• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Zoekmachines Trovi, MyStartSearch en Binkiland Search verwijderen, hoe?!

Status
Niet open voor verdere reacties.

Dutchie22

Junior lid
Lid geworden
18 mrt 2015
Berichten
45
Waarderingsscore
0
Beste forum gebruikers,

Al een hele lange tijd heb ik last van de zoekmachines Trovi, MyStartSearch en Binkiland Search als ik Google Chrome opstart. Deze rot zoekmachines zijn ooit per ongeluk op in mijn browser terecht gekomen.

Wat ik ook probeer, niks werkt om deze zoekmachines weg te krijgen. Ik heb werkelijk alles geprobeerd.. Ik heb de extensies van Chrome nagekeken, maar hier valt niks te verwijderen. Ook heb ik de hele lijst van 'Programma's en onderdelen' bij het configuratiescherm nagekeken, zonder resultaat.

Ook heb ik de sectie 'Startpagina' nagekeken, maar hier staat gewoon netjes www.google.nl, terwijl ik tijdens het opstarten de drie eerder genoemde zoekmachines krijg.

Wat kan ik in hemelsnaam nog doen om voor eens en voor altijd af te rekenen met deze zoekmachines op de startpagina van Google Chrome? Het maakt mij werkelijk radeloos.

Wie o wie kan mij helpen?

Ik ben je eeuwig dankbaar!!

Groetjes,
Dutchie22
 
Bikinilandsearch is nieuw voor mij.
Hoe verzinnen ze het...


We gaan beginnen: download
52063a40e2e64-Farbar_Recovery_Scan_Tool_canned.png
Farbar Recovery Scan Tool 32 of 64 bit van n van de onderstaande links
Farbar Recovery Scan Tool 32 bit (x86)
Farbar Recovery Scan Tool 64 bit (x64)
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Opmerkingen: Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

Antivirusprogramma en actieve malwarescanners dienen al voor je FRST.exe start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

FRST opstarten:
  • Windows 2000 en Windows XP: dubbelklik op FRST.exe.
  • Windows Vista, Windows 7, Windows 8/8.1 en Windows 10: via rechtsklik op FRST.exe of FRST64.exe en kies voor "Als Administrator uitvoeren".

FRST start op:
  • Wanneer het programma is geopend klik dan op de knop Yes bij de disclaimer.
  • Druk vervolgens op de Scan knop.
  • Aansluitend zal een logbestand - FRST.txt en Addition-txt aangemaakt worden en op het bureaublad opgeslagen worden.
  • Post de inhoud van beide logbestanden in jouw volgende bericht.
.

In geval de inhoud van een van de logs of van beide logs te groot is om te posten, kijk dan hier: Hoe een bijlage toevoegen?
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2017
Ran by boris (administrator) on BORIS-PC (13-02-2017 18:21:19)
Running from C:\Users\boris\Downloads
Loaded Profiles: boris (Available Profiles: boris & willem & Edmee & DefaultAppPool)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: Engels (Verenigde Staten)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(Electronic Arts) C:\Program Files\Origin\OriginWebHelperService.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Users\boris\AppData\Roaming\Event Monitor\em.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(BitTorrent Inc.) C:\Users\boris\AppData\Roaming\uTorrent\uTorrent.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(BitTorrent Inc.) C:\Users\boris\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(BitTorrent Inc.) C:\Users\boris\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\boris\Downloads\FRST (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1690224 2010-08-11] (VIA)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [296520 2014-06-25] (RealNetworks, Inc.)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\Run: [uTorrent] => C:\Users\boris\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-03] (BitTorrent Inc.)
AppInit_DLLs: c:\progra~1\sw-boo~1\assist~1.dll => No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-06-25]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Taskmanager.lnk [2011-08-20]
ShortcutTarget: Taskmanager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Windows Operating System)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3915288326-451774416-4169082938-1000] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{41e44819-5a7e-4e1c-be18-95b10ba12e89}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/nl-nl/?ocid=iehp
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKU\S-1-5-21-3915288326-451774416-4169082938-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D072716-AA7EB18D72D&form=CONBDF&conlogo=CT3335454&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3915288326-451774416-4169082938-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3915288326-451774416-4169082938-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D072716-AA7EB18D72D&form=CONBDF&conlogo=CT3335454&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3915288326-451774416-4169082938-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-06-10] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3915288326-451774416-4169082938-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

