http://www.mysearchresults.com/?c=3525&t=01
- Onderwerp starter horstel
- Startdatum
- Status
Dag horst,
Download
AdwCleaner by Xplode naar het bureaublad.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[S0].txt.
Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[S0].txt als bijlage toe aan het volgende bericht.
Download
- Sluit alle openstaande vensters.
- Dubbelklik op AdwCleaner om hem te starten.
- Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
- Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
- Klik vervolgens op Scan.
- Klik vervolgens op Clean als er items zijn gevonden.
- Klik bij Herstarten Noodzakelijk op OK
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[S0].txt.
Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[S0].txt als bijlage toe aan het volgende bericht.
adwcleaner
adwcleaner
adwcleaner
verwijderen van "mySearch" is niet geluktDag horst,
DownloadAdwCleaner by Xplode naar het bureaublad.
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
- Sluit alle openstaande vensters.
- Dubbelklik op AdwCleaner om hem te starten.
- Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
- Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
- Klik vervolgens op Scan.
- Klik vervolgens op Clean als er items zijn gevonden.
- Klik bij Herstarten Noodzakelijk op OK
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[S0].txt.
Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[S0].txt als bijlage toe aan het volgende bericht.
Verwijderen van malware is een proces dat verschillende stappen inhoudt. Er bestaat niet zoiets als een instant oplossing.
Kan je het gevraagde log van AdwCleaner alvast eens plaatsen?
# AdwCleaner v3.001 - Report created 28/08/2013 at 16:52:36
# Updated 24/08/2013 by Xplode
# Operating System : Windows 8 Pro (64 bits)
# Username : Horst - HORST-PC
# Running from : E:\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : dealplylive
[#] Service Deleted : dealplylivem
[#] Service Deleted : Update lucky leap
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\Program Files (x86)\lucky leap
Folder Deleted : C:\Users\Horst\AppData\Local\cre
Folder Deleted : C:\Users\Horst\AppData\Local\Temp\lucky leap
Folder Deleted : C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Folder Deleted : C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
[!] Folder Deleted : C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
File Deleted : C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineCore.job
File Deleted : C:\WINDOWS\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
File Deleted : C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineUA.job
File Deleted : C:\WINDOWS\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gfhdkohbepelnfckgjinfddmecpngnpb
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C3C45C5F-2F1B-4012-A854-F89DC99F2335}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Key Deleted : HKCU\Software\dealplylive
Key Deleted : HKCU\Software\lucky leap
Key Deleted : HKLM\Software\dealplylive
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v
[ File : C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default\prefs.js ]
-\\ Google Chrome v29.0.1547.62
[ File : C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[0].txt - [9274 octets] - [23/08/2013 11:17:10]
AdwCleaner[R0].txt - [6644 octets] - [28/08/2013 16:52:26]
AdwCleaner[S0].txt - [6466 octets] - [28/08/2013 16:52:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6526 octets] ##########
Download MalwareBytes Anti-Malware bij voorkeur naar het bureaublad.
MalwareBytes' Anti-Malware logbestand plaatsen
- Dubbelklik op mbam-setup-2.0.exe om de installatie van Malwarebytes Anti-Malware te starten.
- Volg de verdere aanwijzingen.
- Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
- Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
- De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.
- Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
- Klik vervolgens op de knop Acties toepassen, bij de melding dat uw computer opnieuw opgestart moet worden klikt u op Nee.
- Klik vervolgens op de knop Bekijk gedetailleerd logboek en klik op de knop exporteer en kies de optie tekstbestand (*.txt).
- Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog en klik vervolgens op de knop Opslaan.
- Dit bestand zal standaard op uw bureaublad worden opgeslagen.
MalwareBytes' Anti-Malware logbestand plaatsen
- Voeg het logbestand wat u zojuist heeft opgeslagen toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in Malwarebytes Anti-Malware bij Historie > Programmalogboeken)
Malwarebytes Anti-Malwarewww.malwarebytes.org
Scan Date: 12/05/2014
Scan Time: 23:26:25
Logfile: log anti-malware.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.12.08
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Horst
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337973
Time Elapsed: 13 min, 25 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, , [10780c441c5f45f1f034d65238ca7e82],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, , [8dfbf957671474c234c64c4d4eb4d828],
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUP.Optional.MySearchResults, HKU\S-1-5-21-19998120-3832150475-219564089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, Search, Good: (302 Moved), Bad: (Search),,[6b1d3b159dde38fe2e7588bd0ef6f10f]
Folders: 9
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Temp\CT2504091, , [dcac77d9245786b073be125c1ee48080],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\MPHPBDJCLJEBBCNFOPFNGMFDACKBBDGF, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\MPHPBDJCLJEBBCNFOPFNGMFDACKBBDGF\3.9.1.9_0, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\MPHPBDJCLJEBBCNFOPFNGMFDACKBBDGF\3.9.1.9_0\images, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\O5FFLKG2.DEFAULT\EXTENSIONS\{2FAB2E94-D6F9-42DE-8839-3510CEF6424B}, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\O5FFLKG2.DEFAULT\EXTENSIONS\{2FAB2E94-D6F9-42DE-8839-3510CEF6424B}\content, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\O5FFLKG2.DEFAULT\EXTENSIONS\{2FAB2E94-D6F9-42DE-8839-3510CEF6424B}\content\images, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\O5FFLKG2.DEFAULT\EXTENSIONS\{2FAB2E94-D6F9-42DE-8839-3510CEF6424B}\defaults, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\O5FFLKG2.DEFAULT\EXTENSIONS\{2FAB2E94-D6F9-42DE-8839-3510CEF6424B}\defaults\preferences, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
Files: 16
PUP.Optional.Softonic, C:\Users\Horst\Desktop\SoftonicDownloader_voor_dj-music-mixer.exe, , [7e0a72ded7a405312787f80b01006c94],
PUP.Optional.Softonic, C:\Users\Horst\Desktop\SoftonicDownloader_voor_windirstat.exe, , [0f7938187b006ec8baf46a9913ee0000],
PUP.Optional.OpenCandy, C:\Users\Horst\Desktop\yosetup.exe, , [e8a081cfbfbc44f2fa194425ee16fb05],
Trojan.Agent, C:\Users\Horst\AppData\Local\dpqs.exe, , [45430e42f784d85edbae6894d927867a],
PUP.Optional.Spigot.A, C:\Windows\Installer\47a15.msi, , [fe8a123ea2d98aac453bb96d669a03fd],
PUP.Optional.Incredibar.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, , [6622f65aee8dd75f04b0d0b3996955ab],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\background.js, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\manifest.json, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\images\icon128.png, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\images\icon16.png, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\images\icon48.png, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\chrome.manifest, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\install.rdf, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\content\savesense.xul, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\content\images\icon32.png, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.Trovi.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "search_url": "http://www.trovi.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M3037DF00-ACBA-497C-ADA2-699C501D1EBD&SearchSource=58&CUI=&UM=5&UP=SPEC3104FC-B90D-40AC-BEAD-842B75A0BDFA&q={searchTerms}&SSPV=",), ,[790fa5abd4a78caaeb335f125ea6b64a]
Physical Sectors: 0
(No malicious items detected)
(end)
Scan Date: 12/05/2014
Scan Time: 23:26:25
Logfile: log anti-malware.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.12.08
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Horst
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337973
Time Elapsed: 13 min, 25 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, , [10780c441c5f45f1f034d65238ca7e82],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, , [8dfbf957671474c234c64c4d4eb4d828],
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUP.Optional.MySearchResults, HKU\S-1-5-21-19998120-3832150475-219564089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, Search, Good: (302 Moved), Bad: (Search),,[6b1d3b159dde38fe2e7588bd0ef6f10f]
Folders: 9
PUP.Optional.Conduit.A, C:\Users\Horst\AppData\Local\Temp\CT2504091, , [dcac77d9245786b073be125c1ee48080],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\MPHPBDJCLJEBBCNFOPFNGMFDACKBBDGF, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\MPHPBDJCLJEBBCNFOPFNGMFDACKBBDGF\3.9.1.9_0, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\MPHPBDJCLJEBBCNFOPFNGMFDACKBBDGF\3.9.1.9_0\images, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\O5FFLKG2.DEFAULT\EXTENSIONS\{2FAB2E94-D6F9-42DE-8839-3510CEF6424B}, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\O5FFLKG2.DEFAULT\EXTENSIONS\{2FAB2E94-D6F9-42DE-8839-3510CEF6424B}\content, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\O5FFLKG2.DEFAULT\EXTENSIONS\{2FAB2E94-D6F9-42DE-8839-3510CEF6424B}\content\images, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\O5FFLKG2.DEFAULT\EXTENSIONS\{2FAB2E94-D6F9-42DE-8839-3510CEF6424B}\defaults, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\O5FFLKG2.DEFAULT\EXTENSIONS\{2FAB2E94-D6F9-42DE-8839-3510CEF6424B}\defaults\preferences, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
Files: 16
PUP.Optional.Softonic, C:\Users\Horst\Desktop\SoftonicDownloader_voor_dj-music-mixer.exe, , [7e0a72ded7a405312787f80b01006c94],
PUP.Optional.Softonic, C:\Users\Horst\Desktop\SoftonicDownloader_voor_windirstat.exe, , [0f7938187b006ec8baf46a9913ee0000],
PUP.Optional.OpenCandy, C:\Users\Horst\Desktop\yosetup.exe, , [e8a081cfbfbc44f2fa194425ee16fb05],
Trojan.Agent, C:\Users\Horst\AppData\Local\dpqs.exe, , [45430e42f784d85edbae6894d927867a],
PUP.Optional.Spigot.A, C:\Windows\Installer\47a15.msi, , [fe8a123ea2d98aac453bb96d669a03fd],
PUP.Optional.Incredibar.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, , [6622f65aee8dd75f04b0d0b3996955ab],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\background.js, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\manifest.json, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\images\icon128.png, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\images\icon16.png, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.DealPly.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\images\icon48.png, , [5c2c5cf46c0fd363e7574e2009f903fd],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\chrome.manifest, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\install.rdf, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\content\savesense.xul, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.SaveSense.A, C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\content\images\icon32.png, , [e8a0d878b9c2a78fc9fda7cc29d91ee2],
PUP.Optional.Trovi.A, C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "search_url": "http://www.trovi.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M3037DF00-ACBA-497C-ADA2-699C501D1EBD&SearchSource=58&CUI=&UM=5&UP=SPEC3104FC-B90D-40AC-BEAD-842B75A0BDFA&q={searchTerms}&SSPV=",), ,[790fa5abd4a78caaeb335f125ea6b64a]
Physical Sectors: 0
(No malicious items detected)
(end)
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie).
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
Plaats eveneens het juiste log van AdwCleaner eens. Hetgeen je hierboven gepost hebt, dateert van 28/08/2013.
Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie).
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
- Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
- Dubbelklik op Zoek.exe om de tool te starten.
- Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
- Klik nu op de knop "Run script".
- Er verschijnt een popup met de melding dat er geen script aangetroffen is, druk gewoon op OK.
- Zoek.exe gaat nu een scan + reparatie uitvoeren, bij sommige systemen kan deze langer dan een half uur duren.
- Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
- Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
- Post het geopende logje in het volgende bericht.
Plaats eveneens het juiste log van AdwCleaner eens. Hetgeen je hierboven gepost hebt, dateert van 28/08/2013.
Laatst bewerkt:
# AdwCleaner v3.208 - Rapport aangemaakt 13/05/2014 op 18:45:32
# Laatste Update 11/05/2014 door Xplode
# Besturingssysteem : Windows 8.1 Pro (64 bits)
# Gebruikersnaam : Horst - HORST-PC
# Gestart vanuit : E:\Desktop\Cleaners\adwcleaner.exe
# Optie : Scannen
***** [ Services ] *****
***** [ Bestanden / Mappen ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{0f9af7e3-3853-473f-a49b-e470a3a41501}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{10e9e863-3913-40d0-903d-d46deb18c982}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{8EBACD89-5466-4E68-B81A-42A3117B1A41}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{dadf82fd-0783-4ca9-98aa-615f657a2a9e}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{DC452618-6778-4736-90A9-7925BCA540D6}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{0f9af7e3-3853-473f-a49b-e470a3a41501}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{dadf82fd-0783-4ca9-98aa-615f657a2a9e}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{0f9af7e3-3853-473f-a49b-e470a3a41501}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{10e9e863-3913-40d0-903d-d46deb18c982}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{8EBACD89-5466-4E68-B81A-42A3117B1A41}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{dadf82fd-0783-4ca9-98aa-615f657a2a9e}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{DC452618-6778-4736-90A9-7925BCA540D6}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{0f9af7e3-3853-473f-a49b-e470a3a41501}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{dadf82fd-0783-4ca9-98aa-615f657a2a9e}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17037
-\\ Mozilla Firefox v
[ Bestand : C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ Bestand : C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gevonden [Extension] : mphpbdjcljebbcnfopfngmfdackbbdgf
*************************
AdwCleaner[0].txt - [9274 octets] - [23/08/2013 11:17:10]
AdwCleaner[R0].txt - [6644 octets] - [28/08/2013 16:52:26]
AdwCleaner[R1].txt - [7285 octets] - [09/09/2013 09:42:30]
AdwCleaner[R2].txt - [15844 octets] - [12/05/2014 13:24:22]
AdwCleaner[R3].txt - [2841 octets] - [12/05/2014 13:32:15]
AdwCleaner[R4].txt - [2360 octets] - [13/05/2014 18:45:32]
AdwCleaner[S0].txt - [6610 octets] - [28/08/2013 16:52:49]
AdwCleaner[S1].txt - [7442 octets] - [09/09/2013 09:42:50]
AdwCleaner[S2].txt - [14009 octets] - [12/05/2014 13:27:51]
AdwCleaner[S3].txt - [2220 octets] - [12/05/2014 13:32:58]
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [2661 octets] ##########
# Laatste Update 11/05/2014 door Xplode
# Besturingssysteem : Windows 8.1 Pro (64 bits)
# Gebruikersnaam : Horst - HORST-PC
# Gestart vanuit : E:\Desktop\Cleaners\adwcleaner.exe
# Optie : Scannen
***** [ Services ] *****
***** [ Bestanden / Mappen ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{0f9af7e3-3853-473f-a49b-e470a3a41501}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{10e9e863-3913-40d0-903d-d46deb18c982}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{8EBACD89-5466-4E68-B81A-42A3117B1A41}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{dadf82fd-0783-4ca9-98aa-615f657a2a9e}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{DC452618-6778-4736-90A9-7925BCA540D6}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{0f9af7e3-3853-473f-a49b-e470a3a41501}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{dadf82fd-0783-4ca9-98aa-615f657a2a9e}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{0f9af7e3-3853-473f-a49b-e470a3a41501}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{10e9e863-3913-40d0-903d-d46deb18c982}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{8EBACD89-5466-4E68-B81A-42A3117B1A41}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{dadf82fd-0783-4ca9-98aa-615f657a2a9e}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{DC452618-6778-4736-90A9-7925BCA540D6}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{0f9af7e3-3853-473f-a49b-e470a3a41501}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{dadf82fd-0783-4ca9-98aa-615f657a2a9e}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17037
-\\ Mozilla Firefox v
[ Bestand : C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ Bestand : C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gevonden [Extension] : mphpbdjcljebbcnfopfngmfdackbbdgf
*************************
AdwCleaner[0].txt - [9274 octets] - [23/08/2013 11:17:10]
AdwCleaner[R0].txt - [6644 octets] - [28/08/2013 16:52:26]
AdwCleaner[R1].txt - [7285 octets] - [09/09/2013 09:42:30]
AdwCleaner[R2].txt - [15844 octets] - [12/05/2014 13:24:22]
AdwCleaner[R3].txt - [2841 octets] - [12/05/2014 13:32:15]
AdwCleaner[R4].txt - [2360 octets] - [13/05/2014 18:45:32]
AdwCleaner[S0].txt - [6610 octets] - [28/08/2013 16:52:49]
AdwCleaner[S1].txt - [7442 octets] - [09/09/2013 09:42:50]
AdwCleaner[S2].txt - [14009 octets] - [12/05/2014 13:27:51]
AdwCleaner[S3].txt - [2220 octets] - [12/05/2014 13:32:58]
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [2661 octets] ##########
hier het resultaat:
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Horst on do 15/05/2014 at 18:21:49,79.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: E:\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]
==== System Restore Info ======================
15/05/2014 19:35:40 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Astonsoft deleted successfully
