98-B828-458D6170BAE3} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2200064268-249005537-2647804445-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default

user.js not found

---- Lines spigot removed from prefs.js ----

user_pref("browser.startup.homepage", "http://nl.search.yahoo.com/?type=198484&fr=spigot-yhp-ff");

---- Lines mybrowserbar modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So

---- FireFox user.js and prefs.js backups ----

prefs_01-02-2014_1652_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}]

==== Deleting Files \ Folders ======================

C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found

C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found

C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found

C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com deleted

C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\savingsslider@mybrowserbar.com deleted

C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\idamm@westbyte.com deleted

C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\idapluginff@westbyte.com deleted

C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\idaremote@westbyte.com deleted

C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\searchads@instair.net deleted

C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} deleted

C:\Program Files (x86)\MyPC Backup deleted

C:\ProgramData\ProductData deleted

C:\Windows\syswow64\appdata deleted

C:\ProgramData\eSellerate deleted

C:\Users\Hendriks\AppData\Roaming\Sammsoft deleted

C:\Users\Hendriks\AppData\Local\BearShare deleted

C:\Users\Hendriks\AppData\Local\blekkotb_031 deleted

C:\Users\Hendriks\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito deleted

C:\Users\Hendriks\AppData\LocalLow\ADSRemoval deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AskToolbar deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted

C:\Windows\SysWow64\searchplugins deleted

C:\Windows\SysWow64\Extensions deleted

C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\bearsharetoolbargaw deleted

C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\ilividtoolbargaw deleted

C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\extensions\adsremoval@adsremoval.net deleted

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml" deleted

"C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\searchplugins\yahoo_ff.xml" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Hendriks\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-01-23 21:31:54 4D5D8058F17C873B4F0792678BAA6534 34080 ----a-w- C:\Windows\Sysnative\SmartDefragBootTime.exe

2014-01-23 21:31:11 6A6E91C06ACDBE1D85A4EC469BBB8EBB 121856 ----a-w- C:\Windows\Sysnative\IObitSmartDefragExtension.dll

====== C:\Windows\Sysnative\drivers =====

2014-01-20 15:30:42 2BB3EAE2EA641515D4B205CAB29E1624 64624 ----a-w- C:\Windows\Sysnative\drivers\HECIx64.sys

2014-01-20 15:30:27 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf

2014-01-20 15:30:16 5476D773EE180AEB9CADA786EA131777 32496 ----a-w- C:\Windows\Sysnative\drivers\Smb_driver_Intel.sys

2014-01-15 08:23:30 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys

2014-01-15 08:23:29 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys

2014-01-15 08:23:29 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys

2014-01-15 08:23:29 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys

2014-01-15 08:23:29 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys

2014-01-15 08:23:29 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys

2014-01-15 08:23:29 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys

2014-01-15 08:23:27 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys

2014-01-06 22:55:39 AAB5F5336EDBB5D99CC7E1A9F4D8F63F 79672 ----a-w- C:\Windows\Sysnative\drivers\aswstm.sys

====== C:\Windows\Tasks ======

2014-02-01 07:58:56 23A3DD995DE995015DDF5C067B757193 3100 ----a-w- C:\Windows\Sysnative\Tasks\ASC7_PerformanceMonitor

2014-01-23 21:31:55 F534CA892FC5D3A72B41B2B7E0AFE391 3170 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefrag3_Update

2014-01-22 17:35:00 36EB60F4E231A2D50A2288C0AE94F3E4 2856 ----a-w- C:\Windows\Sysnative\Tasks\ASC7_SkipUac_Hendriks

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-01-26 21:41:41 -------- d-----w- C:\Program Files\trend micro

2014-01-20 15:30:26 -------- d-----w- C:\Program Files\Synaptics

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Hendriks\AppData\Roaming ======

2014-01-31 23:13:27 7C96A4585234C06B71C7028112E31286 65848 ----a-w- C:\Users\Hendriks\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-27 16:42:56 -------- d-----w- C:\Users\Hendriks\AppData\Roaming\Eusing