FireFox:
========
FF ProfilePath: C:\Users\boris\AppData\Roaming\Mozilla\Firefox\Profiles\4xd7i1i0.default [2017-01-11]
FF NewTab: Mozilla\Firefox\Profiles\4xd7i1i0.default -> hxxp://www.bing.com/?pc=COSP&ptag=D072716-AA7EB18D72D&form=CONMHP&conlogo=CT3335454
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\4xd7i1i0.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4xd7i1i0.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\4xd7i1i0.default -> hxxp://www.bing.com/?pc=COSP&ptag=D072716-AA7EB18D72D&form=CONMHP&conlogo=CT3335454
FF Extension: (Firefox Hotfix) - C:\Users\boris\AppData\Roaming\Mozilla\Firefox\Profiles\4xd7i1i0.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-12-14]
FF Extension: (Adblock Plus) - C:\Users\boris\AppData\Roaming\Mozilla\Firefox\Profiles\4xd7i1i0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-14]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\boris\AppData\Roaming\Mozilla\Firefox\Profiles\4xd7i1i0.default\features\{84830ebe-9bd9-4e86-8e89-a895adfcc434}\malware-remediation@mozilla.org.xpi [2016-12-14]
FF SearchPlugin: C:\Users\boris\AppData\Roaming\Mozilla\Firefox\Profiles\4xd7i1i0.default\searchplugins\bing-lavasoft.xml [2016-07-27]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-06-12] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-06-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - c:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - c:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-25] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\boris\AppData\Roaming\Mozilla\Firefox\Profiles\4xd7i1i0.default\extensions\searchengine@gmail.com => not found
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\boris\AppData\Roaming\Mozilla\Firefox\Profiles\4xd7i1i0.default\extensions\fftoolbar2014@etech.com => not found
FF HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-02] ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.11.0 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-06-25] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> c:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.11 -> c:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> c:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-06-25] (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\boris\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2011-12-09] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\boris\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2011-12-09] ()
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-04-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\cfg [2015-04-26] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.nl/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M01E5793E-A347-4E91-8C0A-5E56196B4131&SearchSource=55&CUI=&UM=8&UP=SPE9BA70BA-7CC0-43B8-AB7C-4F6765A29FB9&D=032115&SSPV=SP2220TA_sp_ch","hxxp://www.mystartsearch.com/?type=hppp&ts=1425149725&from=ima&uid=MaxtorX6Y080L0_Y2AKN7ZC","hxxp://binkiland.com/?f=7&a=bnk_ir_15_11&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDyCtDtAyEtB0F0C0DtCyDtN0D0Tzu0StCtCyCzztN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0FzyzytAzytB0BtG0Bzy0BzytGzzyC0FtDtGtC0EtBtCtGyCyB0AtAyCzy0FtCyDzz0C0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtDyCtAtDyB0FtG0C0E0AyBtGyE0Czz0AtG0A0CyC0AtG0ByC0EyEzz0B0Czz0AtC0C0F2Q&cr=2045885007&ir="
CHR Profile: C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default [2017-02-13]
CHR Extension: (Adblock Plus) - C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (AdBlock) - C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - c:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-16] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [40256 2017-02-07] (Dropbox, Inc.)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2142728 2016-10-12] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files\Origin\OriginWebHelperService.exe [2209296 2016-10-12] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2016-04-29] ()
R2 RealNetworks Downloader Resolver Service; c:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; c:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [47776 2016-08-25] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv.sys [30488 2014-12-29] (Visicom Media Inc.)
R1 MpKsl2462dbe1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6A18E10-4EC8-4F74-98D4-ED2D35091EF6}\MpKsl2462dbe1.sys [39168 2017-01-31] (Microsoft Corporation)
R1 MpKsl56a0c588; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{85E96D71-A705-47DD-AAC7-2D31560ABC39}\MpKsl56a0c588.sys [39168 2017-02-05] (Microsoft Corporation)
R1 MpKsl7134bdcc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3B5002A7-FFFF-4460-A52A-A0BFE9630F1C}\MpKsl7134bdcc.sys [39168 2017-01-22] (Microsoft Corporation)
R1 MpKsl870b2a59; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71377737-6607-460B-A81F-6F9D92C2B635}\MpKsl870b2a59.sys [39168 2017-01-27] (Microsoft Corporation)
R1 MpKsl8e7db21d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E340E14-B4FB-4549-8CAB-11C09574761F}\MpKsl8e7db21d.sys [39168 2017-02-13] (Microsoft Corporation)
R1 MpKsla83e41fb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4AD5FCB-1C9E-4D59-9BE2-56A692302D78}\MpKsla83e41fb.sys [39168 2017-01-28] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [36944 2016-12-29] (Anchorfree Inc.)
R3 VIAHdAudAddService; C:\WINDOWS\system32\drivers\viahduaa.sys [575184 2015-06-22] (VIA Technologies, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-13 18:21 - 2017-02-13 18:22 - 00022152 _____ C:\Users\boris\Downloads\FRST.txt
2017-02-13 18:21 - 2017-02-13 18:21 - 00000000 ____D C:\FRST
2017-02-13 18:20 - 2017-02-13 18:20 - 01763328 _____ (Farbar) C:\Users\boris\Downloads\FRST (1).exe
2017-02-13 18:19 - 2017-02-13 18:20 - 01763328 _____ (Farbar) C:\Users\boris\Downloads\FRST.exe
2017-02-12 10:27 - 2017-02-13 09:27 - 00000000 ____D C:\Users\boris\AppData\LocalLow\uTorrent
2017-02-08 10:02 - 2017-02-08 10:02 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-02-08 10:02 - 2017-02-08 10:02 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2017-02-08 10:02 - 2017-02-08 10:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2017-02-08 10:02 - 2017-02-08 10:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2017-02-08 10:02 - 2017-02-08 10:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2017-02-08 10:02 - 2017-02-08 10:02 - 00000000 ____D C:\Users\DefaultAppPool
2017-02-08 10:02 - 2016-10-08 03:20 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2017-02-08 09:56 - 2017-02-08 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 05:38 - 2017-02-07 05:38 - 00040256 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00035440 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-06 22:18 - 2017-02-06 22:18 - 00178957 _____ C:\Users\boris\Downloads\taxatieverslag.34400034304.2016.pdf
2017-02-06 22:13 - 2017-02-06 22:13 - 00106063 _____ C:\Users\boris\Downloads\AanslagBghU.pdf
2017-02-05 11:11 - 2017-02-05 11:11 - 00266375 _____ C:\Users\boris\Downloads\Hardenberg_Alcoholgebruikenrookgedragonderjongeren_jan2014.pdf
2017-02-05 11:02 - 2017-02-05 11:02 - 01631245 _____ C:\Users\boris\Downloads\02-Vergoedingenwijzer-2017-Zilveren Kruis met Vitaal-90483.pdf
2017-01-30 17:37 - 2017-01-30 17:37 - 00326152 _____ C:\Users\boris\Downloads\P1 2013-2014.pdf
2017-01-30 17:31 - 2017-01-30 17:31 - 00816174 _____ C:\Users\boris\Downloads\P3 2013-2014.pdf
2017-01-30 16:20 - 2017-01-30 16:20 - 01063298 _____ C:\Users\boris\Downloads\P3 Veiligheid in Organisaties 2014-2015.pdf
2017-01-30 16:20 - 2017-01-30 16:20 - 00931052 _____ C:\Users\boris\Downloads\P2 Veiligheid en onderzoek 2014-2015.pdf
2017-01-30 16:20 - 2017-01-30 16:20 - 00860181 _____ C:\Users\boris\Downloads\H2 Wijkveiligheidsbeleid 2014-2015.pdf
2017-01-30 16:20 - 2017-01-30 16:20 - 00679624 _____ C:\Users\boris\Downloads\H3 Security management 2014-2015.pdf
2017-01-30 16:20 - 2017-01-30 16:20 - 00627206 _____ C:\Users\boris\Downloads\P1 Dit is Integrale Veiligheid 2014-2015.pdf
2017-01-30 16:20 - 2017-01-30 16:20 - 00625624 _____ C:\Users\boris\Downloads\H1 Safety Management 2014-2015 versie 1.0.pdf
2017-01-30 16:20 - 2017-01-30 16:20 - 00609623 _____ C:\Users\boris\Downloads\H8 Visie op veiligheid 2014-2015.pdf
2017-01-30 16:20 - 2017-01-30 16:20 - 00568856 _____ C:\Users\boris\Downloads\H7 Werken in Netwerken 1415.pdf
2017-01-30 16:19 - 2017-01-30 16:19 - 00000000 ____D C:\Users\boris\Desktop\Nieuwe map (2)
2017-01-30 16:16 - 2017-01-30 16:16 - 00282803 _____ C:\Users\boris\Downloads\EPSON015 (1).pdf
2017-01-30 16:16 - 2017-01-30 16:16 - 00253714 _____ C:\Users\boris\Downloads\EPSON013 (1).pdf
2017-01-30 16:16 - 2017-01-30 16:16 - 00246223 _____ C:\Users\boris\Downloads\EPSON012 (1).pdf
2017-01-30 16:16 - 2017-01-30 16:16 - 00234601 _____ C:\Users\boris\Downloads\EPSON014 (1).pdf
2017-01-30 16:16 - 2017-01-30 16:16 - 00000000 ____D C:\Users\boris\Downloads\Nieuwe map
2017-01-25 13:24 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-20 21:02 - 2017-01-20 21:02 - 00001028 _____ C:\Users\Public\Desktop\ManyCam.lnk
2017-01-20 21:02 - 2017-01-20 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2017-01-20 21:02 - 2017-01-20 21:02 - 00000000 ____D C:\ProgramData\ManyCam
2017-01-20 21:01 - 2017-01-20 21:02 - 00000000 ____D C:\Users\boris\AppData\Roaming\ManyCam
2017-01-20 21:00 - 2017-01-20 21:00 - 00603640 _____ (Visicom Media inc.) C:\Users\boris\Downloads\ManyCamWebInstaller (7).exe
2017-01-19 16:25 - 2017-01-19 16:26 - 00145967 _____ C:\Users\boris\Downloads\Loonstrook 12-2016 (1).pdf
2017-01-19 16:25 - 2017-01-19 16:25 - 00145967 _____ C:\Users\boris\Downloads\Loonstrook 12-2016.pdf
2017-01-17 17:47 - 2017-01-17 17:47 - 00163792 _____ C:\Users\boris\Downloads\folder wiet.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-13 18:22 - 2015-05-08 14:18 - 00000000 ____D C:\TEMP
2017-02-13 18:21 - 2012-03-16 15:49 - 00000000 ____D C:\Users\boris\AppData\Roaming\uTorrent
2017-02-13 16:28 - 2015-05-21 11:17 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2017-02-13 10:22 - 2016-08-31 16:59 - 00000000 ____D C:\Users\boris\Documents\Jaar 1 Rechten NTI
2017-02-13 09:54 - 2016-10-08 03:05 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-13 09:28 - 2013-10-20 16:33 - 00000000 ___RD C:\Users\boris\Dropbox
2017-02-13 09:27 - 2016-07-23 11:18 - 00000000 ____D C:\Users\boris\AppData\Roaming\Event Monitor
2017-02-13 09:26 - 2016-10-08 03:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-13 09:26 - 2016-10-08 03:11 - 00000000 ____D C:\Users\boris
2017-02-11 18:12 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 17:09 - 2016-07-16 09:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-08 09:56 - 2016-06-16 10:28 - 00000000 ____D C:\Program Files\Dropbox
2017-02-07 19:11 - 2015-05-08 14:38 - 00002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 19:11 - 2015-05-08 14:38 - 00002236 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-25 13:24 - 2016-07-16 09:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-20 21:18 - 2016-05-26 11:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 21:04 - 2016-07-16 03:22 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-20 21:02 - 2016-07-13 21:42 - 00000000 ____D C:\Program Files\ManyCam
2017-01-20 20:25 - 2016-07-21 15:04 - 00002433 _____ C:\Users\boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-20 20:25 - 2016-07-21 15:04 - 00000000 ___RD C:\Users\boris\OneDrive
2017-01-14 17:23 - 2014-08-12 18:50 - 00000000 __SHD C:\Users\boris\AppData\LocalLow\EmieUserList
2017-01-14 17:23 - 2014-08-12 18:15 - 00000000 __SHD C:\Users\boris\AppData\LocalLow\EmieSiteList