C:\PROGRA~2\Avira deleted successfully
C:\PROGRA~2\Cyanide deleted successfully
C:\PROGRA~2\dumps deleted successfully
C:\PROGRA~2\FSX Flight Weather Report deleted successfully
C:\PROGRA~2\GUMF88A.tmp deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\Vstep deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\4shared Desktop deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\WinZipEC deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully
C:\Users\Horst\AppData\Roaming\gnupg deleted successfully
C:\Users\Horst\AppData\Roaming\JAM Software deleted successfully
C:\Users\Horst\AppData\Roaming\passport_photo deleted successfully
C:\Users\Horst\AppData\Roaming\QuickScan deleted successfully
C:\Users\Horst\AppData\Roaming\The Complete Genealogy Reporter - FTB deleted successfully
C:\Users\Horst\AppData\Roaming\TP deleted successfully
C:\Users\Horst\AppData\Roaming\Xilisoft deleted successfully
C:\Users\Horst\AppData\Local\FunnyGames deleted successfully
C:\Users\Horst\AppData\Local\Netlog deleted successfully
C:\Users\Horst\AppData\Local\PowerChallenge deleted successfully
C:\Users\Horst\AppData\Local\Yenka deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{60DDAFE1-BCD2-415E-A317-68781053E435} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AB9D455F-727D-4943-A376-ABA36BCFD772} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B138DCB2-DD12-443C-BC25-8592488F3C6B} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EE0FF406-A246-4336-B248-4AAFFD07A885} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37483B40-C254-4A72-BDA4-22EE90182C1E} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{37483B40-C254-4A72-BDA4-22EE90182C1E} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found
"C:\WINDOWS\Installer\47a15.msi" not found
C:\PROGRA~2\Dolphin3D Web Browser deleted
C:\PROGRA~2\NCH Software\Components\NCHToolbars deleted
C:\search.sqlite deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Horst\AppData\Local\qs.dll deleted
C:\Users\Horst\AppData\Local\qs64.dll deleted
C:\Users\Horst\AppData\Local\BearShare deleted
C:\Users\Horst\AppData\LocalLow\IObit Apps deleted
C:\Users\Horst\AppData\LocalLow\ADSRemoval deleted
C:\WINDOWS\wininit.ini deleted
C:\windows\SysNative\tasks\Lyric Star Update deleted
C:\WINDOWS\tasks\Lyric Star Update.job deleted
C:\prefs.js deleted
C:\WINDOWS\SysWow64\searchplugins deleted
C:\WINDOWS\SysWow64\Extensions deleted
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged deleted
C:\Users\Horst\Desktop\SoftonicDownloader_voor_dj-music-mixer.exe deleted
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\searchads@instair.net deleted
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default\extensions\searchads@instair.net deleted
"C:\Users\Horst\AppData\Local\{33B0F7F2-A991-4812-935E-DAFA70855F61}" deleted
"C:\Users\Horst\AppData\Local\{E1809B34-D624-4456-9957-F5867E6BA68A}" deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2014-04-18 13:53:25 81394C91B7B5A7C799E249AE82491F13 2373784 ----a-w- C:\WINDOWS\explorer.exe
====== C:\Users\Horst\AppData\Local\Temp ====
2014-05-12 10:48:49 28E799F91E4FB0B663F9B5206F17AA3B 6281920 ----a-w- C:\Users\Horst\AppData\Local\Temp\nsjC422\SpSetup.exe
2014-05-12 08:01:21 715652A32ED8ABB89492445A38FC20D0 5484016 ----a-w- C:\Users\Horst\AppData\Local\Temp\pcspeedup.exe
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-05-14 09:17:28 BE753D2FF471EA25421D931EF23DCDD3 105464 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:17:28 2A01A10CCCA38214C5E678D4E41D52F3 693240 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-14 08:40:15 1DEC681B79501A714F0D3FA2787183C3 305152 ----a-w- C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 08:38:50 EB5347F6149D3FF25F4D609A21A3BD67 17382912 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 08:38:49 FBCF3F01177953EBF1E735643621CCF5 69632 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 08:38:48 BA4FA107EF9A728C58A81B2EFCD6FE2B 26784 ----a-w- C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 08:38:48 6923D6FAB7CBA8D82BD792182B4F3DE4 80032 ----a-w- C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 08:38:44 9A11476467400E32083BCBF7A06EFF18 11792384 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 08:38:43 51B615EF9408277FEF586EB97583844E 666624 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 08:38:43 3F0DB8120F65E3223B4EAF6CA4CDB3C5 754688 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 08:38:43 0542A44401EA9451D82D3DF4BF3BD871 419928 ----a-w- C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 08:38:42 DC72DC452793C9622E6F056B89F9302C 123904 ----a-w- C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 08:38:42 D8C63F333D4A8D8433849A9ADC092BE9 31232 ----a-w- C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 08:38:42 AB3A013BA1C50B2309E5BF8136600656 828928 ----a-w- C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 08:38:42 8DA8026471B3470085B4AFB9C77BF45F 25088 ----a-w- C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 08:38:42 82119579B000F62D96B083BC6A246C07 80896 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 08:38:38 B5507F49CB2E2516746BD55B9F671925 18679728 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2014-05-02 18:45:35 B5B3334F177CED627C2D7FE38235B6B1 2724864 ----a-w- C:\WINDOWS\SysWOW64\mshtml.tlb
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-05-14 08:40:15 326715361A7D1C65983BFE920990E4EF 308224 ----a-w- C:\WINDOWS\Sysnative\wusa.exe
2014-05-14 08:38:52 A920E1336F9FEA95477763E2CC15891B 84992 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll
2014-05-14 08:38:52 797E2E5C309AFF76990D5B7AF457EACA 23544320 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2014-05-14 08:38:48 D178F55D53B9A10FFBDC134C95517846 28320 ----a-w- C:\WINDOWS\Sysnative\mrt100.dll
2014-05-14 08:38:48 A750229C96A406EE123F43916053F142 86688 ----a-w- C:\WINDOWS\Sysnative\mrt_map.dll
2014-05-14 08:38:46 7E609FBF50774CC5A239420FE34EBB9C 3464192 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2014-05-14 08:38:46 3DF281C1553A6124DEF875C19D46AC0D 190976 ----a-w- C:\WINDOWS\Sysnative\storewuauth.dll
2014-05-14 08:38:45 739F99ADA1F0A4188F683918809FE7AC 13288960 ----a-w- C:\WINDOWS\Sysnative\twinui.dll
2014-05-14 08:38:44 AF1BC4F5421023D59F1D472C1A4E01CF 921088 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll
2014-05-14 08:38:44 4FB80968811FAD6E88ABFAA98E51305C 1705472 ----a-w- C:\WINDOWS\Sysnative\wucltux.dll
2014-05-14 08:38:43 E859E9B4A0300F56C94D2C69F6F65657 827392 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll
2014-05-14 08:38:43 850FC6B2E385766B9972CDBE947989F6 381440 ----a-w- C:\WINDOWS\Sysnative\WUSettingsProvider.dll
2014-05-14 08:38:43 7F15F3E0F847D90EB3A2124258E6B1DC 54776 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe
2014-05-14 08:38:43 766DCDC7032C4C98E47B8A9F71239E38 555736 ----a-w- C:\WINDOWS\Sysnative\twinapi.appcore.dll
2014-05-14 08:38:43 68CB2B575F0C67BB14590D1471285287 201728 ----a-w- C:\WINDOWS\Sysnative\ubpm.dll
2014-05-14 08:38:43 5F74A7DB62F6D560B0C858A096A37B59 1054208 ----a-w- C:\WINDOWS\Sysnative\twinui.appcore.dll
2014-05-14 08:38:42 FD3638782572A8281BCF12520F6579F4 79872 ----a-w- C:\WINDOWS\Sysnative\WSReset.exe
2014-05-14 08:38:42 E9F333234A5641E2FEF2F5240BDD56B8 35328 ----a-w- C:\WINDOWS\Sysnative\wuapp.exe
2014-05-14 08:38:42 C383B71BAAC22CCE37B99339AEB62F1E 93696 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll
2014-05-14 08:38:42 736046C9AFD66BA29BA61ACD582E7A7B 137728 ----a-w- C:\WINDOWS\Sysnative\wuwebv.dll
2014-05-14 08:38:42 1EC3AACDB335533A7470245C683ACF94 56320 ----a-w- C:\WINDOWS\Sysnative\wups.dll
2014-05-14 08:38:37 06070D4CC64300D473C55ABDC887B63C 21225584 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2014-05-02 18:45:33 94C59DD02BC7EA0E421055B9946CA861 2724864 ----a-w- C:\WINDOWS\Sysnative\mshtml.tlb
====== C:\WINDOWS\Sysnative\drivers =====
2014-05-14 08:40:12 019CC610AD95FF47EAD7C08B7A683B96 257880 ----a-w- C:\WINDOWS\Sysnative\drivers\WdFilter.sys
2014-05-14 08:40:11 6CC1BB8F6851A262E2E824F0E92D5EEF 123224 ----a-w- C:\WINDOWS\Sysnative\drivers\WdNisDrv.sys
2014-05-14 08:40:03 F5D4FA3E1F4879C361FFF3855259D2C2 35856 ----a-w- C:\WINDOWS\Sysnative\drivers\WdBoot.sys
2014-05-12 21:12:27 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2014-05-12 21:12:27 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2014-05-12 21:12:27 3FFFB7F54CD7A792099C10402FCF8F56 63192 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2014-05-12 21:11:06 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2014-04-18 13:53:40 1C80517BE6836A812F6A9B99B8321351 2013016 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys
2014-04-18 13:53:40 179A41249055D5F039F1B6703F3B6D2B 376152 ----a-w- C:\WINDOWS\Sysnative\drivers\clfs.sys
2014-04-18 13:53:27 FEEFE783D87C9063CDAC6DBDCF95F533 2519384 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2014-04-18 13:53:25 C7D252742946DD395670649742FBD73D 1557848 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2014-04-18 13:53:18 E62EAEF0BAC9DD61BF22D4A7F2F18571 679424 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys
2014-04-18 13:53:16 C997E6A37BA8915224B3FB5024A34F69 402944 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys
2014-04-18 13:53:16 4030CB06B8D963A45CED9E60C9F2A11E 379224 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2014-04-18 13:53:15 7FC5667DF73D4B04AA457CC3A4180E09 157016 ----a-w- C:\WINDOWS\Sysnative\drivers\wof.sys
2014-04-18 13:53:14 4627C1FBF2802425A408A2D2AF28CF85 565536 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
2014-04-18 13:53:13 466BDC0006103F2547D308DD3CD64398 245760 ----a-w- C:\WINDOWS\Sysnative\drivers\srvnet.sys
2014-04-18 13:53:12 AC408FA243471C25CDE435C3B83536A9 337752 ----a-w- C:\WINDOWS\Sysnative\drivers\Classpnp.sys
2014-04-18 13:53:11 CFC52C49BEFE4D70D87FFA900EAB9777 467800 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2014-04-18 13:53:11 647C7652FA19F98CADF2BFDA2164BFEC 443392 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys
2014-04-18 13:53:09 F88CC88F4A6D8476F1664E805CA18CC2 180056 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys
2014-04-18 13:53:08 C48CDFD48A43E4AEC8170E1E50A3FACD 428888 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS
2014-04-18 13:53:08 A03F362C5557E238CBFA914689C77248 134144 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys
2014-04-18 13:53:07 BFBE1C5F57FE7A885673A1962D5532B7 136024 ----a-w- C:\WINDOWS\Sysnative\drivers\wfplwfs.sys
2014-04-18 13:53:07 8DB8EAB9D0C6A5DF0BDCADEA239220B4 33280 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidusb.sys
2014-04-18 13:53:07 41CF802064F72E55F50CA0A221FD36D4 49152 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpipreg.sys
2014-04-18 13:53:06 ABB7341766902F5AAB45E15F34D19E15 111616 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys
2014-04-18 13:53:05 1D55DADC22D21883A2F80297F5A5AE48 140288 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys
2014-04-18 13:53:04 FD9C9E9E3F0ED51502C7E8C066BE26B9 79360 ----a-w- C:\WINDOWS\Sysnative\drivers\IPMIDrv.sys
2014-04-18 13:53:03 3E28B99198B514DFEB152EACF913025E 283648 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys
2014-04-18 13:40:35 3595FBDF25F8BA6256072D103937D7D6 311640 -c--a-w- C:\WINDOWS\Sysnative\drivers\volsnap.sys
2014-04-18 13:39:52 F21B77B4D74092A543807D3CEB711A88 1118552 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2014-04-18 13:39:47 9539F7917B4B6D92C90F0FAA6B86C605 539992 -c--a-w- C:\WINDOWS\Sysnative\drivers\acpi.sys
2014-04-18 13:39:40 B2BD017231836DA9F63F41E3A075D73E 590168 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys
2014-04-18 13:39:32 A26AEC49F318FEE141DDDB2C5F99B3E6 249688 ----a-w- C:\WINDOWS\Sysnative\drivers\rdyboost.sys
2014-04-18 13:39:30 233A4C961703D6B3EBA4EC1A3E85AACE 298496 ----a-w- C:\WINDOWS\Sysnative\drivers\ks.sys
2014-04-18 13:39:26 275AFE3FA35E8D78BE97695DF49817C6 280920 -c--a-w- C:\WINDOWS\Sysnative\drivers\pci.sys
2014-04-18 13:39:24 87765EF43C33BE342F4ACB0E3FBF89A6 384856 -c--a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys
2014-04-18 13:39:23 8685379B82AC81187813225905531D1E 272896 -c--a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys
2014-04-18 13:39:22 EA23453240137F6773174E0D93F61A69 148824 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS
2014-04-18 13:39:21 46D1DF775FFF14585218BBE16E5B2C9A 360792 ----a-w- C:\WINDOWS\Sysnative\drivers\fltMgr.sys
2014-04-18 13:39:12 8F39AFEB255487932DFF14D9E0E0FC24 372568 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys
2014-04-18 13:39:10 52E483A3701A5A61A75A06993720347D 551256 -c--a-w- C:\WINDOWS\Sysnative\drivers\vhdmp.sys
2014-04-18 13:39:02 FDEC5799BA499D18AFA3A540538866E7 236888 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2014-04-18 13:39:00 48430B0313FC1CFE3D2400553F1A93CD 325464 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2014-04-18 13:38:59 DDEE191AB32DFC22C6465002ECDF5EE4 124416 ----a-w- C:\WINDOWS\Sysnative\drivers\luafv.sys
2014-04-18 13:38:58 0ECEE590F2E2EF969FB74A6FC583A1E6 663040 ----a-w- C:\WINDOWS\Sysnative\drivers\PEAuth.sys
2014-04-18 13:38:56 02836172141D3AFA35B07679E253E503 151384 -c--a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2014-04-18 13:38:51 EF3AE7773394DF49CE74AF78A1C8D23D 146776 ----a-w- C:\WINDOWS\Sysnative\drivers\msgpioclx.sys
2014-04-18 13:38:50 E515A287C8FAE901EB8FB42F168E14F2 924504 ----a-w- C:\WINDOWS\Sysnative\drivers\refs.sys
2014-04-18 13:38:50 BCFD8B149B3ADF92D0DB1E909CAF0265 79192 ----a-w- C:\WINDOWS\Sysnative\drivers\fileinfo.sys
2014-04-18 13:38:49 38A82F4EE8C416A6744B6D30381ED768 33280 -c--a-w- C:\WINDOWS\Sysnative\drivers\BasicRender.sys
2014-04-18 13:38:48 0B1E929D11A8E358106955603FAC65E8 79192 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdstor.sys
2014-04-18 13:38:41 61A1C2641321A6B89A2B41C5D481EF48 71888 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpfve.sys
2014-04-18 13:38:39 C1F564F324685C088ECAB1933576CF91 54816 ----a-w- C:\WINDOWS\Sysnative\drivers\wpcfltr.sys
2014-04-18 13:38:34 B034A41891A36457B994307DFA772293 189784 -c--a-w- C:\WINDOWS\Sysnative\drivers\UCX01000.SYS
2014-04-18 13:38:32 9DDCA7F18983C5410DEFF79F819DF93C 994136 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys
2014-04-18 13:38:22 9CC0003FB8ED3763B977B43F1012FF63 54272 ----a-w- C:\WINDOWS\Sysnative\drivers\watchdog.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-05-14 09:16:25 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER
2014-04-23 21:01:15 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
======= C: =====
2014-05-15 05:23:25 AE3B8A65C5C66FC7EFAF48B0E3A88EB1 403946 --sha-r- C:\bootmgr
2014-05-15 05:23:25 93B885ADFE0DA089CDF634904FD59F71 1 --sha-w- C:\BOOTNXT
2014-05-12 11:29:08 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\asc_rdflag
====== C:\Users\Horst\AppData\Roaming ======
2014-05-12 08:33:56 -------- d-sh--w- C:\Users\Horst\AppData\Locallow\EmieUserList
2014-05-12 08:33:49 -------- d-sh--w- C:\Users\Horst\AppData\Locallow\EmieSiteList
2014-05-09 09:14:23 -------- d-sh--w- C:\Users\Horst\AppData\Local\EmieUserList
2014-05-09 09:14:23 -------- d-sh--w- C:\Users\Horst\AppData\Local\EmieSiteList
2014-04-23 21:01:29 -------- d-----w- C:\Users\Horst\AppData\Local\Skype
2014-04-18 10:02:38 -------- d-----w- C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
====== C:\Users\Horst ======
2014-05-15 05:23:18 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2014-04-23 21:01:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
====== C: exe-files ==
2014-05-15 06:18:02 A742CCF738AEFEF3078683BD0E803215 739808 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.137\34.0.1847.137_34.0.1847.131_chrome_updater.exe
2014-05-15 05:23:25 E5311963F6B065C9DE0270ADC5927F13 1192280 ----a-w- C:\Boot\memtest.exe
2014-05-14 09:17:28 2A01A10CCCA38214C5E678D4E41D52F3 693240 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 08:40:15 326715361A7D1C65983BFE920990E4EF 308224 ----a-w- C:\Windows\System32\wusa.exe
2014-05-14 08:40:15 1DEC681B79501A714F0D3FA2787183C3 305152 ----a-w- C:\Windows\SysWOW64\wusa.exe
2014-05-14 08:38:43 7F15F3E0F847D90EB3A2124258E6B1DC 54776 ----a-w- C:\Windows\System32\wuauclt.exe
2014-05-14 08:38:42 FD3638782572A8281BCF12520F6579F4 79872 ----a-w- C:\Windows\System32\WSReset.exe
2014-05-14 08:38:42 E9F333234A5641E2FEF2F5240BDD56B8 35328 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-14 08:38:42 D8C63F333D4A8D8433849A9ADC092BE9 31232 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2014-05-14 08:38:42 BE1FAE2B208F1E0B38FD4EF353D067C8 25304 ----a-w- C:\Windows\WinStore\WSHost.exe
2014-05-12 10:48:49 28E799F91E4FB0B663F9B5206F17AA3B 6281920 ----a-w- C:\Users\Horst\AppData\Local\Temp\nsjC422\SpSetup.exe
2014-05-12 08:01:21 715652A32ED8ABB89492445A38FC20D0 5484016 ----a-w- C:\Users\Horst\AppData\Local\Temp\pcspeedup.exe
2014-05-09 06:13:50 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateSetup.exe
2014-05-09 06:13:50 6FC454773ABF8DE9A33B35E03525140D 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe
2014-05-09 06:13:50 49B70FBEEC01A69CA9AC115C109E9CDD 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateBroker.exe
2014-05-09 06:13:49 D893431503D5112DC3B799DF963D2AC8 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateComRegisterShell64.exe
2014-05-09 06:13:49 D5A444B63637EC0932172C6719A10252 263048 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
2014-05-09 06:13:49 720546B84ED5229E1584C8F3533A2F12 328072 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
2014-05-09 06:13:49 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdate.exe
2014-05-09 06:13:48 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.7\GoogleUpdateSetup.exe
=== C: other files ==
2014-05-14 08:40:12 019CC610AD95FF47EAD7C08B7A683B96 257880 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2014-05-14 08:40:11 6CC1BB8F6851A262E2E824F0E92D5EEF 123224 ----a-w- C:\Windows\System32\drivers\WdNisDrv.sys
2014-05-14 08:40:03 F5D4FA3E1F4879C361FFF3855259D2C2 35856 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2014-05-12 21:12:27 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-12 21:12:27 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 21:12:27 3FFFB7F54CD7A792099C10402FCF8F56 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 21:11:06 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"1C12C4804E7F71814BDEDAEBA5FC8C7C502F7A64._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Spotify Web Helper"="C:\Users\Horst\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"QuickScanner"="C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe"