2014-01-07 09:09:25 -------- d-----w- C:\Users\Hendriks\AppData\Roaming\TeamViewer

====== C:\Users\Hendriks ======

2014-02-01 11:20:44 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Hendriks\Downloads\RSITx64.exe

2014-01-31 23:13:59 D52DC3CD5A3AF6F0CAA14A7FC79E95E3 11201344 ----a-w- C:\Users\Hendriks\Downloads\iobituninstaller3.1.exe

2014-01-31 22:56:06 F16AF3E14035BEECFAF2EAB2D6ECB40A 241664 ----a-w- C:\Windows\serviceprofiles\Localservice\ntuser.rhk

2014-01-31 22:56:06 6664FCD405B43E6E823B775E1C30432D 245760 ----a-w- C:\Windows\serviceprofiles\networkservice\ntuser.rhk

2014-01-26 01:04:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter

2014-01-23 21:31:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3

2014-01-22 17:35:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller

2014-01-22 17:34:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7

2014-01-16 18:22:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-01-07 09:17:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELISprint

====== C: exe-files ==

2014-02-01 11:20:44 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Hendriks\Downloads\RSITx64.exe

2014-01-31 23:13:59 D52DC3CD5A3AF6F0CAA14A7FC79E95E3 11201344 ----a-w- C:\Users\Hendriks\Downloads\iobituninstaller3.1.exe

2014-01-31 22:31:29 A7AD059307CB4F2B9784FEE589157BAE 1243272 ----a-w- C:\Program Files (x86)\Wise\Wise Registry Cleaner\unins000.exe

2014-01-28 18:11:46 BD556495B9E1E00A2A55D4E6131C2EA0 981160 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.102\32.0.1700.102_32.0.1700.76_chrome_updater.exe

2014-01-26 21:42:08 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Hendriks.exe

2014-01-26 21:11:10 A36B48B1CCE73F596E628282CA878CD4 3944400 ----a-w- C:\Users\Hendriks\AppData\Roaming\Internet Download Accelerator\temp\idasetup_update.exe

2014-01-26 01:10:19 BD2C06273B10B84198BCE3970010E56E 1243272 ----a-w- C:\Program Files (x86)\Wise\Wise Care 365\unins001.exe

2014-01-26 01:02:53 9F04C8F41F522F8CB233B436E2B420B3 919936 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\Downloads\RegHunter_Web_Setup.exe.exe

=== C: other files ==

2014-01-26 01:51:45 F51DBD962DE213C2A22BF6F6C3C9A102 248 ----a-w- C:\Program Files (x86)\Opera\k.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2200064268-249005537-2647804445-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeAAMUpdater-1.0"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 6]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Advanced SystemCare 6"

"hkey"="HKCU"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare Ultimate]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Advanced SystemCare Ultimate"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\IObit\\Advanced SystemCare Ultimate\\ASCTray.exe\" /AutoStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Anti-phishing Domain Advisor]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Anti-phishing Domain Advisor"

"hkey"="HKLM"

"command"="\"C:\\ProgramData\\Anti-phishing Domain Advisor\\visicom_antiphishing.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Apoint"

"hkey"="HKLM"

"command"="C:\\Program Files\\Apoint2K\\Apoint.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="APSDaemon"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlueStacks Agent]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BlueStacks Agent"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\BlueStacks\\HD-Agent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Facebook Update"

"hkey"="HKCU"

"command"="\"C:\\Users\\Hendriks\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FreeAC]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="FreeAC"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\FreeAlarmClock\\FreeAlarmClock.exe -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Google Update"

"hkey"="HKCU"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HotKeysCmds"

"hkey"="HKLM"

"command"="\"C:\\Windows\\system32\\hkcmd.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP CoolSense]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HP CoolSense"

"hkey"="HKLM"

"command"="c:\\program files (x86)\\hewlett-packard\\hp coolsense\\coolsense.exe -byrunkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HP Software Update"

"hkey"="HKLM"