==================== Files in the root of some directories =======

2015-03-14 22:56 - 2015-03-14 22:56 - 0000046 _____ () C:\Users\boris\AppData\Roaming\Camdata.ini
2015-03-14 22:56 - 2015-03-14 22:56 - 0000408 _____ () C:\Users\boris\AppData\Roaming\CamLayout.ini
2015-03-14 22:56 - 2015-03-14 22:56 - 0000408 _____ () C:\Users\boris\AppData\Roaming\CamShapes.ini
2015-03-14 22:56 - 2015-03-14 22:56 - 0004535 _____ () C:\Users\boris\AppData\Roaming\CamStudio.cfg
2013-10-11 20:29 - 2016-04-29 11:02 - 0138904 _____ () C:\Users\boris\AppData\Roaming\PnkBstrK.sys
2015-03-14 22:55 - 2015-03-14 22:55 - 0000096 _____ () C:\Users\boris\AppData\Roaming\version2.xml
2012-03-16 16:56 - 2012-07-02 14:21 - 0018944 _____ () C:\Users\boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-16 16:58 - 2012-03-16 16:58 - 0007605 _____ () C:\Users\boris\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\boris\.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-08 10:00

==================== End of FRST.txt ============================

--- Update ---

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2017
Ran by boris (13-02-2017 18:22:43)
Running from C:\Users\boris\Downloads
Microsoft Windows 10 Pro Version 1607 (X86) (2016-10-08 02:37:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3915288326-451774416-4169082938-500 - Administrator - Disabled)
boris (S-1-5-21-3915288326-451774416-4169082938-1000 - Administrator - Enabled) => C:\Users\boris