"SkyDrive"="C:\Users\Horst\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"BitTorrent"="C:\Users\Horst\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED"
"MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"AdobeCS4ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"1C12C4804E7F71814BDEDAEBA5FC8C7C502F7A64._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Spotify Web Helper"="C:\Users\Horst\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"QuickScanner"="C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe"
"SkyDrive"="C:\Users\Horst\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"BitTorrent"="C:\Users\Horst\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED"
"MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2Service]
"command"="\"C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"hkey"="HKLM"
"item"="Acronis Scheduler2Service"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"hkey"="HKLM"
"item"="Adobe ARM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"hkey"="HKLM"
"item"="Adobe Reader Speed Launcher"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"hkey"="HKLM"
"item"="APSDaemon"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"
"hkey"="HKLM"
"item"="BCSSync"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Corel Photo Downloader]
"command"="\"c:\\Program Files (x86)\\Common Files\\Corel\\Corel PhotoDownloader\\Corel Photo Downloader.exe\" -startup"
"hkey"="HKCU"
"item"="Corel Photo Downloader"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"command"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe"
"hkey"="HKLM"
"item"="HP Software Update"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"item"="iTunesHelper"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MessengerPlusForSkypeService]
"command"="\"C:\\Program Files (x86)\\Yuna Software\\Messenger Plus! for Skype\\MsgPlusForSkypeService.exe\""
"hkey"="HKLM"
"item"="MessengerPlusForSkypeService"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileDocuments]
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ubd.exe"
"hkey"="HKCU"
"item"="MobileDocuments"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyTomTomSA.exe]
"command"="C:\\Program Files (x86)\\MyTomTom 3\\MyTomTomSA.exe"
"hkey"="HKCU"
"item"="MyTomTomSA.exe"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeSyncProcess]
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOSYNC.EXE\""
"hkey"="HKCU"
"item"="OfficeSyncProcess"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkyDrive]
"hkey"="HKCU"
"item"="SkyDrive"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"command"="\"C:\\Users\\Horst\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
"hkey"="HKCU"
"item"="Spotify Web Helper"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"hkey"="HKCU"
"item"="Steam"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"hkey"="HKLM"
"item"="SunJavaUpdateSched"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
"command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\""
"hkey"="HKCU"
"item"="TomTomHOME.exe"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Horst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series.lnk]
"backup"="C:\\Windows\\pss\\Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Windows\\system32\\RunDll32.exe \"C:\\Program Files\\HP\\HP Deskjet 3070 B611 series\\bin\\HPStatusBL.dll\",RunDLLEntry SERIALNUMBER=CN1CL662HH05MQ;CONNECTION=USB;MONITOR=1;"
"item"="Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Horst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]
"backup"="C:\\Windows\\pss\\OneNote 2010 Schermopname en Snel starten.lnk.Startup"
"backupExtension"=".Startup"
"item"="OneNote 2010 Schermopname en Snel starten"
"command"="C:\\PROGRA~2\\Microsoft Office\\Office14\\ONENOTEM.EXE /tsr"
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/05/2014 20:34]
C:\WINDOWS\tasks\ASC7_SkipUac_Horst.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [10/03/2014 16:04]
C:\WINDOWS\tasks\AWC AutoSweep.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe []
C:\WINDOWS\tasks\AWC Update.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe []
C:\WINDOWS\tasks\BearShareNAG.job --a-------- C:\Users\Horst\AppData\Local\Temp\BearShare_setup.exe []
C:\WINDOWS\tasks\Driver Booster SkipUAC (Horst).job --a-------- C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [14/03/2014 18:06]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000Core.job --a-------- C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000UA.job --a-------- C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/11/2010 13:44]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/11/2010 13:44]
C:\WINDOWS\tasks\SmartDefrag.job --a-------- C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe []
C:\WINDOWS\tasks\Uninstaller_SkipUac_Administrator.job --a-------- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [13/02/2014 17:44]
==== Other Scheduled Tasks ======================
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\ASC7_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe]
"C:\WINDOWS\SysNative\tasks\ASC7_SkipUac_Horst" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac]
"C:\WINDOWS\SysNative\tasks\AWC AutoSweep" [C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe]
"C:\WINDOWS\SysNative\tasks\AWC Update" [C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe]
"C:\WINDOWS\SysNative\tasks\BearShareNAG" [C:\Users\Horst\AppData\Local\Temp\BearShare_setup.exe]
"C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\WINDOWS\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]
"C:\WINDOWS\SysNative\tasks\Driver Booster SkipUAC (Horst)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000Core" [C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000UA" [C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag" [C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag3_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag3_Update" [C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe]
"C:\WINDOWS\SysNative\tasks\StartMenuAutoupdate" [C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{F12239DC-6922-4D0B-8128-847BADE83E24}" [C:\Windows\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\{2F811A74-0025-4D6B-92E1-A368958E76FF}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\WINDOWS\SysNative\tasks\{B21789DE-C0D9-4B4E-9944-18232BA6DDA4}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
ProfilePath: C:\Users\Horst\AppData\Roaming\Thunderbird\Profiles\nvog5d1l.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi
ProfilePath: C:\Users\Horst\AppData\Roaming\TomTom\HOME\Profiles\5cjd39gk.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
ProfilePath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
ExtDir: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Torntv 3 - %ExtDir%\trtv3@trtv.com.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default
D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
F6D12679B9112358AC705A1308156F59 - C:\Users\Horst\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
369EC92E676537A3F86C5074BA30FC96 - C:\WINDOWS\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Deleted Firefox Extensions ======================
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\trtv3@trtv.com.xpi deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx[26/10/2012 17:10]
gclijllifhfpomppedeljakfegbcpojn - No path found[]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx[26/10/2012 17:11]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx[23/04/2013 18:35]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17/01/2012 11:45]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gclijllifhfpomppedeljakfegbcpojn - No path found[]
Google Translate - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
Translator for all languages - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdeidgbmcliegnpcbbkhlflkbdpomhk
Advanced SystemCare Surfing Protection - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
TV - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh
YouTube - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
HIFANA X WK TOKYO LAB - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmhjjmolopikkbigemoocmebohfpnmkj
Last updated at time on date - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Webpage Screenshot - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki
Google Search - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Google Calendar - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn
DoNotTrackMe Online Privacy Protection - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd
Content Blocker - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Pixlr Editor - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk
Print - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd
Virtual Keyboard - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
AccelerateTab - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak
Pixlr Touch Up - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig
AD Block - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgjbmhakaffflkjecineeaadpidgikb
Skype Click to Call - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Maps - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh
Google Mail Checker - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Outlook.com Notifier - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmomflkhdooajekmffpilpoenndjppk
DealPly Germany - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Google Wallet - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
TS Magic Player - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg
Lyrics for Google Chrome\u2122 - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek
Picasa - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb
Instagram for Chrome - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb
Outlook.com - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge
Send from Gmail (by Google) - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc
Gmail - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
DefaultTab - C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
==== Chrome Fix ======================
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dj-music-mixer.nl.softonic.com_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nieuws.nl.softonic.com_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgjafhkemfjfgdmjcmhofijphjmaanak deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oglbipcbkmlknhfhabolnniekmlhfoek_0.localstorage deleted successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphpbdjcljebbcnfopfngmfdackbbdgf_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphpbdjcljebbcnfopfngmfdackbbdgf_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.mysearchresults.com/?c=3525&t=01"
"Default_Search_URL"="http://www.google.com/ie"
"Search Bar"="http://www.google.com/ie"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
"Default"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/ie"
"CustomizeSearch"="http://www.google.com"
"SearchAssistant"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{AB9D455F-727D-4943-A376-ABA36BCFD772}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&r="
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{AB9D455F-727D-4943-A376-ABA36BCFD772} Web Search Url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091&CUI=UN19236685451695410&UM=1"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5585B9F705873E14AAEAADDD906BB821 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F9B5855-7850-41E3-AAAE-DADD09B68B12} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5585B9F705873E14AAEAADDD906BB821 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlusForSkypeService deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Horst\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Horst\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Horst\AppData\Local\Mozilla\Firefox\Profiles\o5fflkg2.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=677 folders=165 131791786 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\ginette\AppData\Local\Temp emptied successfully
C:\Users\Horst\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Horst\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on do 15/05/2014 at 21:08:18,67 ======================
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Horst on do 15/05/2014 at 18:21:49,79.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: E:\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]
==== System Restore Info ======================
15/05/2014 19:35:40 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Astonsoft deleted successfully
C:\PROGRA~2\Avira deleted successfully
C:\PROGRA~2\Cyanide deleted successfully
C:\PROGRA~2\dumps deleted successfully
C:\PROGRA~2\FSX Flight Weather Report deleted successfully
C:\PROGRA~2\GUMF88A.tmp deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\Vstep deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\4shared Desktop deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\WinZipEC deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully
C:\Users\Horst\AppData\Roaming\gnupg deleted successfully
C:\Users\Horst\AppData\Roaming\JAM Software deleted successfully
C:\Users\Horst\AppData\Roaming\passport_photo deleted successfully
C:\Users\Horst\AppData\Roaming\QuickScan deleted successfully
C:\Users\Horst\AppData\Roaming\The Complete Genealogy Reporter - FTB deleted successfully
C:\Users\Horst\AppData\Roaming\TP deleted successfully
C:\Users\Horst\AppData\Roaming\Xilisoft deleted successfully
C:\Users\Horst\AppData\Local\FunnyGames deleted successfully
C:\Users\Horst\AppData\Local\Netlog deleted successfully
C:\Users\Horst\AppData\Local\PowerChallenge deleted successfully
C:\Users\Horst\AppData\Local\Yenka deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{60DDAFE1-BCD2-415E-A317-68781053E435} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AB9D455F-727D-4943-A376-ABA36BCFD772} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B138DCB2-DD12-443C-BC25-8592488F3C6B} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EE0FF406-A246-4336-B248-4AAFFD07A885} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37483B40-C254-4A72-BDA4-22EE90182C1E} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{37483B40-C254-4A72-BDA4-22EE90182C1E} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found
"C:\WINDOWS\Installer\47a15.msi" not found
C:\PROGRA~2\Dolphin3D Web Browser deleted
C:\PROGRA~2\NCH Software\Components\NCHToolbars deleted
C:\search.sqlite deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Horst\AppData\Local\qs.dll deleted
C:\Users\Horst\AppData\Local\qs64.dll deleted
C:\Users\Horst\AppData\Local\BearShare deleted
C:\Users\Horst\AppData\LocalLow\IObit Apps deleted
C:\Users\Horst\AppData\LocalLow\ADSRemoval deleted
C:\WINDOWS\wininit.ini deleted
C:\windows\SysNative\tasks\Lyric Star Update deleted
C:\WINDOWS\tasks\Lyric Star Update.job deleted
C:\prefs.js deleted
C:\WINDOWS\SysWow64\searchplugins deleted
C:\WINDOWS\SysWow64\Extensions deleted
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged deleted
C:\Users\Horst\Desktop\SoftonicDownloader_voor_dj-music-mixer.exe deleted
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\searchads@instair.net deleted
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default\extensions\searchads@instair.net deleted
"C:\Users\Horst\AppData\Local\{33B0F7F2-A991-4812-935E-DAFA70855F61}" deleted
"C:\Users\Horst\AppData\Local\{E1809B34-D624-4456-9957-F5867E6BA68A}" deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2014-04-18 13:53:25 81394C91B7B5A7C799E249AE82491F13 2373784 ----a-w- C:\WINDOWS\explorer.exe
====== C:\Users\Horst\AppData\Local\Temp ====
2014-05-12 10:48:49 28E799F91E4FB0B663F9B5206F17AA3B 6281920 ----a-w- C:\Users\Horst\AppData\Local\Temp\nsjC422\SpSetup.exe
2014-05-12 08:01:21 715652A32ED8ABB89492445A38FC20D0 5484016 ----a-w- C:\Users\Horst\AppData\Local\Temp\pcspeedup.exe
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-05-14 09:17:28 BE753D2FF471EA25421D931EF23DCDD3 105464 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:17:28 2A01A10CCCA38214C5E678D4E41D52F3 693240 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-14 08:40:15 1DEC681B79501A714F0D3FA2787183C3 305152 ----a-w- C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 08:38:50 EB5347F6149D3FF25F4D609A21A3BD67 17382912 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 08:38:49 FBCF3F01177953EBF1E735643621CCF5 69632 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 08:38:48 BA4FA107EF9A728C58A81B2EFCD6FE2B 26784 ----a-w- C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 08:38:48 6923D6FAB7CBA8D82BD792182B4F3DE4 80032 ----a-w- C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 08:38:44 9A11476467400E32083BCBF7A06EFF18 11792384 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 08:38:43 51B615EF9408277FEF586EB97583844E 666624 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 08:38:43 3F0DB8120F65E3223B4EAF6CA4CDB3C5 754688 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 08:38:43 0542A44401EA9451D82D3DF4BF3BD871 419928 ----a-w- C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 08:38:42 DC72DC452793C9622E6F056B89F9302C 123904 ----a-w- C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 08:38:42 D8C63F333D4A8D8433849A9ADC092BE9 31232 ----a-w- C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 08:38:42 AB3A013BA1C50B2309E5BF8136600656 828928 ----a-w- C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 08:38:42 8DA8026471B3470085B4AFB9C77BF45F 25088 ----a-w- C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 08:38:42 82119579B000F62D96B083BC6A246C07 80896 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 08:38:38 B5507F49CB2E2516746BD55B9F671925 18679728 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2014-05-02 18:45:35 B5B3334F177CED627C2D7FE38235B6B1 2724864 ----a-w- C:\WINDOWS\SysWOW64\mshtml.tlb