"command"="c:\\program files (x86)\\hp\\hp software update\\hpwuschd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPOSD]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HPOSD"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP On Screen Display\\HPOSD.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IgfxTray"

"hkey"="HKLM"

"command"="\"C:\\Windows\\system32\\igfxtray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IObit Malware Fighter]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IObit Malware Fighter"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\IObit\\IObit Malware Fighter\\IMF.exe\" /autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Persistence"

"hkey"="HKLM"

"command"="\"C:\\Windows\\system32\\igfxpers.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QuickTime Task"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SetDefault]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SetDefault"

"hkey"="HKLM"

"command"="C:\\Program Files\\Hewlett-Packard\\HP LaunchBox\\SetDefault.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShowBatteryBar]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ShowBatteryBar"

"hkey"="HKCU"

"command"="\"c:\\program files\\batterybar\\showbatterybar.exe\" show"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkinnyClock]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SkinnyClock"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\XDTK\\Skinny Clock\\SkinnyClock.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"c:\\program files (x86)\\skype\\phone\\skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Hendriks]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Hendriks\AppData]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Hendriks\AppData\Local]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Hendriks\AppData\Local\Microsoft]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Hendriks\AppData\Local\Microsoft\SkyDrive]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Hendriks\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Hendriks\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"

"item"="Uninstall C:\\Users\\Hendriks\\AppData\\Local\\Microsoft\\SkyDrive\\16.4.6013.0910\\amd64"

"hkey"="HKCU"

"command"="C:\\Windows\\system32\\cmd.exe /q /c rmdir /s /q \"C:\\Users\\Hendriks\\AppData\\Local\\Microsoft\\SkyDrive\\16.4.6013.0910\\amd64\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RapportMgmtService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RasAuto]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RasMan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RemoteAccess]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RemoteRegistry]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RpcLocator]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SamSs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SCardSvr]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SCPolicySvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDRSVC]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\seclogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SecureUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SENS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SensrSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SessionEnv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\sftlist]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\sftvsa]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SharedAccess]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ShellHWDetection]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Skype C2C Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SNMPTRAP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Spooler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\sppuinotify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SpyHunter 4 Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SSDPSRV]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SstpSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\STacSV]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\stisvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\swprv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TabletInputService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TapiSrv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TBS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TermService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Themes]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\THREADORDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TrkWks]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UI0Detect]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UNS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\upnphost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UxSms]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VaultSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\vds]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VSS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\W32Time]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WatAdminSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wbengine]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WbioSrvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wcncsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WcsPlugInService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WdiServiceHost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WdiSystemHost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WebClient]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Wecsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wercplsupport]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WerSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WinDefend]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WinHttpAutoProxySvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Winmgmt]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WinRM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wlidsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wmiApSrv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WMPNetworkSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WPCSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WPDBusEnum]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wscsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WSearch]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wuauserv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wudfsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WwanSvc]

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [17-01-2014 09:50]

C:\Windows\tasks\Driver Booster Update.job --a------ C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [04-11-2013 11:01]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2200064268-249005537-2647804445-1000Core.job --a------ C:\Users\Hendriks\AppData\Local\Facebook\Update\FacebookUpdate.exe [28-05-2013 20:53]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2200064268-249005537-2647804445-1000UA.job --a------ C:\Users\Hendriks\AppData\Local\Facebook\Update\FacebookUpdate.exe [28-05-2013 20:53]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-02-2012 00:21]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-02-2012 00:21]

C:\Windows\tasks\Wise Care 365 PC Checkup Task.job --a------ C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe [21-01-2014 15:25]

C:\Windows\tasks\Wise Disk Cleaner Schedule Task.job --a------ C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [13-11-2013 17:29]

C:\Windows\tasks\Wise Memory Optimizer Task.job --a------ C:\Program Files (x86)\Wise\Wise Care 365\WiseMemoryOptimzer.exe [21-01-2014 15:25]

C:\Windows\tasks\Wise Registry Cleaner Schedule Task.job --a------ C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [23-01-2014 10:34]