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Torrent (HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Allway Sync version 12.16.1 (HKLM\...\Allway Sync_is1) (Version: - Botkind Inc)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.22 - Atheros Communications Inc.)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BitLord 2.4 (HKLM\...\BitLord) (Version: 2.4.4-308 - House of Life)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lagarith lossless video codec (Remove Only) (HKLM\...\LAGARITH) (Version: - )
Logitech-webcamsoftware (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware versie 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManyCam 5.6.1 (HKLM\...\ManyCam) (Version: 5.6.1 - Visicom Media Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Medal of Honor: Pacific Assault (HKLM\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0413-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 nl) (HKLM\...\Mozilla Firefox 46.0.1 (x86 nl)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Origin (HKLM\...\Origin) (Version: 9.12.1.43352 - Electronic Arts, Inc.)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealDownloader (Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
System Requirements Lab CYRI (HKLM\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version: - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version: - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version: - Microsoft)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VIA Platform apparaatbeheer (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VSO Media Player 1.5.7.516 (HKLM\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.5.7.516 - VSO Software)
Winamp (HKLM\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Winamp Applicatie Detect (HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 10-upgradeassistent (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3915288326-451774416-4169082938-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> c:\TEMP\41CA.exe => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0065B82A-AB63-4B89-B2BE-3B87160466F4} - System32\Tasks\RunAtStartup => C:\Users\boris\AppData\Roaming\Event Monitor\em.exe [2016-11-25] () <==== ATTENTION
Task: {00D3880C-0600-43B2-B470-D1683E56D668} - \Microsoft\Windows\Maintenance\SMupdate2 -> No File <==== ATTENTION
Task: {059DE5FE-D3EB-4AA4-8A9B-C17D9232C07F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {09ED3440-226D-420A-B451-EAABE6C4FDF6} - \ShopperPro -> No File <==== ATTENTION
Task: {0B98EDF3-3E92-4753-8B5D-A2F413CF7966} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {0E063E4E-47F2-459C-AA14-DC6A20EBB5A5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3915288326-451774416-4169082938-1000 => c:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {12893AB5-067F-4B67-8155-F6DADD0DF9CB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {13CA9A5C-9767-4E0C-A4B8-825134840ADF} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {1C8457E0-0265-45F3-91FA-0CF1C998DD2E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {21B8F382-8B7E-4BAE-888D-59E52D7F832E} - \SimpleFiles Installer Starter -> No File <==== ATTENTION
Task: {22395CA2-1FA7-444F-B866-E22F23D8D35B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {251C9D70-C59B-4346-8D23-12385B245F30} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {2540F237-4F00-497D-9E99-AFE926CD0940} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {267759C6-E308-43D6-99B5-BB68767572F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {3709CDC6-EF8F-4EEB-A6BD-ACFD1279F918} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {381EF91E-16A4-4FCA-9C96-5E6DB570E83B} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {3B774ACE-57B3-4E5A-8760-9A06A0D0D16C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3915288326-451774416-4169082938-1000 => c:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {3C53E90A-AA81-45F1-B453-B8F0A34E08BE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {3C6D2117-47A0-4888-BF95-7860AFE2AAC6} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {3E3ADD18-20DB-4781-BF9A-99980FCBEB5C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {4136C9B2-6CDC-4923-A589-505F742677EF} - \YTDownloader -> No File <==== ATTENTION
Task: {41EB3524-F82C-4496-95E4-9AEF76637D32} - \Funmoods -> No File <==== ATTENTION
Task: {4A9205B3-344F-4745-913D-72788E3FAF03} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4BB64E17-AE06-4598-8671-2E082849A249} - System32\Tasks\{3EFDC478-A0D9-4FD2-8784-2112D9D7359C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.73.129.457/nl/abandoninstall?page=tsProgressBar
Task: {4EBD92D2-AB09-430B-A95E-112A62A7D1B6} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {5575F76E-15FC-4102-8D8F-CD352B27B540} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-02] (Adobe Systems Incorporated)
Task: {58122E01-022B-4D32-8037-A0E2BACF8A0A} - \LuckyTab -> No File <==== ATTENTION
Task: {59CAB280-1BC6-4466-8447-3F24BB9DA796} - \ASP -> No File <==== ATTENTION
Task: {5EFA00D9-4585-4239-BFC3-A97D72A16B52} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3915288326-451774416-4169082938-1000 => c:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {6A716181-31AB-409E-8AC9-A75EF3F1EDAA} - \LaunchSignup -> No File <==== ATTENTION
Task: {6CE12759-EA20-4422-8645-017D28026199} - \Microsoft\Windows\Multimedia\SMupdate3 -> No File <==== ATTENTION
Task: {6D5A1C81-6B4D-4333-ABAF-1690DE6FB4A8} - System32\Tasks\{C0B2A2C2-10BC-4E96-AE28-CB8DD9F2BFDD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.73.129.457/nl/abandoninstall?page=tsProgressBar
Task: {718AD78A-7726-41F1-906C-F0C7C5FE9942} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7612730B-05C5-43A9-BB34-04998FF7C7B5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-06-16] (Dropbox, Inc.)
Task: {767D5869-C460-488E-8354-1026F2A18F19} - \SPBIW_UpdateTask_Time_333932393432363732312d6c5b5a345b4132452d5a346c -> No File <==== ATTENTION
Task: {79101417-42A6-4408-A447-DD8E8EB3E909} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {7A395EF2-CB56-485D-A2E2-AB2D3DD7A172} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7DCBF260-D0C5-4341-BC64-3D893D428DA8} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {82AA5CE4-41A2-435E-90AD-7ED5FAF801AA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {886F310E-66ED-431B-9000-3A21D877B737} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-06-16] (Dropbox, Inc.)
Task: {8CEB6C2D-B287-4E58-B3B0-B5ED05B7828B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {8D54117F-DA52-47B0-8E69-198607AF5DAC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8FC5574E-FFF2-4BF9-9825-532FD6676D45} - \SPDriver -> No File <==== ATTENTION
Task: {912A3361-293B-4F50-977F-6FF60E5A26D6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {93E10B5E-B869-48F1-9329-9BD6E935A5FB} - \windealistSWU -> No File <==== ATTENTION
Task: {95332BE7-CD3D-4EBA-9C55-AF72B39117F8} - \ZKUKSKH -> No File <==== ATTENTION
Task: {958D2E2A-B2AB-4221-AB82-0968D68212C1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {A06EE362-F9F4-4155-8E04-BB3C4904C4FD} - \UNELEVATE_13100 -> No File <==== ATTENTION
Task: {A5135441-AC2B-44CD-B259-4619103763E3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3915288326-451774416-4169082938-1000 => c:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {A912A67E-40DF-4D4A-99BE-A727FEA351D4} - \SMupdate1 -> No File <==== ATTENTION