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-05-14 08:40:15 326715361A7D1C65983BFE920990E4EF 308224 ----a-w- C:\WINDOWS\Sysnative\wusa.exe
2014-05-14 08:38:52 A920E1336F9FEA95477763E2CC15891B 84992 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll
2014-05-14 08:38:52 797E2E5C309AFF76990D5B7AF457EACA 23544320 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2014-05-14 08:38:48 D178F55D53B9A10FFBDC134C95517846 28320 ----a-w- C:\WINDOWS\Sysnative\mrt100.dll
2014-05-14 08:38:48 A750229C96A406EE123F43916053F142 86688 ----a-w- C:\WINDOWS\Sysnative\mrt_map.dll
2014-05-14 08:38:46 7E609FBF50774CC5A239420FE34EBB9C 3464192 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2014-05-14 08:38:46 3DF281C1553A6124DEF875C19D46AC0D 190976 ----a-w- C:\WINDOWS\Sysnative\storewuauth.dll
2014-05-14 08:38:45 739F99ADA1F0A4188F683918809FE7AC 13288960 ----a-w- C:\WINDOWS\Sysnative\twinui.dll
2014-05-14 08:38:44 AF1BC4F5421023D59F1D472C1A4E01CF 921088 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll
2014-05-14 08:38:44 4FB80968811FAD6E88ABFAA98E51305C 1705472 ----a-w- C:\WINDOWS\Sysnative\wucltux.dll
2014-05-14 08:38:43 E859E9B4A0300F56C94D2C69F6F65657 827392 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll
2014-05-14 08:38:43 850FC6B2E385766B9972CDBE947989F6 381440 ----a-w- C:\WINDOWS\Sysnative\WUSettingsProvider.dll
2014-05-14 08:38:43 7F15F3E0F847D90EB3A2124258E6B1DC 54776 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe
2014-05-14 08:38:43 766DCDC7032C4C98E47B8A9F71239E38 555736 ----a-w- C:\WINDOWS\Sysnative\twinapi.appcore.dll
2014-05-14 08:38:43 68CB2B575F0C67BB14590D1471285287 201728 ----a-w- C:\WINDOWS\Sysnative\ubpm.dll
2014-05-14 08:38:43 5F74A7DB62F6D560B0C858A096A37B59 1054208 ----a-w- C:\WINDOWS\Sysnative\twinui.appcore.dll
2014-05-14 08:38:42 FD3638782572A8281BCF12520F6579F4 79872 ----a-w- C:\WINDOWS\Sysnative\WSReset.exe
2014-05-14 08:38:42 E9F333234A5641E2FEF2F5240BDD56B8 35328 ----a-w- C:\WINDOWS\Sysnative\wuapp.exe
2014-05-14 08:38:42 C383B71BAAC22CCE37B99339AEB62F1E 93696 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll
2014-05-14 08:38:42 736046C9AFD66BA29BA61ACD582E7A7B 137728 ----a-w- C:\WINDOWS\Sysnative\wuwebv.dll
2014-05-14 08:38:42 1EC3AACDB335533A7470245C683ACF94 56320 ----a-w- C:\WINDOWS\Sysnative\wups.dll
2014-05-14 08:38:37 06070D4CC64300D473C55ABDC887B63C 21225584 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2014-05-02 18:45:33 94C59DD02BC7EA0E421055B9946CA861 2724864 ----a-w- C:\WINDOWS\Sysnative\mshtml.tlb
====== C:\WINDOWS\Sysnative\drivers =====
2014-05-14 08:40:12 019CC610AD95FF47EAD7C08B7A683B96 257880 ----a-w- C:\WINDOWS\Sysnative\drivers\WdFilter.sys
2014-05-14 08:40:11 6CC1BB8F6851A262E2E824F0E92D5EEF 123224 ----a-w- C:\WINDOWS\Sysnative\drivers\WdNisDrv.sys
2014-05-14 08:40:03 F5D4FA3E1F4879C361FFF3855259D2C2 35856 ----a-w- C:\WINDOWS\Sysnative\drivers\WdBoot.sys
2014-05-12 21:12:27 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2014-05-12 21:12:27 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2014-05-12 21:12:27 3FFFB7F54CD7A792099C10402FCF8F56 63192 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2014-05-12 21:11:06 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2014-04-18 13:53:40 1C80517BE6836A812F6A9B99B8321351 2013016 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys
2014-04-18 13:53:40 179A41249055D5F039F1B6703F3B6D2B 376152 ----a-w- C:\WINDOWS\Sysnative\drivers\clfs.sys
2014-04-18 13:53:27 FEEFE783D87C9063CDAC6DBDCF95F533 2519384 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2014-04-18 13:53:25 C7D252742946DD395670649742FBD73D 1557848 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2014-04-18 13:53:18 E62EAEF0BAC9DD61BF22D4A7F2F18571 679424 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys
2014-04-18 13:53:16 C997E6A37BA8915224B3FB5024A34F69 402944 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys
2014-04-18 13:53:16 4030CB06B8D963A45CED9E60C9F2A11E 379224 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2014-04-18 13:53:15 7FC5667DF73D4B04AA457CC3A4180E09 157016 ----a-w- C:\WINDOWS\Sysnative\drivers\wof.sys
2014-04-18 13:53:14 4627C1FBF2802425A408A2D2AF28CF85 565536 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
2014-04-18 13:53:13 466BDC0006103F2547D308DD3CD64398 245760 ----a-w- C:\WINDOWS\Sysnative\drivers\srvnet.sys
2014-04-18 13:53:12 AC408FA243471C25CDE435C3B83536A9 337752 ----a-w- C:\WINDOWS\Sysnative\drivers\Classpnp.sys
2014-04-18 13:53:11 CFC52C49BEFE4D70D87FFA900EAB9777 467800 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2014-04-18 13:53:11 647C7652FA19F98CADF2BFDA2164BFEC 443392 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys
2014-04-18 13:53:09 F88CC88F4A6D8476F1664E805CA18CC2 180056 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys
2014-04-18 13:53:08 C48CDFD48A43E4AEC8170E1E50A3FACD 428888 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS
2014-04-18 13:53:08 A03F362C5557E238CBFA914689C77248 134144 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys
2014-04-18 13:53:07 BFBE1C5F57FE7A885673A1962D5532B7 136024 ----a-w- C:\WINDOWS\Sysnative\drivers\wfplwfs.sys
2014-04-18 13:53:07 8DB8EAB9D0C6A5DF0BDCADEA239220B4 33280 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidusb.sys
2014-04-18 13:53:07 41CF802064F72E55F50CA0A221FD36D4 49152 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpipreg.sys
2014-04-18 13:53:06 ABB7341766902F5AAB45E15F34D19E15 111616 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys
2014-04-18 13:53:05 1D55DADC22D21883A2F80297F5A5AE48 140288 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys
2014-04-18 13:53:04 FD9C9E9E3F0ED51502C7E8C066BE26B9 79360 ----a-w- C:\WINDOWS\Sysnative\drivers\IPMIDrv.sys
2014-04-18 13:53:03 3E28B99198B514DFEB152EACF913025E 283648 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys
2014-04-18 13:40:35 3595FBDF25F8BA6256072D103937D7D6 311640 -c--a-w- C:\WINDOWS\Sysnative\drivers\volsnap.sys
2014-04-18 13:39:52 F21B77B4D74092A543807D3CEB711A88 1118552 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2014-04-18 13:39:47 9539F7917B4B6D92C90F0FAA6B86C605 539992 -c--a-w- C:\WINDOWS\Sysnative\drivers\acpi.sys
2014-04-18 13:39:40 B2BD017231836DA9F63F41E3A075D73E 590168 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys
2014-04-18 13:39:32 A26AEC49F318FEE141DDDB2C5F99B3E6 249688 ----a-w- C:\WINDOWS\Sysnative\drivers\rdyboost.sys
2014-04-18 13:39:30 233A4C961703D6B3EBA4EC1A3E85AACE 298496 ----a-w- C:\WINDOWS\Sysnative\drivers\ks.sys
2014-04-18 13:39:26 275AFE3FA35E8D78BE97695DF49817C6 280920 -c--a-w- C:\WINDOWS\Sysnative\drivers\pci.sys
2014-04-18 13:39:24 87765EF43C33BE342F4ACB0E3FBF89A6 384856 -c--a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys
2014-04-18 13:39:23 8685379B82AC81187813225905531D1E 272896 -c--a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys
2014-04-18 13:39:22 EA23453240137F6773174E0D93F61A69 148824 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS
2014-04-18 13:39:21 46D1DF775FFF14585218BBE16E5B2C9A 360792 ----a-w- C:\WINDOWS\Sysnative\drivers\fltMgr.sys
2014-04-18 13:39:12 8F39AFEB255487932DFF14D9E0E0FC24 372568 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys
2014-04-18 13:39:10 52E483A3701A5A61A75A06993720347D 551256 -c--a-w- C:\WINDOWS\Sysnative\drivers\vhdmp.sys
2014-04-18 13:39:02 FDEC5799BA499D18AFA3A540538866E7 236888 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2014-04-18 13:39:00 48430B0313FC1CFE3D2400553F1A93CD 325464 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2014-04-18 13:38:59 DDEE191AB32DFC22C6465002ECDF5EE4 124416 ----a-w- C:\WINDOWS\Sysnative\drivers\luafv.sys
2014-04-18 13:38:58 0ECEE590F2E2EF969FB74A6FC583A1E6 663040 ----a-w- C:\WINDOWS\Sysnative\drivers\PEAuth.sys
2014-04-18 13:38:56 02836172141D3AFA35B07679E253E503 151384 -c--a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2014-04-18 13:38:51 EF3AE7773394DF49CE74AF78A1C8D23D 146776 ----a-w- C:\WINDOWS\Sysnative\drivers\msgpioclx.sys
2014-04-18 13:38:50 E515A287C8FAE901EB8FB42F168E14F2 924504 ----a-w- C:\WINDOWS\Sysnative\drivers\refs.sys
2014-04-18 13:38:50 BCFD8B149B3ADF92D0DB1E909CAF0265 79192 ----a-w- C:\WINDOWS\Sysnative\drivers\fileinfo.sys
2014-04-18 13:38:49 38A82F4EE8C416A6744B6D30381ED768 33280 -c--a-w- C:\WINDOWS\Sysnative\drivers\BasicRender.sys
2014-04-18 13:38:48 0B1E929D11A8E358106955603FAC65E8 79192 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdstor.sys
2014-04-18 13:38:41 61A1C2641321A6B89A2B41C5D481EF48 71888 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpfve.sys
2014-04-18 13:38:39 C1F564F324685C088ECAB1933576CF91 54816 ----a-w- C:\WINDOWS\Sysnative\drivers\wpcfltr.sys
2014-04-18 13:38:34 B034A41891A36457B994307DFA772293 189784 -c--a-w- C:\WINDOWS\Sysnative\drivers\UCX01000.SYS
2014-04-18 13:38:32 9DDCA7F18983C5410DEFF79F819DF93C 994136 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys
2014-04-18 13:38:22 9CC0003FB8ED3763B977B43F1012FF63 54272 ----a-w- C:\WINDOWS\Sysnative\drivers\watchdog.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-05-14 09:16:25 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER
2014-04-23 21:01:15 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
======= C: =====
2014-05-15 05:23:25 AE3B8A65C5C66FC7EFAF48B0E3A88EB1 403946 --sha-r- C:\bootmgr
2014-05-15 05:23:25 93B885ADFE0DA089CDF634904FD59F71 1 --sha-w- C:\BOOTNXT
2014-05-12 11:29:08 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\asc_rdflag
====== C:\Users\Horst\AppData\Roaming ======
2014-05-12 08:33:56 -------- d-sh--w- C:\Users\Horst\AppData\Locallow\EmieUserList
2014-05-12 08:33:49 -------- d-sh--w- C:\Users\Horst\AppData\Locallow\EmieSiteList
2014-05-09 09:14:23 -------- d-sh--w- C:\Users\Horst\AppData\Local\EmieUserList
2014-05-09 09:14:23 -------- d-sh--w- C:\Users\Horst\AppData\Local\EmieSiteList
2014-04-23 21:01:29 -------- d-----w- C:\Users\Horst\AppData\Local\Skype
2014-04-18 10:02:38 -------- d-----w- C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
====== C:\Users\Horst ======
2014-05-15 05:23:18 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2014-04-23 21:01:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
====== C: exe-files ==
2014-05-15 06:18:02 A742CCF738AEFEF3078683BD0E803215 739808 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.137\34.0.1847.137_34.0.1847.131_chrome_updater.exe
2014-05-15 05:23:25 E5311963F6B065C9DE0270ADC5927F13 1192280 ----a-w- C:\Boot\memtest.exe
2014-05-14 09:17:28 2A01A10CCCA38214C5E678D4E41D52F3 693240 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 08:40:15 326715361A7D1C65983BFE920990E4EF 308224 ----a-w- C:\Windows\System32\wusa.exe
2014-05-14 08:40:15 1DEC681B79501A714F0D3FA2787183C3 305152 ----a-w- C:\Windows\SysWOW64\wusa.exe
2014-05-14 08:38:43 7F15F3E0F847D90EB3A2124258E6B1DC 54776 ----a-w- C:\Windows\System32\wuauclt.exe
2014-05-14 08:38:42 FD3638782572A8281BCF12520F6579F4 79872 ----a-w- C:\Windows\System32\WSReset.exe
2014-05-14 08:38:42 E9F333234A5641E2FEF2F5240BDD56B8 35328 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-14 08:38:42 D8C63F333D4A8D8433849A9ADC092BE9 31232 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2014-05-14 08:38:42 BE1FAE2B208F1E0B38FD4EF353D067C8 25304 ----a-w- C:\Windows\WinStore\WSHost.exe
2014-05-12 10:48:49 28E799F91E4FB0B663F9B5206F17AA3B 6281920 ----a-w- C:\Users\Horst\AppData\Local\Temp\nsjC422\SpSetup.exe
2014-05-12 08:01:21 715652A32ED8ABB89492445A38FC20D0 5484016 ----a-w- C:\Users\Horst\AppData\Local\Temp\pcspeedup.exe
2014-05-09 06:13:50 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateSetup.exe
2014-05-09 06:13:50 6FC454773ABF8DE9A33B35E03525140D 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe
2014-05-09 06:13:50 49B70FBEEC01A69CA9AC115C109E9CDD 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateBroker.exe
2014-05-09 06:13:49 D893431503D5112DC3B799DF963D2AC8 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateComRegisterShell64.exe
2014-05-09 06:13:49 D5A444B63637EC0932172C6719A10252 263048 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
2014-05-09 06:13:49 720546B84ED5229E1584C8F3533A2F12 328072 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
2014-05-09 06:13:49 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdate.exe
2014-05-09 06:13:48 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.7\GoogleUpdateSetup.exe
=== C: other files ==
2014-05-14 08:40:12 019CC610AD95FF47EAD7C08B7A683B96 257880 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2014-05-14 08:40:11 6CC1BB8F6851A262E2E824F0E92D5EEF 123224 ----a-w- C:\Windows\System32\drivers\WdNisDrv.sys
2014-05-14 08:40:03 F5D4FA3E1F4879C361FFF3855259D2C2 35856 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2014-05-12 21:12:27 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-12 21:12:27 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 21:12:27 3FFFB7F54CD7A792099C10402FCF8F56 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 21:11:06 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"1C12C4804E7F71814BDEDAEBA5FC8C7C502F7A64._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Spotify Web Helper"="C:\Users\Horst\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"QuickScanner"="C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe"
"SkyDrive"="C:\Users\Horst\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"BitTorrent"="C:\Users\Horst\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED"
"MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"AdobeCS4ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"1C12C4804E7F71814BDEDAEBA5FC8C7C502F7A64._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Spotify Web Helper"="C:\Users\Horst\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"QuickScanner"="C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe"
"SkyDrive"="C:\Users\Horst\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"BitTorrent"="C:\Users\Horst\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED"
"MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2Service]
"command"="\"C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"hkey"="HKLM"
"item"="Acronis Scheduler2Service"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"hkey"="HKLM"
"item"="Adobe ARM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"hkey"="HKLM"
"item"="Adobe Reader Speed Launcher"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"hkey"="HKLM"
"item"="APSDaemon"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"
"hkey"="HKLM"
"item"="BCSSync"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Corel Photo Downloader]
"command"="\"c:\\Program Files (x86)\\Common Files\\Corel\\Corel PhotoDownloader\\Corel Photo Downloader.exe\" -startup"
"hkey"="HKCU"
"item"="Corel Photo Downloader"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"command"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe"
"hkey"="HKLM"
"item"="HP Software Update"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"item"="iTunesHelper"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MessengerPlusForSkypeService]
"command"="\"C:\\Program Files (x86)\\Yuna Software\\Messenger Plus! for Skype\\MsgPlusForSkypeService.exe\""
"hkey"="HKLM"
"item"="MessengerPlusForSkypeService"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileDocuments]
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ubd.exe"
"hkey"="HKCU"
"item"="MobileDocuments"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyTomTomSA.exe]
"command"="C:\\Program Files (x86)\\MyTomTom 3\\MyTomTomSA.exe"
"hkey"="HKCU"
"item"="MyTomTomSA.exe"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeSyncProcess]
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOSYNC.EXE\""
"hkey"="HKCU"
"item"="OfficeSyncProcess"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkyDrive]
"hkey"="HKCU"
"item"="SkyDrive"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"command"="\"C:\\Users\\Horst\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
"hkey"="HKCU"
"item"="Spotify Web Helper"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"hkey"="HKCU"
"item"="Steam"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"hkey"="HKLM"
"item"="SunJavaUpdateSched"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
"command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\""
"hkey"="HKCU"
"item"="TomTomHOME.exe"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Horst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series.lnk]
"backup"="C:\\Windows\\pss\\Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Windows\\system32\\RunDll32.exe \"C:\\Program Files\\HP\\HP Deskjet 3070 B611 series\\bin\\HPStatusBL.dll\",RunDLLEntry SERIALNUMBER=CN1CL662HH05MQ;CONNECTION=USB;MONITOR=1;"
"item"="Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Horst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]
"backup"="C:\\Windows\\pss\\OneNote 2010 Schermopname en Snel starten.lnk.Startup"
"backupExtension"=".Startup"
"item"="OneNote 2010 Schermopname en Snel starten"
"command"="C:\\PROGRA~2\\Microsoft Office\\Office14\\ONENOTEM.EXE /tsr"
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/05/2014 20:34]
C:\WINDOWS\tasks\ASC7_SkipUac_Horst.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [10/03/2014 16:04]
C:\WINDOWS\tasks\AWC AutoSweep.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe []
C:\WINDOWS\tasks\AWC Update.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe []
C:\WINDOWS\tasks\BearShareNAG.job --a-------- C:\Users\Horst\AppData\Local\Temp\BearShare_setup.exe []
C:\WINDOWS\tasks\Driver Booster SkipUAC (Horst).job --a-------- C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [14/03/2014 18:06]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000Core.job --a-------- C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000UA.job --a-------- C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/11/2010 13:44]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/11/2010 13:44]
C:\WINDOWS\tasks\SmartDefrag.job --a-------- C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe []
C:\WINDOWS\tasks\Uninstaller_SkipUac_Administrator.job --a-------- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [13/02/2014 17:44]
==== Other Scheduled Tasks ======================
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\ASC7_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe]