C:\Windows\tasks\Wise Turbo Checker.job --a------ C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [21-01-2014 15:25]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\ASC7_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe]

"C:\Windows\SysNative\tasks\ASC7_SkipUac_Hendriks" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]

"C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2200064268-249005537-2647804445-1000Core" [C:\Users\Hendriks\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2200064268-249005537-2647804445-1000UA" [C:\Users\Hendriks\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]

"C:\Windows\SysNative\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMJJKJKMKJMJJJLJLMCNNMJMJJLJCNLMKJLJOJCNOJNMPMIMCNMMMMLJJJKJLMNJLMMMOMPMLJJNJICMIMCNGMCNNMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMMJBJKJLIMJFMGMIMNMJNHICMMJBJKJLIMJJNBJCMKLDJDJGJKJJNKJCMNJKJNIIJLMLMLMPLGIOJHJAJAJBNMJAJCJJNNICMJNDJCMBJDJ"]

"C:\Windows\SysNative\tasks\Run RoboForm TaskBar Icon" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]

"C:\Windows\SysNative\tasks\SmartDefrag3_Update" [C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{DCFCCCDC-7634-45A4-AF9A-386BE334F9A6}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\Wise Care 365 PC Checkup Task" [C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe]

"C:\Windows\SysNative\tasks\Wise Disk Cleaner Schedule Task" [C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe]

"C:\Windows\SysNative\tasks\Wise Memory Optimizer Task" [C:\Program Files (x86)\Wise\Wise Care 365\WiseMemoryOptimzer.exe]

"C:\Windows\SysNative\tasks\Wise Registry Cleaner Schedule Task" [C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe]

"C:\Windows\SysNative\tasks\Wise Turbo Checker" [C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe]

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [29-12-2013 09:43]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default

- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default

2557FBC582910A71CDEB0F22886D118D - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash

2D389D314D1928AA30778229090F9AD3 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll - Shockwave for Director / Shockwave for Director

E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Hendriks\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104

0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Hendriks\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

3A8B50B4FFD1DBFF77E14C8AA5E6C6A5 - C:\Users\Hendriks\AppData\Roaming\Mozilla\Firefox\Profiles\1c6ovwda.default\plugins\npida.dll - Internet Download Accelerator click monitoring plug-in

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

aaaanplonkoccjbnlleoidjplmhgeahe - No path found[]

hdhihajbmafmgilcciomnamcjfkdhikl - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[13-04-2011 23:21]

heloeniedaijefpgpikdfhdjpojnndbn - C:\Program Files (x86)\IDA\ida_chrome.crx[23-01-2012 19:17]

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[22-11-2012 10:30]

nfengeggddojhakldhlpjdlddgkkjkdd - \BrowerProtect\ASC_GhromePlugin.crx[]

Google Docs - Hendriks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Hendriks\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

Google Search - Hendriks\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Block site - Hendriks\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh

Google Wallet - Hendriks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Hendriks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Search Bar"="http://www.bing.com"

"Use Search Asst"="yes"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://www.google.com"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://www.google.com"

"SearchAssistant"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{BB41F8EF-7F81-4B98-B828-458D6170BAE3}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

"Use Search Asst"="no"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{BB41F8EF-7F81-4B98-B828-458D6170BAE3} Yahoo Url="http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}"

[kape]

Er is al behoorlijk wat ongewenst spul van de PC gehaald. Heb je nu nog merkbare problemen ? En zo ja, welke dan ?

[berg444]

Opstarttijd pc 160 á 180 sec.

Laadtijd van grafische pagina's is lang.

Bij grote bewerkingen in bv excel lijkt het geheugen al gauw vol.

Chrome omnibox ( zoeken in adresbalk ) springt na pc opnieuw starten terug op standaardzoekmachine yahoo ipv ingestelde google.

Dit heeft niet geholpen:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo Zoeken - zoeken op het web

O2 - BHO: (no name) - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - (no file)

Klik op 'Fix checked' om de items te verwijderen.