Task: {AD6E6D2E-46A3-48A7-BE53-527FAE1F036E} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {AE05A50C-2B13-4C67-BC46-A2CEEDFC36D7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B7023B4F-4FEF-415E-9EB8-9353A6C09F47} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BA03FFDC-8543-451D-AD25-64248DF1DA97} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {BB70DAB8-7304-4054-ADC0-1DF4198FF5E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {C69AD0BB-A807-48C3-87C5-093422670DF9} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {C82D2F60-978B-4C3D-A010-57D93801E5F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C9753A8B-9E53-4854-9F54-50E626885FE7} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\boris\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {D26255F8-30B6-4043-825E-D60AD171C0EC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D53ED639-E79F-4861-AC80-C18C2CA521BA} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: {D919F590-6AE0-46A4-9A55-868F1D7EFB7A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E18E2435-4341-4763-840F-33EDFB501EC8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E7932BB7-14AE-4AF0-9BF2-000D261F1C9E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EA0EA94F-7D53-410F-BC6E-AD5B349F81E7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {ED9EAE10-2888-4553-871F-0CD7AE878967} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3915288326-451774416-4169082938-1000 => c:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {EF3368E9-2430-4343-9562-4698238EA964} - \Your File Updater -> No File <==== ATTENTION
Task: {F66EE7B0-9D3E-40E0-8804-1CD22A4C55BE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FD2110D2-B125-469C-A867-ABAB497409A3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FEA3ABDC-8946-4717-AC5F-A61C00689A92} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3915288326-451774416-4169082938-1000 => c:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 09:25 - 2016-07-16 09:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 19:42 - 2016-12-09 11:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-12 14:16 - 2016-10-12 14:15 - 02493440 _____ () C:\Program Files\Origin\libGLESv2.dll
2016-04-29 10:58 - 2016-04-29 11:01 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-10 16:50 - 2014-06-10 16:50 - 00039568 _____ () c:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-10 21:03 - 2014-06-10 21:03 - 00023552 _____ () c:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2016-12-14 19:42 - 2016-12-09 11:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-16 09:25 - 2016-07-16 09:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 10:11 - 2016-12-21 05:42 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 10:12 - 2016-12-21 05:25 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 10:12 - 2016-12-21 05:21 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-08 12:59 - 2016-10-08 12:59 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 10:12 - 2016-12-21 05:22 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 10:12 - 2016-12-21 05:24 - 03158016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-23 11:18 - 2016-11-25 19:02 - 03324368 _____ () C:\Users\boris\AppData\Roaming\Event Monitor\em.exe
2017-02-08 09:55 - 2017-02-07 05:48 - 00801600 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2017-02-08 09:55 - 2017-01-14 00:53 - 00035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2017-02-08 09:55 - 2017-01-14 00:53 - 00100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2017-02-02 21:11 - 2017-01-14 00:53 - 00018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2017-02-02 21:11 - 2017-02-07 05:50 - 00019776 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2017-02-02 21:11 - 2017-01-14 00:53 - 00694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00020824 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-02-08 09:55 - 2017-01-14 00:54 - 00123856 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 01682768 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-08 09:55 - 2017-01-14 00:53 - 00145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2017-02-08 09:55 - 2017-01-14 00:54 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2017-02-08 09:55 - 2017-01-14 00:53 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2017-02-02 21:11 - 2017-01-14 00:56 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00052544 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00038712 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2017-02-08 09:55 - 2017-01-14 00:53 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2017-02-08 09:55 - 2017-01-14 00:56 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2017-02-02 21:11 - 2017-01-14 00:56 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2017-02-02 21:11 - 2017-02-07 05:50 - 00381760 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2017-02-02 21:11 - 2017-01-14 00:56 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-02-02 21:11 - 2017-01-14 00:56 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2017-02-08 09:55 - 2017-01-14 00:56 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2017-02-02 21:11 - 2017-01-14 00:56 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00246608 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-02-08 09:55 - 2017-01-14 00:55 - 00241104 _____ () C:\Program Files\Dropbox\Client\_jpegtran.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00022336 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 01826104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2017-02-02 21:11 - 2017-01-14 00:54 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 01972536 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 03928896 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00531264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00133432 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00224064 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00207680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00021840 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00069968 _____ () C:\Program Files\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00022872 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00022872 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00103232 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00025936 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-08 09:55 - 2017-01-14 00:51 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2017-02-08 09:55 - 2017-02-07 05:50 - 00033112 _____ () C:\Program Files\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-02-08 09:55 - 2016-12-22 07:58 - 00293392 _____ () C:\Program Files\Dropbox\Client\EnterpriseDataAdapter.dll
2017-02-08 09:55 - 2017-02-07 05:50 - 00084288 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-08 09:55 - 2017-01-14 01:02 - 00017864 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2017-02-08 09:55 - 2017-01-14 01:02 - 01631184 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2017-02-08 09:55 - 2017-02-07 05:50 - 00042816 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00171336 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00357688 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00546104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2017-02-02 21:11 - 2017-01-14 01:04 - 00697304 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2017-02-06 17:34 - 2017-02-06 17:34 - 00064512 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 17:34 - 2017-02-06 17:34 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 17:34 - 2017-02-06 17:34 - 30889472 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 17:34 - 2017-02-06 17:34 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\roottools.dll
2014-06-25 12:20 - 2014-06-25 12:20 - 00861784 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2017-02-07 19:11 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 19:11 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-05-08 13:42 - 00000841 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\boris\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Bureaubladachtergrond van Windows Live Photo Gallery.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PC Alert 4.lnk => C:\Windows\pss\PC Alert 4.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sitecom Wireless Utility.lnk => C:\Windows\pss\Sitecom Wireless Utility.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => LPort=808
FirewallRules: [{02C4959B-E0E3-47D7-B4F2-A915773F7411}] => C:\Program Files\Driver Updater Plus\dup.exe
FirewallRules: [{0C7D3870-4CE7-435C-A5C7-C12945E0660E}] => C:\ProgramData\Chromium\Chromium.exe