"C:\WINDOWS\SysNative\tasks\ASC7_SkipUac_Horst" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac]
"C:\WINDOWS\SysNative\tasks\AWC AutoSweep" [C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe]
"C:\WINDOWS\SysNative\tasks\AWC Update" [C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe]
"C:\WINDOWS\SysNative\tasks\BearShareNAG" [C:\Users\Horst\AppData\Local\Temp\BearShare_setup.exe]
"C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\WINDOWS\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]
"C:\WINDOWS\SysNative\tasks\Driver Booster SkipUAC (Horst)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000Core" [C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000UA" [C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag" [C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag3_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag3_Update" [C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe]
"C:\WINDOWS\SysNative\tasks\StartMenuAutoupdate" [C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{F12239DC-6922-4D0B-8128-847BADE83E24}" [C:\Windows\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\{2F811A74-0025-4D6B-92E1-A368958E76FF}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\WINDOWS\SysNative\tasks\{B21789DE-C0D9-4B4E-9944-18232BA6DDA4}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
ProfilePath: C:\Users\Horst\AppData\Roaming\Thunderbird\Profiles\nvog5d1l.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi
ProfilePath: C:\Users\Horst\AppData\Roaming\TomTom\HOME\Profiles\5cjd39gk.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
ProfilePath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
ExtDir: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Torntv 3 - %ExtDir%\trtv3@trtv.com.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default
D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
F6D12679B9112358AC705A1308156F59 - C:\Users\Horst\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
369EC92E676537A3F86C5074BA30FC96 - C:\WINDOWS\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Deleted Firefox Extensions ======================
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\trtv3@trtv.com.xpi deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx[26/10/2012 17:10]
gclijllifhfpomppedeljakfegbcpojn - No path found[]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx[26/10/2012 17:11]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx[23/04/2013 18:35]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17/01/2012 11:45]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gclijllifhfpomppedeljakfegbcpojn - No path found[]
Google Translate - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
Translator for all languages - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdeidgbmcliegnpcbbkhlflkbdpomhk
Advanced SystemCare Surfing Protection - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
TV - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh
YouTube - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
HIFANA X WK TOKYO LAB - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmhjjmolopikkbigemoocmebohfpnmkj
Last updated at time on date - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Webpage Screenshot - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki
Google Search - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Google Calendar - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn
DoNotTrackMe Online Privacy Protection - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd
Content Blocker - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Pixlr Editor - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk
Print - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd
Virtual Keyboard - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
AccelerateTab - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak
Pixlr Touch Up - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig
AD Block - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgjbmhakaffflkjecineeaadpidgikb
Skype Click to Call - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Maps - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh
Google Mail Checker - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Outlook.com Notifier - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmomflkhdooajekmffpilpoenndjppk
DealPly Germany - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Google Wallet - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
TS Magic Player - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg
Lyrics for Google Chrome\u2122 - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek
Picasa - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb
Instagram for Chrome - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb
Outlook.com - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge
Send from Gmail (by Google) - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc
Gmail - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
DefaultTab - C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
==== Chrome Fix ======================
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dj-music-mixer.nl.softonic.com_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nieuws.nl.softonic.com_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgjafhkemfjfgdmjcmhofijphjmaanak deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oglbipcbkmlknhfhabolnniekmlhfoek_0.localstorage deleted successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphpbdjcljebbcnfopfngmfdackbbdgf_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphpbdjcljebbcnfopfngmfdackbbdgf_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.mysearchresults.com/?c=3525&t=01"
"Default_Search_URL"="http://www.google.com/ie"
"Search Bar"="http://www.google.com/ie"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
"Default"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/ie"
"CustomizeSearch"="http://www.google.com"
"SearchAssistant"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{AB9D455F-727D-4943-A376-ABA36BCFD772}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&r="
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{AB9D455F-727D-4943-A376-ABA36BCFD772} Web Search Url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091&CUI=UN19236685451695410&UM=1"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5585B9F705873E14AAEAADDD906BB821 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F9B5855-7850-41E3-AAAE-DADD09B68B12} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5585B9F705873E14AAEAADDD906BB821 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlusForSkypeService deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Horst\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Horst\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Horst\AppData\Local\Mozilla\Firefox\Profiles\o5fflkg2.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=677 folders=165 131791786 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\ginette\AppData\Local\Temp emptied successfully
C:\Users\Horst\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Horst\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on do 15/05/2014 at 21:08:18,67 ======================
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Horst on do 15/05/2014 at 18:21:49,79.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: E:\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]
==== System Restore Info ======================
15/05/2014 19:35:40 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Astonsoft deleted successfully
C:\PROGRA~2\Avira deleted successfully
C:\PROGRA~2\Cyanide deleted successfully
C:\PROGRA~2\dumps deleted successfully
C:\PROGRA~2\FSX Flight Weather Report deleted successfully
C:\PROGRA~2\GUMF88A.tmp deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\Vstep deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\4shared Desktop deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\WinZipEC deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully
C:\Users\Horst\AppData\Roaming\gnupg deleted successfully
C:\Users\Horst\AppData\Roaming\JAM Software deleted successfully
C:\Users\Horst\AppData\Roaming\passport_photo deleted successfully
C:\Users\Horst\AppData\Roaming\QuickScan deleted successfully
C:\Users\Horst\AppData\Roaming\The Complete Genealogy Reporter - FTB deleted successfully
C:\Users\Horst\AppData\Roaming\TP deleted successfully
C:\Users\Horst\AppData\Roaming\Xilisoft deleted successfully
C:\Users\Horst\AppData\Local\FunnyGames deleted successfully
C:\Users\Horst\AppData\Local\Netlog deleted successfully
C:\Users\Horst\AppData\Local\PowerChallenge deleted successfully
C:\Users\Horst\AppData\Local\Yenka deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{60DDAFE1-BCD2-415E-A317-68781053E435} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AB9D455F-727D-4943-A376-ABA36BCFD772} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B138DCB2-DD12-443C-BC25-8592488F3C6B} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EE0FF406-A246-4336-B248-4AAFFD07A885} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37483B40-C254-4A72-BDA4-22EE90182C1E} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{37483B40-C254-4A72-BDA4-22EE90182C1E} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found
"C:\WINDOWS\Installer\47a15.msi" not found
C:\PROGRA~2\Dolphin3D Web Browser deleted
C:\PROGRA~2\NCH Software\Components\NCHToolbars deleted
C:\search.sqlite deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Horst\AppData\Local\qs.dll deleted
C:\Users\Horst\AppData\Local\qs64.dll deleted
C:\Users\Horst\AppData\Local\BearShare deleted
C:\Users\Horst\AppData\LocalLow\IObit Apps deleted
C:\Users\Horst\AppData\LocalLow\ADSRemoval deleted
C:\WINDOWS\wininit.ini deleted
C:\windows\SysNative\tasks\Lyric Star Update deleted
C:\WINDOWS\tasks\Lyric Star Update.job deleted
C:\prefs.js deleted
C:\WINDOWS\SysWow64\searchplugins deleted
C:\WINDOWS\SysWow64\Extensions deleted
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged deleted
C:\Users\Horst\Desktop\SoftonicDownloader_voor_dj-music-mixer.exe deleted
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\searchads@instair.net deleted
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default\extensions\searchads@instair.net deleted
"C:\Users\Horst\AppData\Local\{33B0F7F2-A991-4812-935E-DAFA70855F61}" deleted
"C:\Users\Horst\AppData\Local\{E1809B34-D624-4456-9957-F5867E6BA68A}" deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2014-04-18 13:53:25 81394C91B7B5A7C799E249AE82491F13 2373784 ----a-w- C:\WINDOWS\explorer.exe
====== C:\Users\Horst\AppData\Local\Temp ====
2014-05-12 10:48:49 28E799F91E4FB0B663F9B5206F17AA3B 6281920 ----a-w- C:\Users\Horst\AppData\Local\Temp\nsjC422\SpSetup.exe
2014-05-12 08:01:21 715652A32ED8ABB89492445A38FC20D0 5484016 ----a-w- C:\Users\Horst\AppData\Local\Temp\pcspeedup.exe
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-05-14 09:17:28 BE753D2FF471EA25421D931EF23DCDD3 105464 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:17:28 2A01A10CCCA38214C5E678D4E41D52F3 693240 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-14 08:40:15 1DEC681B79501A714F0D3FA2787183C3 305152 ----a-w- C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 08:38:50 EB5347F6149D3FF25F4D609A21A3BD67 17382912 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 08:38:49 FBCF3F01177953EBF1E735643621CCF5 69632 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 08:38:48 BA4FA107EF9A728C58A81B2EFCD6FE2B 26784 ----a-w- C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 08:38:48 6923D6FAB7CBA8D82BD792182B4F3DE4 80032 ----a-w- C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 08:38:44 9A11476467400E32083BCBF7A06EFF18 11792384 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 08:38:43 51B615EF9408277FEF586EB97583844E 666624 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 08:38:43 3F0DB8120F65E3223B4EAF6CA4CDB3C5 754688 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 08:38:43 0542A44401EA9451D82D3DF4BF3BD871 419928 ----a-w- C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 08:38:42 DC72DC452793C9622E6F056B89F9302C 123904 ----a-w- C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 08:38:42 D8C63F333D4A8D8433849A9ADC092BE9 31232 ----a-w- C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 08:38:42 AB3A013BA1C50B2309E5BF8136600656 828928 ----a-w- C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 08:38:42 8DA8026471B3470085B4AFB9C77BF45F 25088 ----a-w- C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 08:38:42 82119579B000F62D96B083BC6A246C07 80896 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 08:38:38 B5507F49CB2E2516746BD55B9F671925 18679728 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2014-05-02 18:45:35 B5B3334F177CED627C2D7FE38235B6B1 2724864 ----a-w- C:\WINDOWS\SysWOW64\mshtml.tlb
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-05-14 08:40:15 326715361A7D1C65983BFE920990E4EF 308224 ----a-w- C:\WINDOWS\Sysnative\wusa.exe
2014-05-14 08:38:52 A920E1336F9FEA95477763E2CC15891B 84992 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll
2014-05-14 08:38:52 797E2E5C309AFF76990D5B7AF457EACA 23544320 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2014-05-14 08:38:48 D178F55D53B9A10FFBDC134C95517846 28320 ----a-w- C:\WINDOWS\Sysnative\mrt100.dll
2014-05-14 08:38:48 A750229C96A406EE123F43916053F142 86688 ----a-w- C:\WINDOWS\Sysnative\mrt_map.dll
2014-05-14 08:38:46 7E609FBF50774CC5A239420FE34EBB9C 3464192 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2014-05-14 08:38:46 3DF281C1553A6124DEF875C19D46AC0D 190976 ----a-w- C:\WINDOWS\Sysnative\storewuauth.dll
2014-05-14 08:38:45 739F99ADA1F0A4188F683918809FE7AC 13288960 ----a-w- C:\WINDOWS\Sysnative\twinui.dll
2014-05-14 08:38:44 AF1BC4F5421023D59F1D472C1A4E01CF 921088 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll
2014-05-14 08:38:44 4FB80968811FAD6E88ABFAA98E51305C 1705472 ----a-w- C:\WINDOWS\Sysnative\wucltux.dll
2014-05-14 08:38:43 E859E9B4A0300F56C94D2C69F6F65657 827392 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll
2014-05-14 08:38:43 850FC6B2E385766B9972CDBE947989F6 381440 ----a-w- C:\WINDOWS\Sysnative\WUSettingsProvider.dll
2014-05-14 08:38:43 7F15F3E0F847D90EB3A2124258E6B1DC 54776 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe
2014-05-14 08:38:43 766DCDC7032C4C98E47B8A9F71239E38 555736 ----a-w- C:\WINDOWS\Sysnative\twinapi.appcore.dll
2014-05-14 08:38:43 68CB2B575F0C67BB14590D1471285287 201728 ----a-w- C:\WINDOWS\Sysnative\ubpm.dll
2014-05-14 08:38:43 5F74A7DB62F6D560B0C858A096A37B59 1054208 ----a-w- C:\WINDOWS\Sysnative\twinui.appcore.dll
2014-05-14 08:38:42 FD3638782572A8281BCF12520F6579F4 79872 ----a-w- C:\WINDOWS\Sysnative\WSReset.exe
2014-05-14 08:38:42 E9F333234A5641E2FEF2F5240BDD56B8 35328 ----a-w- C:\WINDOWS\Sysnative\wuapp.exe
2014-05-14 08:38:42 C383B71BAAC22CCE37B99339AEB62F1E 93696 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll
2014-05-14 08:38:42 736046C9AFD66BA29BA61ACD582E7A7B 137728 ----a-w- C:\WINDOWS\Sysnative\wuwebv.dll
2014-05-14 08:38:42 1EC3AACDB335533A7470245C683ACF94 56320 ----a-w- C:\WINDOWS\Sysnative\wups.dll
2014-05-14 08:38:37 06070D4CC64300D473C55ABDC887B63C 21225584 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2014-05-02 18:45:33 94C59DD02BC7EA0E421055B9946CA861 2724864 ----a-w- C:\WINDOWS\Sysnative\mshtml.tlb
====== C:\WINDOWS\Sysnative\drivers =====
2014-05-14 08:40:12 019CC610AD95FF47EAD7C08B7A683B96 257880 ----a-w- C:\WINDOWS\Sysnative\drivers\WdFilter.sys
2014-05-14 08:40:11 6CC1BB8F6851A262E2E824F0E92D5EEF 123224 ----a-w- C:\WINDOWS\Sysnative\drivers\WdNisDrv.sys
2014-05-14 08:40:03 F5D4FA3E1F4879C361FFF3855259D2C2 35856 ----a-w- C:\WINDOWS\Sysnative\drivers\WdBoot.sys
2014-05-12 21:12:27 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2014-05-12 21:12:27 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2014-05-12 21:12:27 3FFFB7F54CD7A792099C10402FCF8F56 63192 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2014-05-12 21:11:06 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2014-04-18 13:53:40 1C80517BE6836A812F6A9B99B8321351 2013016 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys
2014-04-18 13:53:40 179A41249055D5F039F1B6703F3B6D2B 376152 ----a-w- C:\WINDOWS\Sysnative\drivers\clfs.sys
2014-04-18 13:53:27 FEEFE783D87C9063CDAC6DBDCF95F533 2519384 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2014-04-18 13:53:25 C7D252742946DD395670649742FBD73D 1557848 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2014-04-18 13:53:18 E62EAEF0BAC9DD61BF22D4A7F2F18571 679424 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys
2014-04-18 13:53:16 C997E6A37BA8915224B3FB5024A34F69 402944 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys
2014-04-18 13:53:16 4030CB06B8D963A45CED9E60C9F2A11E 379224 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2014-04-18 13:53:15 7FC5667DF73D4B04AA457CC3A4180E09 157016 ----a-w- C:\WINDOWS\Sysnative\drivers\wof.sys
2014-04-18 13:53:14 4627C1FBF2802425A408A2D2AF28CF85 565536 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
2014-04-18 13:53:13 466BDC0006103F2547D308DD3CD64398 245760 ----a-w- C:\WINDOWS\Sysnative\drivers\srvnet.sys
2014-04-18 13:53:12 AC408FA243471C25CDE435C3B83536A9 337752 ----a-w- C:\WINDOWS\Sysnative\drivers\Classpnp.sys
2014-04-18 13:53:11 CFC52C49BEFE4D70D87FFA900EAB9777 467800 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2014-04-18 13:53:11 647C7652FA19F98CADF2BFDA2164BFEC 443392 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys
2014-04-18 13:53:09 F88CC88F4A6D8476F1664E805CA18CC2 180056 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys
2014-04-18 13:53:08 C48CDFD48A43E4AEC8170E1E50A3FACD 428888 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS
2014-04-18 13:53:08 A03F362C5557E238CBFA914689C77248 134144 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys
2014-04-18 13:53:07 BFBE1C5F57FE7A885673A1962D5532B7 136024 ----a-w- C:\WINDOWS\Sysnative\drivers\wfplwfs.sys
2014-04-18 13:53:07 8DB8EAB9D0C6A5DF0BDCADEA239220B4 33280 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidusb.sys