FirewallRules: [{33ECC2C1-042B-40BE-9213-38931C64D7F7}] => C:\Program Files\Chromium\Application\chrome.exe
FirewallRules: [{807B8787-48E9-496F-9846-EABBB3799919}] => C:\Program Files\Chromium\Update\ChromiumUpdate.exe
FirewallRules: [{5527948D-CA99-4A72-8009-829F1F5449F2}] => C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{78F92D16-8716-42D1-95D1-674B1806EB9B}] => C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{4C8D8729-EB80-4CD5-A25B-36D54B9A2479}] => C:\Program Files\Google\Google Talk\googletalk.exe
FirewallRules: [{67EE1321-0DE5-4381-95D2-CF4E94F903A4}] => C:\Program Files\Google\Google Talk\googletalk.exe
FirewallRules: [TCP Query User{17032619-4920-4C28-B351-D1DE9D67D730}C:\windows.old\program files\ares\ares.exe] => C:\windows.old\program files\ares\ares.exe
FirewallRules: [UDP Query User{67A0B1B4-427A-4C9B-BA3E-14915915D223}C:\windows.old\program files\ares\ares.exe] => C:\windows.old\program files\ares\ares.exe
FirewallRules: [{65DF7E43-6F72-480A-8861-A341C353D621}] => C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5E329E0D-D9BE-4102-87B1-1E2E6F035A7F}] => LPort=2869
FirewallRules: [{646FED02-FFF9-4A71-BF4C-C760BE8E5387}] => LPort=1900
FirewallRules: [{35E17949-742C-422C-A276-123582E1E598}] => C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{2F7F1A2C-0592-4768-AC80-97233FB411D7}C:\windows.old\program files\ares\ares.exe] => C:\windows.old\program files\ares\ares.exe
FirewallRules: [UDP Query User{DCAF6A06-5F49-4138-8577-BD0472F69E3A}C:\windows.old\program files\ares\ares.exe] => C:\windows.old\program files\ares\ares.exe
FirewallRules: [{80A7504D-0AEB-49F9-AB98-F96C37F20B92}] => C:\Program Files\GameSpy Arcade\Aphex.exe
FirewallRules: [{8988AEAB-CACD-4763-90A5-B6469C80453C}] => C:\Program Files\GameSpy Arcade\Aphex.exe
FirewallRules: [TCP Query User{40BFA317-7401-4CE3-82B3-9C49E50B7E76}C:\program files\mozilla firefox\plugin-container.exe] => C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{E48752C5-A2EF-4FFF-B3BF-9FF67EAD11F2}C:\program files\mozilla firefox\plugin-container.exe] => C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{6512B389-1D11-4608-AEB2-649CBC72CD0A}] => C:\Users\boris\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{27932D31-D3B2-4BEE-841E-052972111031}] => C:\Users\boris\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{713E57A1-8FE9-4CF6-9A1C-0611902D6FC9}C:\windows.old\program files\ea games\battlefield 2\bf2.exe] => C:\windows.old\program files\ea games\battlefield 2\bf2.exe
FirewallRules: [UDP Query User{FB6D643A-263B-4CA7-9548-E1E6A39946C1}C:\windows.old\program files\ea games\battlefield 2\bf2.exe] => C:\windows.old\program files\ea games\battlefield 2\bf2.exe
FirewallRules: [{E163DD93-3A01-42A4-B687-B6DA15F73A7E}] => C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{003413C0-38CA-4ED0-BCFA-7B8F5C96E3CC}] => C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{131CFFA8-3FD6-42F5-8C26-B392C5DC230A}] => C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{3E17F7C6-E49C-4438-A854-778E6B54D757}] => C:\Windows\System32\PnkBstrB.exe
FirewallRules: [TCP Query User{36A79D26-2B40-49DA-B365-21D206EFE92A}C:\windows.old\program files\ea games\battlefield 2\bf2.exe] => C:\windows.old\program files\ea games\battlefield 2\bf2.exe
FirewallRules: [UDP Query User{0E13C110-0C66-4745-A92D-30B8892F9449}C:\windows.old\program files\ea games\battlefield 2\bf2.exe] => C:\windows.old\program files\ea games\battlefield 2\bf2.exe
FirewallRules: [TCP Query User{9F5EBA78-56F6-4050-814C-E5B219D97CBA}C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1BB590E9-8863-443E-94BD-F20380F1AF41}C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{9319CC26-263B-4B7C-894E-6A45C4CDCCBE}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{725DDA4C-00B9-4E08-B415-41600CB08E50}C:\users\boris\downloads\fake_webcam_source_v6.1_downloader.exe] => C:\users\boris\downloads\fake_webcam_source_v6.1_downloader.exe
FirewallRules: [UDP Query User{E23097F4-229A-44A8-A4DE-82137F346D49}C:\users\boris\downloads\fake_webcam_source_v6.1_downloader.exe] => C:\users\boris\downloads\fake_webcam_source_v6.1_downloader.exe
FirewallRules: [{8930E7F0-0260-4C0C-8A3F-4268925322D1}] => c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{6C5A3894-11ED-4E6F-A668-39422D73BE75}] => C:\Users\boris\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1769CD20-6029-4454-8875-701550A634B0}] => C:\Users\boris\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E3DF0C5C-1D51-457E-82A5-D32A69EBC3C4}C:\program files\ea games\battlefield play4free\bfp4f.exe] => C:\program files\ea games\battlefield play4free\bfp4f.exe
FirewallRules: [UDP Query User{19A18823-0FEE-4F63-B43C-FD3C73903542}C:\program files\ea games\battlefield play4free\bfp4f.exe] => C:\program files\ea games\battlefield play4free\bfp4f.exe
FirewallRules: [TCP Query User{B1DABB2C-D395-46ED-9F01-8FE65B724D19}C:\users\boris\appdata\roaming\gameranger\gameranger\gameranger.exe] => C:\users\boris\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{10570515-2B38-47F1-8571-B8309852CF71}C:\users\boris\appdata\roaming\gameranger\gameranger\gameranger.exe] => C:\users\boris\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{C8B6E6E4-D0CF-471E-90BD-A05BE8DBB1B3}] => C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{71E9379C-604E-4C47-9195-8261D9A9898C}] => C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [TCP Query User{8344E5C7-4ED9-4A4E-AD56-2E8250181296}C:\users\boris\appdata\roaming\torntv.com\torntv downloader.exe] => C:\users\boris\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{148C44AA-5F05-4DD8-9D3D-66277ED36A8F}C:\users\boris\appdata\roaming\torntv.com\torntv downloader.exe] => C:\users\boris\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [{8D17514E-C8A4-49CE-AFA8-69956475FE82}] => C:\Users\boris\Downloads\CamDecoy_7.6.019_crack.rar_RAR_6.00M_downloader.exe
FirewallRules: [{C29BE23C-4417-46BF-8151-E05BBDB335B0}] => C:\Users\boris\Downloads\CamDecoy_7.6.019_crack.rar_RAR_6.00M_downloader.exe
FirewallRules: [{DD0F3781-2EC3-472D-9ABD-F0E599296D2E}] => C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{85BE3DFB-7C5C-4CDD-8198-BD9444FED5B0}] => C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{D44C4316-6E6B-4163-AAE3-5B4C5FFFEC57}] => C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{CB37E9C5-A6B8-4299-B6A3-230E88764213}] => C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{18FBD4B2-52FA-415B-A9B6-A1AB1DB6910C}] => C:\TEMP\Rar$EXa0.144\badoo_credits_generator_v1.1.rar.exe
FirewallRules: [{15D09878-05E6-40A8-A600-DF4ED76EBD0C}] => C:\TEMP\Rar$EXa0.144\badoo_credits_generator_v1.1.rar.exe
FirewallRules: [{3AEF798B-A124-486F-B279-8AB1B143462E}] => C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{5F173C3A-89E6-4CFB-89DA-2A93F97B214C}] => C:\Windows\System32\muzapp.exe
FirewallRules: [{2F1994F2-87C9-4008-9A3D-8D5F9189E08E}] => C:\Windows\System32\muzapp.exe
FirewallRules: [{638843EA-6607-4750-8F61-4E89C7E8AB70}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0DFD6BBD-2AB7-4F14-B956-45EB8F0BAD69}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4F08BD9A-81A2-46E2-9773-5AFEEB2B7E8A}] => C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{1BC488C6-79E1-4523-853A-C67BCB2862A8}] => C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{A32E138C-D4EA-4E80-896D-AB810A9C4A50}] => C:\Program Files\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
FirewallRules: [{35CAA6F6-59E1-4EB6-BDEF-FE11EC09BD3A}] => C:\Program Files\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
FirewallRules: [{37478700-92A8-4CE7-BA7B-E307033BEF1D}] => C:\Program Files\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
FirewallRules: [{B1922756-9C14-4EBD-8CA9-460E5C2DAF16}] => C:\Program Files\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
FirewallRules: [{40640606-D1A1-4830-B150-B0231B90FCF1}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{F748D2D3-29ED-494C-A1FB-45D0FC933297}] => C:\Program Files\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

22-01-2017 19:17:18 Scheduled Checkpoint
01-02-2017 10:38:39 Scheduled Checkpoint
10-02-2017 17:51:06 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2017 05:10:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Boris-PC)
Description: Het pakket windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel is beindigd omdat het onderbreken te lang duurde.

Error: (02/13/2017 09:26:45 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/11/2017 03:34:24 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:24 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:24 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:24 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:24 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:23 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:23 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:23 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)


System errors:
=============
Error: (02/13/2017 09:35:48 AM) (Source: DCOM) (EventID: 10010) (User: Boris-PC)
Description: De server {37998346-3765-45B1-8C66-AA88CA6B20B8} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.

Error: (02/13/2017 09:27:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
en APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (02/13/2017 09:26:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De NetTcpActivator-service is afhankelijk van de NetTcpPortSharing-service, die vanwege de volgende fout niet kan worden gestart:
Kan de service niet starten omdat deze is uitgeschakeld of omdat
het geen ingeschakelde apparaten met zich heeft verbonden.

Error: (02/13/2017 09:26:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 7:51:17 PM op ?2/?12/?2017 is onverwacht gebeurd.

Error: (02/12/2017 10:27:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
en APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (02/11/2017 03:34:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
en APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (02/11/2017 03:32:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De NetTcpActivator-service is afhankelijk van de NetTcpPortSharing-service, die vanwege de volgende fout niet kan worden gestart:
Kan de service niet starten omdat deze is uitgeschakeld of omdat
het geen ingeschakelde apparaten met zich heeft verbonden.

Error: (02/11/2017 03:32:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 11:00:28 PM op ?2/?10/?2017 is onverwacht gebeurd.