2014-04-18 13:53:07 41CF802064F72E55F50CA0A221FD36D4 49152 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpipreg.sys
2014-04-18 13:53:06 ABB7341766902F5AAB45E15F34D19E15 111616 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys
2014-04-18 13:53:05 1D55DADC22D21883A2F80297F5A5AE48 140288 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys
2014-04-18 13:53:04 FD9C9E9E3F0ED51502C7E8C066BE26B9 79360 ----a-w- C:\WINDOWS\Sysnative\drivers\IPMIDrv.sys
2014-04-18 13:53:03 3E28B99198B514DFEB152EACF913025E 283648 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys
2014-04-18 13:40:35 3595FBDF25F8BA6256072D103937D7D6 311640 -c--a-w- C:\WINDOWS\Sysnative\drivers\volsnap.sys
2014-04-18 13:39:52 F21B77B4D74092A543807D3CEB711A88 1118552 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2014-04-18 13:39:47 9539F7917B4B6D92C90F0FAA6B86C605 539992 -c--a-w- C:\WINDOWS\Sysnative\drivers\acpi.sys
2014-04-18 13:39:40 B2BD017231836DA9F63F41E3A075D73E 590168 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys
2014-04-18 13:39:32 A26AEC49F318FEE141DDDB2C5F99B3E6 249688 ----a-w- C:\WINDOWS\Sysnative\drivers\rdyboost.sys
2014-04-18 13:39:30 233A4C961703D6B3EBA4EC1A3E85AACE 298496 ----a-w- C:\WINDOWS\Sysnative\drivers\ks.sys
2014-04-18 13:39:26 275AFE3FA35E8D78BE97695DF49817C6 280920 -c--a-w- C:\WINDOWS\Sysnative\drivers\pci.sys
2014-04-18 13:39:24 87765EF43C33BE342F4ACB0E3FBF89A6 384856 -c--a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys
2014-04-18 13:39:23 8685379B82AC81187813225905531D1E 272896 -c--a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys
2014-04-18 13:39:22 EA23453240137F6773174E0D93F61A69 148824 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS
2014-04-18 13:39:21 46D1DF775FFF14585218BBE16E5B2C9A 360792 ----a-w- C:\WINDOWS\Sysnative\drivers\fltMgr.sys
2014-04-18 13:39:12 8F39AFEB255487932DFF14D9E0E0FC24 372568 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys
2014-04-18 13:39:10 52E483A3701A5A61A75A06993720347D 551256 -c--a-w- C:\WINDOWS\Sysnative\drivers\vhdmp.sys
2014-04-18 13:39:02 FDEC5799BA499D18AFA3A540538866E7 236888 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2014-04-18 13:39:00 48430B0313FC1CFE3D2400553F1A93CD 325464 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2014-04-18 13:38:59 DDEE191AB32DFC22C6465002ECDF5EE4 124416 ----a-w- C:\WINDOWS\Sysnative\drivers\luafv.sys
2014-04-18 13:38:58 0ECEE590F2E2EF969FB74A6FC583A1E6 663040 ----a-w- C:\WINDOWS\Sysnative\drivers\PEAuth.sys
2014-04-18 13:38:56 02836172141D3AFA35B07679E253E503 151384 -c--a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2014-04-18 13:38:51 EF3AE7773394DF49CE74AF78A1C8D23D 146776 ----a-w- C:\WINDOWS\Sysnative\drivers\msgpioclx.sys
2014-04-18 13:38:50 E515A287C8FAE901EB8FB42F168E14F2 924504 ----a-w- C:\WINDOWS\Sysnative\drivers\refs.sys
2014-04-18 13:38:50 BCFD8B149B3ADF92D0DB1E909CAF0265 79192 ----a-w- C:\WINDOWS\Sysnative\drivers\fileinfo.sys
2014-04-18 13:38:49 38A82F4EE8C416A6744B6D30381ED768 33280 -c--a-w- C:\WINDOWS\Sysnative\drivers\BasicRender.sys
2014-04-18 13:38:48 0B1E929D11A8E358106955603FAC65E8 79192 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdstor.sys
2014-04-18 13:38:41 61A1C2641321A6B89A2B41C5D481EF48 71888 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpfve.sys
2014-04-18 13:38:39 C1F564F324685C088ECAB1933576CF91 54816 ----a-w- C:\WINDOWS\Sysnative\drivers\wpcfltr.sys
2014-04-18 13:38:34 B034A41891A36457B994307DFA772293 189784 -c--a-w- C:\WINDOWS\Sysnative\drivers\UCX01000.SYS
2014-04-18 13:38:32 9DDCA7F18983C5410DEFF79F819DF93C 994136 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys
2014-04-18 13:38:22 9CC0003FB8ED3763B977B43F1012FF63 54272 ----a-w- C:\WINDOWS\Sysnative\drivers\watchdog.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-05-14 09:16:25 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER
2014-04-23 21:01:15 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
======= C: =====
2014-05-15 05:23:25 AE3B8A65C5C66FC7EFAF48B0E3A88EB1 403946 --sha-r- C:\bootmgr
2014-05-15 05:23:25 93B885ADFE0DA089CDF634904FD59F71 1 --sha-w- C:\BOOTNXT
2014-05-12 11:29:08 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\asc_rdflag
====== C:\Users\Horst\AppData\Roaming ======
2014-05-12 08:33:56 -------- d-sh--w- C:\Users\Horst\AppData\Locallow\EmieUserList
2014-05-12 08:33:49 -------- d-sh--w- C:\Users\Horst\AppData\Locallow\EmieSiteList
2014-05-09 09:14:23 -------- d-sh--w- C:\Users\Horst\AppData\Local\EmieUserList
2014-05-09 09:14:23 -------- d-sh--w- C:\Users\Horst\AppData\Local\EmieSiteList
2014-04-23 21:01:29 -------- d-----w- C:\Users\Horst\AppData\Local\Skype
2014-04-18 10:02:38 -------- d-----w- C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
====== C:\Users\Horst ======
2014-05-15 05:23:18 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2014-04-23 21:01:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
====== C: exe-files ==
2014-05-15 06:18:02 A742CCF738AEFEF3078683BD0E803215 739808 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.137\34.0.1847.137_34.0.1847.131_chrome_updater.exe
2014-05-15 05:23:25 E5311963F6B065C9DE0270ADC5927F13 1192280 ----a-w- C:\Boot\memtest.exe
2014-05-14 09:17:28 2A01A10CCCA38214C5E678D4E41D52F3 693240 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 08:40:15 326715361A7D1C65983BFE920990E4EF 308224 ----a-w- C:\Windows\System32\wusa.exe
2014-05-14 08:40:15 1DEC681B79501A714F0D3FA2787183C3 305152 ----a-w- C:\Windows\SysWOW64\wusa.exe
2014-05-14 08:38:43 7F15F3E0F847D90EB3A2124258E6B1DC 54776 ----a-w- C:\Windows\System32\wuauclt.exe
2014-05-14 08:38:42 FD3638782572A8281BCF12520F6579F4 79872 ----a-w- C:\Windows\System32\WSReset.exe
2014-05-14 08:38:42 E9F333234A5641E2FEF2F5240BDD56B8 35328 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-14 08:38:42 D8C63F333D4A8D8433849A9ADC092BE9 31232 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2014-05-14 08:38:42 BE1FAE2B208F1E0B38FD4EF353D067C8 25304 ----a-w- C:\Windows\WinStore\WSHost.exe
2014-05-12 10:48:49 28E799F91E4FB0B663F9B5206F17AA3B 6281920 ----a-w- C:\Users\Horst\AppData\Local\Temp\nsjC422\SpSetup.exe
2014-05-12 08:01:21 715652A32ED8ABB89492445A38FC20D0 5484016 ----a-w- C:\Users\Horst\AppData\Local\Temp\pcspeedup.exe
2014-05-09 06:13:50 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateSetup.exe
2014-05-09 06:13:50 6FC454773ABF8DE9A33B35E03525140D 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe
2014-05-09 06:13:50 49B70FBEEC01A69CA9AC115C109E9CDD 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateBroker.exe
2014-05-09 06:13:49 D893431503D5112DC3B799DF963D2AC8 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateComRegisterShell64.exe
2014-05-09 06:13:49 D5A444B63637EC0932172C6719A10252 263048 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
2014-05-09 06:13:49 720546B84ED5229E1584C8F3533A2F12 328072 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
2014-05-09 06:13:49 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdate.exe
2014-05-09 06:13:48 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.7\GoogleUpdateSetup.exe
=== C: other files ==
2014-05-14 08:40:12 019CC610AD95FF47EAD7C08B7A683B96 257880 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2014-05-14 08:40:11 6CC1BB8F6851A262E2E824F0E92D5EEF 123224 ----a-w- C:\Windows\System32\drivers\WdNisDrv.sys
2014-05-14 08:40:03 F5D4FA3E1F4879C361FFF3855259D2C2 35856 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2014-05-12 21:12:27 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-12 21:12:27 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 21:12:27 3FFFB7F54CD7A792099C10402FCF8F56 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 21:11:06 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"1C12C4804E7F71814BDEDAEBA5FC8C7C502F7A64._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Spotify Web Helper"="C:\Users\Horst\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"QuickScanner"="C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe"
"SkyDrive"="C:\Users\Horst\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"BitTorrent"="C:\Users\Horst\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED"
"MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"AdobeCS4ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"1C12C4804E7F71814BDEDAEBA5FC8C7C502F7A64._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Spotify Web Helper"="C:\Users\Horst\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"QuickScanner"="C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe"
"SkyDrive"="C:\Users\Horst\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"BitTorrent"="C:\Users\Horst\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED"
"MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2Service]
"command"="\"C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"hkey"="HKLM"
"item"="Acronis Scheduler2Service"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"hkey"="HKLM"
"item"="Adobe ARM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"hkey"="HKLM"
"item"="Adobe Reader Speed Launcher"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"hkey"="HKLM"
"item"="APSDaemon"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"
"hkey"="HKLM"
"item"="BCSSync"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Corel Photo Downloader]
"command"="\"c:\\Program Files (x86)\\Common Files\\Corel\\Corel PhotoDownloader\\Corel Photo Downloader.exe\" -startup"
"hkey"="HKCU"
"item"="Corel Photo Downloader"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"command"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe"
"hkey"="HKLM"
"item"="HP Software Update"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"item"="iTunesHelper"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MessengerPlusForSkypeService]
"command"="\"C:\\Program Files (x86)\\Yuna Software\\Messenger Plus! for Skype\\MsgPlusForSkypeService.exe\""
"hkey"="HKLM"
"item"="MessengerPlusForSkypeService"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileDocuments]
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ubd.exe"
"hkey"="HKCU"
"item"="MobileDocuments"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyTomTomSA.exe]
"command"="C:\\Program Files (x86)\\MyTomTom 3\\MyTomTomSA.exe"
"hkey"="HKCU"
"item"="MyTomTomSA.exe"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeSyncProcess]
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOSYNC.EXE\""
"hkey"="HKCU"
"item"="OfficeSyncProcess"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkyDrive]
"hkey"="HKCU"
"item"="SkyDrive"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"command"="\"C:\\Users\\Horst\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
"hkey"="HKCU"
"item"="Spotify Web Helper"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"hkey"="HKCU"
"item"="Steam"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"hkey"="HKLM"
"item"="SunJavaUpdateSched"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
"command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\""
"hkey"="HKCU"
"item"="TomTomHOME.exe"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Horst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series.lnk]
"backup"="C:\\Windows\\pss\\Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Windows\\system32\\RunDll32.exe \"C:\\Program Files\\HP\\HP Deskjet 3070 B611 series\\bin\\HPStatusBL.dll\",RunDLLEntry SERIALNUMBER=CN1CL662HH05MQ;CONNECTION=USB;MONITOR=1;"
"item"="Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Horst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]
"backup"="C:\\Windows\\pss\\OneNote 2010 Schermopname en Snel starten.lnk.Startup"
"backupExtension"=".Startup"
"item"="OneNote 2010 Schermopname en Snel starten"
"command"="C:\\PROGRA~2\\Microsoft Office\\Office14\\ONENOTEM.EXE /tsr"
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/05/2014 20:34]
C:\WINDOWS\tasks\ASC7_SkipUac_Horst.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [10/03/2014 16:04]
C:\WINDOWS\tasks\AWC AutoSweep.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe []
C:\WINDOWS\tasks\AWC Update.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe []
C:\WINDOWS\tasks\BearShareNAG.job --a-------- C:\Users\Horst\AppData\Local\Temp\BearShare_setup.exe []
C:\WINDOWS\tasks\Driver Booster SkipUAC (Horst).job --a-------- C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [14/03/2014 18:06]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000Core.job --a-------- C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000UA.job --a-------- C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/11/2010 13:44]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/11/2010 13:44]
C:\WINDOWS\tasks\SmartDefrag.job --a-------- C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe []
C:\WINDOWS\tasks\Uninstaller_SkipUac_Administrator.job --a-------- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [13/02/2014 17:44]
==== Other Scheduled Tasks ======================
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\ASC7_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe]
"C:\WINDOWS\SysNative\tasks\ASC7_SkipUac_Horst" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac]
"C:\WINDOWS\SysNative\tasks\AWC AutoSweep" [C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe]
"C:\WINDOWS\SysNative\tasks\AWC Update" [C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe]
"C:\WINDOWS\SysNative\tasks\BearShareNAG" [C:\Users\Horst\AppData\Local\Temp\BearShare_setup.exe]
"C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\WINDOWS\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]
"C:\WINDOWS\SysNative\tasks\Driver Booster SkipUAC (Horst)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000Core" [C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000UA" [C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag" [C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag3_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag3_Update" [C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe]
"C:\WINDOWS\SysNative\tasks\StartMenuAutoupdate" [C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{F12239DC-6922-4D0B-8128-847BADE83E24}" [C:\Windows\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\{2F811A74-0025-4D6B-92E1-A368958E76FF}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\WINDOWS\SysNative\tasks\{B21789DE-C0D9-4B4E-9944-18232BA6DDA4}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
ProfilePath: C:\Users\Horst\AppData\Roaming\Thunderbird\Profiles\nvog5d1l.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi
ProfilePath: C:\Users\Horst\AppData\Roaming\TomTom\HOME\Profiles\5cjd39gk.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
ProfilePath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
ExtDir: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Torntv 3 - %ExtDir%\trtv3@trtv.com.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default
D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
F6D12679B9112358AC705A1308156F59 - C:\Users\Horst\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
369EC92E676537A3F86C5074BA30FC96 - C:\WINDOWS\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Deleted Firefox Extensions ======================
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\trtv3@trtv.com.xpi deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx[26/10/2012 17:10]
gclijllifhfpomppedeljakfegbcpojn - No path found[]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx[26/10/2012 17:11]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx[23/04/2013 18:35]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17/01/2012 11:45]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gclijllifhfpomppedeljakfegbcpojn - No path found[]
Google Translate - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
Translator for all languages - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdeidgbmcliegnpcbbkhlflkbdpomhk
Advanced SystemCare Surfing Protection - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
TV - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh
YouTube - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
HIFANA X WK TOKYO LAB - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmhjjmolopikkbigemoocmebohfpnmkj
Last updated at time on date - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Webpage Screenshot - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki
Google Search - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Google Calendar - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn
DoNotTrackMe Online Privacy Protection - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd
Content Blocker - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Pixlr Editor - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk
Print - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd
Virtual Keyboard - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
AccelerateTab - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak
Pixlr Touch Up - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig
AD Block - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgjbmhakaffflkjecineeaadpidgikb
Skype Click to Call - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Maps - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh
Google Mail Checker - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Outlook.com Notifier - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmomflkhdooajekmffpilpoenndjppk
DealPly Germany - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Google Wallet - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
TS Magic Player - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg
Lyrics for Google Chrome\u2122 - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek
Picasa - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb
Instagram for Chrome - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb
Outlook.com - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge
Send from Gmail (by Google) - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc
Gmail - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
DefaultTab - C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
==== Chrome Fix ======================
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dj-music-mixer.nl.softonic.com_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nieuws.nl.softonic.com_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgjafhkemfjfgdmjcmhofijphjmaanak deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oglbipcbkmlknhfhabolnniekmlhfoek_0.localstorage deleted successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphpbdjcljebbcnfopfngmfdackbbdgf_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphpbdjcljebbcnfopfngmfdackbbdgf_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.mysearchresults.com/?c=3525&t=01"
"Default_Search_URL"="http://www.google.com/ie"
"Search Bar"="http://www.google.com/ie"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
"Default"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/ie"
"CustomizeSearch"="http://www.google.com"
"SearchAssistant"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{AB9D455F-727D-4943-A376-ABA36BCFD772}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&r="
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{AB9D455F-727D-4943-A376-ABA36BCFD772} Web Search Url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091&CUI=UN19236685451695410&UM=1"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5585B9F705873E14AAEAADDD906BB821 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F9B5855-7850-41E3-AAAE-DADD09B68B12} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5585B9F705873E14AAEAADDD906BB821 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlusForSkypeService deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Horst\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Horst\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Horst\AppData\Local\Mozilla\Firefox\Profiles\o5fflkg2.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=677 folders=165 131791786 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\ginette\AppData\Local\Temp emptied successfully
C:\Users\Horst\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Horst\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on do 15/05/2014 at 21:08:18,67 ======================
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Horst on do 15/05/2014 at 18:21:49,79.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: E:\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]
==== System Restore Info ======================
15/05/2014 19:35:40 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Astonsoft deleted successfully
C:\PROGRA~2\Avira deleted successfully
C:\PROGRA~2\Cyanide deleted successfully
C:\PROGRA~2\dumps deleted successfully
C:\PROGRA~2\FSX Flight Weather Report deleted successfully
C:\PROGRA~2\GUMF88A.tmp deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\Vstep deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\4shared Desktop deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\WinZipEC deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully
C:\Users\Horst\AppData\Roaming\gnupg deleted successfully
C:\Users\Horst\AppData\Roaming\JAM Software deleted successfully
C:\Users\Horst\AppData\Roaming\passport_photo deleted successfully
C:\Users\Horst\AppData\Roaming\QuickScan deleted successfully
C:\Users\Horst\AppData\Roaming\The Complete Genealogy Reporter - FTB deleted successfully
C:\Users\Horst\AppData\Roaming\TP deleted successfully
C:\Users\Horst\AppData\Roaming\Xilisoft deleted successfully
C:\Users\Horst\AppData\Local\FunnyGames deleted successfully
C:\Users\Horst\AppData\Local\Netlog deleted successfully
C:\Users\Horst\AppData\Local\PowerChallenge deleted successfully
C:\Users\Horst\AppData\Local\Yenka deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{60DDAFE1-BCD2-415E-A317-68781053E435} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AB9D455F-727D-4943-A376-ABA36BCFD772} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B138DCB2-DD12-443C-BC25-8592488F3C6B} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EE0FF406-A246-4336-B248-4AAFFD07A885} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37483B40-C254-4A72-BDA4-22EE90182C1E} deleted successfully
HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{37483B40-C254-4A72-BDA4-22EE90182C1E} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found
"C:\WINDOWS\Installer\47a15.msi" not found
C:\PROGRA~2\Dolphin3D Web Browser deleted
C:\PROGRA~2\NCH Software\Components\NCHToolbars deleted
C:\search.sqlite deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Horst\AppData\Local\qs.dll deleted
C:\Users\Horst\AppData\Local\qs64.dll deleted
C:\Users\Horst\AppData\Local\BearShare deleted
C:\Users\Horst\AppData\LocalLow\IObit Apps deleted
C:\Users\Horst\AppData\LocalLow\ADSRemoval deleted
C:\WINDOWS\wininit.ini deleted
C:\windows\SysNative\tasks\Lyric Star Update deleted
C:\WINDOWS\tasks\Lyric Star Update.job deleted
C:\prefs.js deleted
C:\WINDOWS\SysWow64\searchplugins deleted
C:\WINDOWS\SysWow64\Extensions deleted
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged deleted
C:\Users\Horst\Desktop\SoftonicDownloader_voor_dj-music-mixer.exe deleted
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\searchads@instair.net deleted
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default\extensions\searchads@instair.net deleted
"C:\Users\Horst\AppData\Local\{33B0F7F2-A991-4812-935E-DAFA70855F61}" deleted
"C:\Users\Horst\AppData\Local\{E1809B34-D624-4456-9957-F5867E6BA68A}" deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2014-04-18 13:53:25 81394C91B7B5A7C799E249AE82491F13 2373784 ----a-w- C:\WINDOWS\explorer.exe
====== C:\Users\Horst\AppData\Local\Temp ====
2014-05-12 10:48:49 28E799F91E4FB0B663F9B5206F17AA3B 6281920 ----a-w- C:\Users\Horst\AppData\Local\Temp\nsjC422\SpSetup.exe
2014-05-12 08:01:21 715652A32ED8ABB89492445A38FC20D0 5484016 ----a-w- C:\Users\Horst\AppData\Local\Temp\pcspeedup.exe
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-05-14 09:17:28 BE753D2FF471EA25421D931EF23DCDD3 105464 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:17:28 2A01A10CCCA38214C5E678D4E41D52F3 693240 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-14 08:40:15 1DEC681B79501A714F0D3FA2787183C3 305152 ----a-w- C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 08:38:50 EB5347F6149D3FF25F4D609A21A3BD67 17382912 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 08:38:49 FBCF3F01177953EBF1E735643621CCF5 69632 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 08:38:48 BA4FA107EF9A728C58A81B2EFCD6FE2B 26784 ----a-w- C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 08:38:48 6923D6FAB7CBA8D82BD792182B4F3DE4 80032 ----a-w- C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 08:38:44 9A11476467400E32083BCBF7A06EFF18 11792384 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 08:38:43 51B615EF9408277FEF586EB97583844E 666624 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 08:38:43 3F0DB8120F65E3223B4EAF6CA4CDB3C5 754688 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 08:38:43 0542A44401EA9451D82D3DF4BF3BD871 419928 ----a-w- C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 08:38:42 DC72DC452793C9622E6F056B89F9302C 123904 ----a-w- C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 08:38:42 D8C63F333D4A8D8433849A9ADC092BE9 31232 ----a-w- C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 08:38:42 AB3A013BA1C50B2309E5BF8136600656 828928 ----a-w- C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 08:38:42 8DA8026471B3470085B4AFB9C77BF45F 25088 ----a-w- C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 08:38:42 82119579B000F62D96B083BC6A246C07 80896 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 08:38:38 B5507F49CB2E2516746BD55B9F671925 18679728 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2014-05-02 18:45:35 B5B3334F177CED627C2D7FE38235B6B1 2724864 ----a-w- C:\WINDOWS\SysWOW64\mshtml.tlb
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-05-14 08:40:15 326715361A7D1C65983BFE920990E4EF 308224 ----a-w- C:\WINDOWS\Sysnative\wusa.exe
2014-05-14 08:38:52 A920E1336F9FEA95477763E2CC15891B 84992 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll
2014-05-14 08:38:52 797E2E5C309AFF76990D5B7AF457EACA 23544320 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2014-05-14 08:38:48 D178F55D53B9A10FFBDC134C95517846 28320 ----a-w- C:\WINDOWS\Sysnative\mrt100.dll
2014-05-14 08:38:48 A750229C96A406EE123F43916053F142 86688 ----a-w- C:\WINDOWS\Sysnative\mrt_map.dll
2014-05-14 08:38:46 7E609FBF50774CC5A239420FE34EBB9C 3464192 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2014-05-14 08:38:46 3DF281C1553A6124DEF875C19D46AC0D 190976 ----a-w- C:\WINDOWS\Sysnative\storewuauth.dll
2014-05-14 08:38:45 739F99ADA1F0A4188F683918809FE7AC 13288960 ----a-w- C:\WINDOWS\Sysnative\twinui.dll
2014-05-14 08:38:44 AF1BC4F5421023D59F1D472C1A4E01CF 921088 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll
2014-05-14 08:38:44 4FB80968811FAD6E88ABFAA98E51305C 1705472 ----a-w- C:\WINDOWS\Sysnative\wucltux.dll
2014-05-14 08:38:43 E859E9B4A0300F56C94D2C69F6F65657 827392 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll
2014-05-14 08:38:43 850FC6B2E385766B9972CDBE947989F6 381440 ----a-w- C:\WINDOWS\Sysnative\WUSettingsProvider.dll
2014-05-14 08:38:43 7F15F3E0F847D90EB3A2124258E6B1DC 54776 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe
2014-05-14 08:38:43 766DCDC7032C4C98E47B8A9F71239E38 555736 ----a-w- C:\WINDOWS\Sysnative\twinapi.appcore.dll
2014-05-14 08:38:43 68CB2B575F0C67BB14590D1471285287 201728 ----a-w- C:\WINDOWS\Sysnative\ubpm.dll
2014-05-14 08:38:43 5F74A7DB62F6D560B0C858A096A37B59 1054208 ----a-w- C:\WINDOWS\Sysnative\twinui.appcore.dll
2014-05-14 08:38:42 FD3638782572A8281BCF12520F6579F4 79872 ----a-w- C:\WINDOWS\Sysnative\WSReset.exe
2014-05-14 08:38:42 E9F333234A5641E2FEF2F5240BDD56B8 35328 ----a-w- C:\WINDOWS\Sysnative\wuapp.exe
2014-05-14 08:38:42 C383B71BAAC22CCE37B99339AEB62F1E 93696 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll
2014-05-14 08:38:42 736046C9AFD66BA29BA61ACD582E7A7B 137728 ----a-w- C:\WINDOWS\Sysnative\wuwebv.dll
2014-05-14 08:38:42 1EC3AACDB335533A7470245C683ACF94 56320 ----a-w- C:\WINDOWS\Sysnative\wups.dll
2014-05-14 08:38:37 06070D4CC64300D473C55ABDC887B63C 21225584 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2014-05-02 18:45:33 94C59DD02BC7EA0E421055B9946CA861 2724864 ----a-w- C:\WINDOWS\Sysnative\mshtml.tlb
====== C:\WINDOWS\Sysnative\drivers =====
2014-05-14 08:40:12 019CC610AD95FF47EAD7C08B7A683B96 257880 ----a-w- C:\WINDOWS\Sysnative\drivers\WdFilter.sys
2014-05-14 08:40:11 6CC1BB8F6851A262E2E824F0E92D5EEF 123224 ----a-w- C:\WINDOWS\Sysnative\drivers\WdNisDrv.sys
2014-05-14 08:40:03 F5D4FA3E1F4879C361FFF3855259D2C2 35856 ----a-w- C:\WINDOWS\Sysnative\drivers\WdBoot.sys
2014-05-12 21:12:27 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2014-05-12 21:12:27 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2014-05-12 21:12:27 3FFFB7F54CD7A792099C10402FCF8F56 63192 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2014-05-12 21:11:06 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2014-04-18 13:53:40 1C80517BE6836A812F6A9B99B8321351 2013016 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys
2014-04-18 13:53:40 179A41249055D5F039F1B6703F3B6D2B 376152 ----a-w- C:\WINDOWS\Sysnative\drivers\clfs.sys
2014-04-18 13:53:27 FEEFE783D87C9063CDAC6DBDCF95F533 2519384 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2014-04-18 13:53:25 C7D252742946DD395670649742FBD73D 1557848 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2014-04-18 13:53:18 E62EAEF0BAC9DD61BF22D4A7F2F18571 679424 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys
2014-04-18 13:53:16 C997E6A37BA8915224B3FB5024A34F69 402944 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys
2014-04-18 13:53:16 4030CB06B8D963A45CED9E60C9F2A11E 379224 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2014-04-18 13:53:15 7FC5667DF73D4B04AA457CC3A4180E09 157016 ----a-w- C:\WINDOWS\Sysnative\drivers\wof.sys
2014-04-18 13:53:14 4627C1FBF2802425A408A2D2AF28CF85 565536 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
2014-04-18 13:53:13 466BDC0006103F2547D308DD3CD64398 245760 ----a-w- C:\WINDOWS\Sysnative\drivers\srvnet.sys
2014-04-18 13:53:12 AC408FA243471C25CDE435C3B83536A9 337752 ----a-w- C:\WINDOWS\Sysnative\drivers\Classpnp.sys
2014-04-18 13:53:11 CFC52C49BEFE4D70D87FFA900EAB9777 467800 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2014-04-18 13:53:11 647C7652FA19F98CADF2BFDA2164BFEC 443392 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys
2014-04-18 13:53:09 F88CC88F4A6D8476F1664E805CA18CC2 180056 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys
2014-04-18 13:53:08 C48CDFD48A43E4AEC8170E1E50A3FACD 428888 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS
2014-04-18 13:53:08 A03F362C5557E238CBFA914689C77248 134144 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys
2014-04-18 13:53:07 BFBE1C5F57FE7A885673A1962D5532B7 136024 ----a-w- C:\WINDOWS\Sysnative\drivers\wfplwfs.sys
2014-04-18 13:53:07 8DB8EAB9D0C6A5DF0BDCADEA239220B4 33280 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidusb.sys
2014-04-18 13:53:07 41CF802064F72E55F50CA0A221FD36D4 49152 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpipreg.sys
2014-04-18 13:53:06 ABB7341766902F5AAB45E15F34D19E15 111616 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys
2014-04-18 13:53:05 1D55DADC22D21883A2F80297F5A5AE48 140288 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys
2014-04-18 13:53:04 FD9C9E9E3F0ED51502C7E8C066BE26B9 79360 ----a-w- C:\WINDOWS\Sysnative\drivers\IPMIDrv.sys
2014-04-18 13:53:03 3E28B99198B514DFEB152EACF913025E 283648 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys
2014-04-18 13:40:35 3595FBDF25F8BA6256072D103937D7D6 311640 -c--a-w- C:\WINDOWS\Sysnative\drivers\volsnap.sys
2014-04-18 13:39:52 F21B77B4D74092A543807D3CEB711A88 1118552 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2014-04-18 13:39:47 9539F7917B4B6D92C90F0FAA6B86C605 539992 -c--a-w- C:\WINDOWS\Sysnative\drivers\acpi.sys
2014-04-18 13:39:40 B2BD017231836DA9F63F41E3A075D73E 590168 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys
2014-04-18 13:39:32 A26AEC49F318FEE141DDDB2C5F99B3E6 249688 ----a-w- C:\WINDOWS\Sysnative\drivers\rdyboost.sys
2014-04-18 13:39:30 233A4C961703D6B3EBA4EC1A3E85AACE 298496 ----a-w- C:\WINDOWS\Sysnative\drivers\ks.sys
2014-04-18 13:39:26 275AFE3FA35E8D78BE97695DF49817C6 280920 -c--a-w- C:\WINDOWS\Sysnative\drivers\pci.sys
2014-04-18 13:39:24 87765EF43C33BE342F4ACB0E3FBF89A6 384856 -c--a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys
2014-04-18 13:39:23 8685379B82AC81187813225905531D1E 272896 -c--a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys
2014-04-18 13:39:22 EA23453240137F6773174E0D93F61A69 148824 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS
2014-04-18 13:39:21 46D1DF775FFF14585218BBE16E5B2C9A 360792 ----a-w- C:\WINDOWS\Sysnative\drivers\fltMgr.sys
2014-04-18 13:39:12 8F39AFEB255487932DFF14D9E0E0FC24 372568 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys
2014-04-18 13:39:10 52E483A3701A5A61A75A06993720347D 551256 -c--a-w- C:\WINDOWS\Sysnative\drivers\vhdmp.sys
2014-04-18 13:39:02 FDEC5799BA499D18AFA3A540538866E7 236888 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2014-04-18 13:39:00 48430B0313FC1CFE3D2400553F1A93CD 325464 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2014-04-18 13:38:59 DDEE191AB32DFC22C6465002ECDF5EE4 124416 ----a-w- C:\WINDOWS\Sysnative\drivers\luafv.sys
2014-04-18 13:38:58 0ECEE590F2E2EF969FB74A6FC583A1E6 663040 ----a-w- C:\WINDOWS\Sysnative\drivers\PEAuth.sys
2014-04-18 13:38:56 02836172141D3AFA35B07679E253E503 151384 -c--a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2014-04-18 13:38:51 EF3AE7773394DF49CE74AF78A1C8D23D 146776 ----a-w- C:\WINDOWS\Sysnative\drivers\msgpioclx.sys
2014-04-18 13:38:50 E515A287C8FAE901EB8FB42F168E14F2 924504 ----a-w- C:\WINDOWS\Sysnative\drivers\refs.sys
2014-04-18 13:38:50 BCFD8B149B3ADF92D0DB1E909CAF0265 79192 ----a-w- C:\WINDOWS\Sysnative\drivers\fileinfo.sys
2014-04-18 13:38:49 38A82F4EE8C416A6744B6D30381ED768 33280 -c--a-w- C:\WINDOWS\Sysnative\drivers\BasicRender.sys
2014-04-18 13:38:48 0B1E929D11A8E358106955603FAC65E8 79192 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdstor.sys
2014-04-18 13:38:41 61A1C2641321A6B89A2B41C5D481EF48 71888 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpfve.sys
2014-04-18 13:38:39 C1F564F324685C088ECAB1933576CF91 54816 ----a-w- C:\WINDOWS\Sysnative\drivers\wpcfltr.sys
2014-04-18 13:38:34 B034A41891A36457B994307DFA772293 189784 -c--a-w- C:\WINDOWS\Sysnative\drivers\UCX01000.SYS
2014-04-18 13:38:32 9DDCA7F18983C5410DEFF79F819DF93C 994136 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys
2014-04-18 13:38:22 9CC0003FB8ED3763B977B43F1012FF63 54272 ----a-w- C:\WINDOWS\Sysnative\drivers\watchdog.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-05-14 09:16:25 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER
2014-04-23 21:01:15 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
======= C: =====
2014-05-15 05:23:25 AE3B8A65C5C66FC7EFAF48B0E3A88EB1 403946 --sha-r- C:\bootmgr
2014-05-15 05:23:25 93B885ADFE0DA089CDF634904FD59F71 1 --sha-w- C:\BOOTNXT
2014-05-12 11:29:08 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\asc_rdflag
====== C:\Users\Horst\AppData\Roaming ======
2014-05-12 08:33:56 -------- d-sh--w- C:\Users\Horst\AppData\Locallow\EmieUserList
2014-05-12 08:33:49 -------- d-sh--w- C:\Users\Horst\AppData\Locallow\EmieSiteList
2014-05-09 09:14:23 -------- d-sh--w- C:\Users\Horst\AppData\Local\EmieUserList
2014-05-09 09:14:23 -------- d-sh--w- C:\Users\Horst\AppData\Local\EmieSiteList
2014-04-23 21:01:29 -------- d-----w- C:\Users\Horst\AppData\Local\Skype
2014-04-18 10:02:38 -------- d-----w- C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
====== C:\Users\Horst ======
2014-05-15 05:23:18 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2014-04-23 21:01:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
====== C: exe-files ==
2014-05-15 06:18:02 A742CCF738AEFEF3078683BD0E803215 739808 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.137\34.0.1847.137_34.0.1847.131_chrome_updater.exe
2014-05-15 05:23:25 E5311963F6B065C9DE0270ADC5927F13 1192280 ----a-w- C:\Boot\memtest.exe
2014-05-14 09:17:28 2A01A10CCCA38214C5E678D4E41D52F3 693240 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 08:40:15 326715361A7D1C65983BFE920990E4EF 308224 ----a-w- C:\Windows\System32\wusa.exe
2014-05-14 08:40:15 1DEC681B79501A714F0D3FA2787183C3 305152 ----a-w- C:\Windows\SysWOW64\wusa.exe
2014-05-14 08:38:43 7F15F3E0F847D90EB3A2124258E6B1DC 54776 ----a-w- C:\Windows\System32\wuauclt.exe
2014-05-14 08:38:42 FD3638782572A8281BCF12520F6579F4 79872 ----a-w- C:\Windows\System32\WSReset.exe
2014-05-14 08:38:42 E9F333234A5641E2FEF2F5240BDD56B8 35328 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-14 08:38:42 D8C63F333D4A8D8433849A9ADC092BE9 31232 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2014-05-14 08:38:42 BE1FAE2B208F1E0B38FD4EF353D067C8 25304 ----a-w- C:\Windows\WinStore\WSHost.exe
2014-05-12 10:48:49 28E799F91E4FB0B663F9B5206F17AA3B 6281920 ----a-w- C:\Users\Horst\AppData\Local\Temp\nsjC422\SpSetup.exe
2014-05-12 08:01:21 715652A32ED8ABB89492445A38FC20D0 5484016 ----a-w- C:\Users\Horst\AppData\Local\Temp\pcspeedup.exe
2014-05-09 06:13:50 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateSetup.exe
2014-05-09 06:13:50 6FC454773ABF8DE9A33B35E03525140D 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe
2014-05-09 06:13:50 49B70FBEEC01A69CA9AC115C109E9CDD 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateBroker.exe
2014-05-09 06:13:49 D893431503D5112DC3B799DF963D2AC8 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateComRegisterShell64.exe
2014-05-09 06:13:49 D5A444B63637EC0932172C6719A10252 263048 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
2014-05-09 06:13:49 720546B84ED5229E1584C8F3533A2F12 328072 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
2014-05-09 06:13:49 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdate.exe
2014-05-09 06:13:48 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.7\GoogleUpdateSetup.exe
=== C: other files ==
2014-05-14 08:40:12 019CC610AD95FF47EAD7C08B7A683B96 257880 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2014-05-14 08:40:11 6CC1BB8F6851A262E2E824F0E92D5EEF 123224 ----a-w- C:\Windows\System32\drivers\WdNisDrv.sys
2014-05-14 08:40:03 F5D4FA3E1F4879C361FFF3855259D2C2 35856 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2014-05-12 21:12:27 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-12 21:12:27 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 21:12:27 3FFFB7F54CD7A792099C10402FCF8F56 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 21:11:06 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"1C12C4804E7F71814BDEDAEBA5FC8C7C502F7A64._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Spotify Web Helper"="C:\Users\Horst\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"QuickScanner"="C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe"
"SkyDrive"="C:\Users\Horst\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"BitTorrent"="C:\Users\Horst\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED"
"MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"AdobeCS4ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"1C12C4804E7F71814BDEDAEBA5FC8C7C502F7A64._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Spotify Web Helper"="C:\Users\Horst\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"QuickScanner"="C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe"
"SkyDrive"="C:\Users\Horst\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"BitTorrent"="C:\Users\Horst\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED"
"MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2Service]
"command"="\"C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"hkey"="HKLM"
"item"="Acronis Scheduler2Service"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"hkey"="HKLM"
"item"="Adobe ARM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"hkey"="HKLM"
"item"="Adobe Reader Speed Launcher"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"hkey"="HKLM"
"item"="APSDaemon"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"
"hkey"="HKLM"
"item"="BCSSync"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Corel Photo Downloader]
"command"="\"c:\\Program Files (x86)\\Common Files\\Corel\\Corel PhotoDownloader\\Corel Photo Downloader.exe\" -startup"
"hkey"="HKCU"
"item"="Corel Photo Downloader"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"command"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe"
"hkey"="HKLM"
"item"="HP Software Update"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"item"="iTunesHelper"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MessengerPlusForSkypeService]
"command"="\"C:\\Program Files (x86)\\Yuna Software\\Messenger Plus! for Skype\\MsgPlusForSkypeService.exe\""
"hkey"="HKLM"
"item"="MessengerPlusForSkypeService"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileDocuments]
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ubd.exe"
"hkey"="HKCU"
"item"="MobileDocuments"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyTomTomSA.exe]
"command"="C:\\Program Files (x86)\\MyTomTom 3\\MyTomTomSA.exe"
"hkey"="HKCU"
"item"="MyTomTomSA.exe"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeSyncProcess]
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOSYNC.EXE\""
"hkey"="HKCU"
"item"="OfficeSyncProcess"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkyDrive]
"hkey"="HKCU"
"item"="SkyDrive"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"command"="\"C:\\Users\\Horst\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
"hkey"="HKCU"
"item"="Spotify Web Helper"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"hkey"="HKCU"
"item"="Steam"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"hkey"="HKLM"
"item"="SunJavaUpdateSched"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
"command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\""
"hkey"="HKCU"
"item"="TomTomHOME.exe"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Horst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series.lnk]
"backup"="C:\\Windows\\pss\\Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Windows\\system32\\RunDll32.exe \"C:\\Program Files\\HP\\HP Deskjet 3070 B611 series\\bin\\HPStatusBL.dll\",RunDLLEntry SERIALNUMBER=CN1CL662HH05MQ;CONNECTION=USB;MONITOR=1;"
"item"="Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Horst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]
"backup"="C:\\Windows\\pss\\OneNote 2010 Schermopname en Snel starten.lnk.Startup"
"backupExtension"=".Startup"
"item"="OneNote 2010 Schermopname en Snel starten"
"command"="C:\\PROGRA~2\\Microsoft Office\\Office14\\ONENOTEM.EXE /tsr"
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/05/2014 20:34]
C:\WINDOWS\tasks\ASC7_SkipUac_Horst.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [10/03/2014 16:04]
C:\WINDOWS\tasks\AWC AutoSweep.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe []
C:\WINDOWS\tasks\AWC Update.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe []
C:\WINDOWS\tasks\BearShareNAG.job --a-------- C:\Users\Horst\AppData\Local\Temp\BearShare_setup.exe []
C:\WINDOWS\tasks\Driver Booster SkipUAC (Horst).job --a-------- C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [14/03/2014 18:06]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000Core.job --a-------- C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000UA.job --a-------- C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/11/2010 13:44]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/11/2010 13:44]
C:\WINDOWS\tasks\SmartDefrag.job --a-------- C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe []
C:\WINDOWS\tasks\Uninstaller_SkipUac_Administrator.job --a-------- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [13/02/2014 17:44]
==== Other Scheduled Tasks ======================
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\ASC7_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe]
"C:\WINDOWS\SysNative\tasks\ASC7_SkipUac_Horst" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac]
"C:\WINDOWS\SysNative\tasks\AWC AutoSweep" [C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe]
"C:\WINDOWS\SysNative\tasks\AWC Update" [C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe]
"C:\WINDOWS\SysNative\tasks\BearShareNAG" [C:\Users\Horst\AppData\Local\Temp\BearShare_setup.exe]
"C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\WINDOWS\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]
"C:\WINDOWS\SysNative\tasks\Driver Booster SkipUAC (Horst)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000Core" [C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-19998120-3832150475-219564089-1000UA" [C:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag" [C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag3_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag3_Update" [C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe]
"C:\WINDOWS\SysNative\tasks\StartMenuAutoupdate" [C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{F12239DC-6922-4D0B-8128-847BADE83E24}" [C:\Windows\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\{2F811A74-0025-4D6B-92E1-A368958E76FF}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\WINDOWS\SysNative\tasks\{B21789DE-C0D9-4B4E-9944-18232BA6DDA4}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
ProfilePath: C:\Users\Horst\AppData\Roaming\Thunderbird\Profiles\nvog5d1l.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi
ProfilePath: C:\Users\Horst\AppData\Roaming\TomTom\HOME\Profiles\5cjd39gk.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
ProfilePath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
ExtDir: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Torntv 3 - %ExtDir%\trtv3@trtv.com.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\o5fflkg2.default
D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
F6D12679B9112358AC705A1308156F59 - C:\Users\Horst\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
369EC92E676537A3F86C5074BA30FC96 - C:\WINDOWS\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Deleted Firefox Extensions ======================
C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\trtv3@trtv.com.xpi deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx[26/10/2012 17:10]
gclijllifhfpomppedeljakfegbcpojn - No path found[]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx[26/10/2012 17:11]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx[23/04/2013 18:35]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17/01/2012 11:45]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gclijllifhfpomppedeljakfegbcpojn - No path found[]
Google Translate - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
Translator for all languages - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdeidgbmcliegnpcbbkhlflkbdpomhk
Advanced SystemCare Surfing Protection - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
TV - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh
YouTube - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
HIFANA X WK TOKYO LAB - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmhjjmolopikkbigemoocmebohfpnmkj
Last updated at time on date - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Webpage Screenshot - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki
Google Search - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Google Calendar - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn
DoNotTrackMe Online Privacy Protection - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd
Content Blocker - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Pixlr Editor - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk
Print - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd
Virtual Keyboard - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
AccelerateTab - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak
Pixlr Touch Up - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig
AD Block - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgjbmhakaffflkjecineeaadpidgikb
Skype Click to Call - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Maps - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh
Google Mail Checker - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Outlook.com Notifier - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmomflkhdooajekmffpilpoenndjppk
DealPly Germany - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Google Wallet - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
TS Magic Player - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg
Lyrics for Google Chrome\u2122 - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek
Picasa - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb
Instagram for Chrome - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb
Outlook.com - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge
Send from Gmail (by Google) - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc
Gmail - Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
DefaultTab - C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
==== Chrome Fix ======================
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dj-music-mixer.nl.softonic.com_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nieuws.nl.softonic.com_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgjafhkemfjfgdmjcmhofijphjmaanak deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oglbipcbkmlknhfhabolnniekmlhfoek_0.localstorage deleted successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphpbdjcljebbcnfopfngmfdackbbdgf_0.localstorage deleted successfully
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphpbdjcljebbcnfopfngmfdackbbdgf_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.mysearchresults.com/?c=3525&t=01"
"Default_Search_URL"="http://www.google.com/ie"
"Search Bar"="http://www.google.com/ie"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
"Default"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/ie"
"CustomizeSearch"="http://www.google.com"
"SearchAssistant"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{AB9D455F-727D-4943-A376-ABA36BCFD772}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&r="
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{AB9D455F-727D-4943-A376-ABA36BCFD772} Web Search Url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091&CUI=UN19236685451695410&UM=1"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5585B9F705873E14AAEAADDD906BB821 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F9B5855-7850-41E3-AAAE-DADD09B68B12} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5585B9F705873E14AAEAADDD906BB821 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlusForSkypeService deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Horst\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Horst\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Horst\AppData\Local\Mozilla\Firefox\Profiles\o5fflkg2.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=677 folders=165 131791786 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\ginette\AppData\Local\Temp emptied successfully
C:\Users\Horst\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Horst\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on do 15/05/2014 at 21:08:18,67 ======================
Download de
Junkware Removal Tool by Thisisu naar je bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met JRT
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met JRT
- Dubbelklik op JRT.exe om de tool te starten.
- Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
- De tool zal vervolgens het systeem scannen.
- De scan kan afhankelijk van je systeemspecificaties soms vrij lang duren, wacht geduldig af.
- Als de scan gereed is zal er een logje (JRT.txt) op het bureaublad opgeslagen worden en automatisch worden geopend.
- Post de inhoud van deze log in je volgende bericht als bijlage.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro x64
Ran by Horst on vr 16/05/2014 at 14:57:31,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37211D63-CCE9-4780-B182-96538CFC6FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8B9C4F32-044E-491C-893E-362CB8A679D5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CBC3E05C-F841-452A-A600-E8D8BBEA63D9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CBC3E05D-F841-452A-A600-E8D8BBEA63DA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CF2BF214-9D1E-4803-9AEB-38552615FD40}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yuna software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricstar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-19998120-3832150475-219564089-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-19998120-3832150475-219564089-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yuna software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AB9D455F-727D-4943-A376-ABA36BCFD772}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\messenger plus! for skype"
Successfully deleted: [Folder] "C:\Program Files (x86)\yuna software"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vr 16/05/2014 at 15:09:01,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro x64
Ran by Horst on vr 16/05/2014 at 14:57:31,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-19998120-3832150475-219564089-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37211D63-CCE9-4780-B182-96538CFC6FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8B9C4F32-044E-491C-893E-362CB8A679D5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CBC3E05C-F841-452A-A600-E8D8BBEA63D9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CBC3E05D-F841-452A-A600-E8D8BBEA63DA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CF2BF214-9D1E-4803-9AEB-38552615FD40}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yuna software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricstar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-19998120-3832150475-219564089-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-19998120-3832150475-219564089-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yuna software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AB9D455F-727D-4943-A376-ABA36BCFD772}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\messenger plus! for skype"
Successfully deleted: [Folder] "C:\Program Files (x86)\yuna software"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vr 16/05/2014 at 15:09:01,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Status