Error: (02/10/2017 05:01:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
en APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (02/08/2017 09:51:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
en APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


CodeIntegrity:
===================================
Date: 2017-02-13 09:54:40.282
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-11 22:09:51.741
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-08 10:00:33.217
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-06 18:08:32.798
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-05 09:42:26.768
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-03 16:22:41.558
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-03 16:22:41.552
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-03 16:22:41.436
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-03 16:22:41.432
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-03 16:22:41.428
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 45%
Total physical RAM: 3197.24 MB
Available physical RAM: 1757.21 MB
Total Virtual: 6397.24 MB
Available Virtual: 4265.25 MB

==================== Drives ================================

Drive c: (Big Volume) (Fixed) (Total:595.73 GB) (Free:258.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Local Disk Oud) (Fixed) (Total:18.13 GB) (Free:1.45 GB) NTFS
Drive e: (DATA Oud) (Fixed) (Total:27.04 GB) (Free:2.99 GB) NTFS
Drive f: (APPS Oud) (Fixed) (Total:31.15 GB) (Free:12.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 76.3 GB) (Disk ID: DF8FDF8F)
Partition 1: (Active) - (Size=18.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.2 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 5F1BA9A4)
Partition 1: (Active) - (Size=595.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

--- Update ---

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2017
Ran by boris (13-02-2017 18:22:43)
Running from C:\Users\boris\Downloads
Microsoft Windows 10 Pro Version 1607 (X86) (2016-10-08 02:37:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3915288326-451774416-4169082938-500 - Administrator - Disabled)
boris (S-1-5-21-3915288326-451774416-4169082938-1000 - Administrator - Enabled) => C:\Users\boris


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Torrent (HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Allway Sync version 12.16.1 (HKLM\...\Allway Sync_is1) (Version: - Botkind Inc)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.22 - Atheros Communications Inc.)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BitLord 2.4 (HKLM\...\BitLord) (Version: 2.4.4-308 - House of Life)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lagarith lossless video codec (Remove Only) (HKLM\...\LAGARITH) (Version: - )
Logitech-webcamsoftware (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware versie 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManyCam 5.6.1 (HKLM\...\ManyCam) (Version: 5.6.1 - Visicom Media Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Medal of Honor: Pacific Assault (HKLM\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0413-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 nl) (HKLM\...\Mozilla Firefox 46.0.1 (x86 nl)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Origin (HKLM\...\Origin) (Version: 9.12.1.43352 - Electronic Arts, Inc.)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealDownloader (Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
System Requirements Lab CYRI (HKLM\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version: - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version: - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version: - Microsoft)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VIA Platform apparaatbeheer (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VSO Media Player 1.5.7.516 (HKLM\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.5.7.516 - VSO Software)
Winamp (HKLM\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Winamp Applicatie Detect (HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 10-upgradeassistent (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3915288326-451774416-4169082938-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> c:\TEMP\41CA.exe => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0065B82A-AB63-4B89-B2BE-3B87160466F4} - System32\Tasks\RunAtStartup => C:\Users\boris\AppData\Roaming\Event Monitor\em.exe [2016-11-25] () <==== ATTENTION
Task: {00D3880C-0600-43B2-B470-D1683E56D668} - \Microsoft\Windows\Maintenance\SMupdate2 -> No File <==== ATTENTION
Task: {059DE5FE-D3EB-4AA4-8A9B-C17D9232C07F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {09ED3440-226D-420A-B451-EAABE6C4FDF6} - \ShopperPro -> No File <==== ATTENTION
Task: {0B98EDF3-3E92-4753-8B5D-A2F413CF7966} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {0E063E4E-47F2-459C-AA14-DC6A20EBB5A5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3915288326-451774416-4169082938-1000 => c:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {12893AB5-067F-4B67-8155-F6DADD0DF9CB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {13CA9A5C-9767-4E0C-A4B8-825134840ADF} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {1C8457E0-0265-45F3-91FA-0CF1C998DD2E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {21B8F382-8B7E-4BAE-888D-59E52D7F832E} - \SimpleFiles Installer Starter -> No File <==== ATTENTION
Task: {22395CA2-1FA7-444F-B866-E22F23D8D35B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {251C9D70-C59B-4346-8D23-12385B245F30} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {2540F237-4F00-497D-9E99-AFE926CD0940} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {267759C6-E308-43D6-99B5-BB68767572F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {3709CDC6-EF8F-4EEB-A6BD-ACFD1279F918} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {381EF91E-16A4-4FCA-9C96-5E6DB570E83B} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {3B774ACE-57B3-4E5A-8760-9A06A0D0D16C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3915288326-451774416-4169082938-1000 => c:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {3C53E90A-AA81-45F1-B453-B8F0A34E08BE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {3C6D2117-47A0-4888-BF95-7860AFE2AAC6} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {3E3ADD18-20DB-4781-BF9A-99980FCBEB5C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {4136C9B2-6CDC-4923-A589-505F742677EF} - \YTDownloader -> No File <==== ATTENTION
Task: {41EB3524-F82C-4496-95E4-9AEF76637D32} - \Funmoods -> No File <==== ATTENTION
Task: {4A9205B3-344F-4745-913D-72788E3FAF03} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4BB64E17-AE06-4598-8671-2E082849A249} - System32\Tasks\{3EFDC478-A0D9-4FD2-8784-2112D9D7359C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.73.129.457/nl/abandoninstall?page=tsProgressBar
Task: {4EBD92D2-AB09-430B-A95E-112A62A7D1B6} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {5575F76E-15FC-4102-8D8F-CD352B27B540} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-02] (Adobe Systems Incorporated)
Task: {58122E01-022B-4D32-8037-A0E2BACF8A0A} - \LuckyTab -> No File <==== ATTENTION
Task: {59CAB280-1BC6-4466-8447-3F24BB9DA796} - \ASP -> No File <==== ATTENTION
Task: {5EFA00D9-4585-4239-BFC3-A97D72A16B52} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3915288326-451774416-4169082938-1000 => c:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {6A716181-31AB-409E-8AC9-A75EF3F1EDAA} - \LaunchSignup -> No File <==== ATTENTION
Task: {6CE12759-EA20-4422-8645-017D28026199} - \Microsoft\Windows\Multimedia\SMupdate3 -> No File <==== ATTENTION
Task: {6D5A1C81-6B4D-4333-ABAF-1690DE6FB4A8} - System32\Tasks\{C0B2A2C2-10BC-4E96-AE28-CB8DD9F2BFDD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.73.129.457/nl/abandoninstall?page=tsProgressBar
Task: {718AD78A-7726-41F1-906C-F0C7C5FE9942} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7612730B-05C5-43A9-BB34-04998FF7C7B5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-06-16] (Dropbox, Inc.)
Task: {767D5869-C460-488E-8354-1026F2A18F19} - \SPBIW_UpdateTask_Time_333932393432363732312d6c5b5a345b4132452d5a346c -> No File <==== ATTENTION
Task: {79101417-42A6-4408-A447-DD8E8EB3E909} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {7A395EF2-CB56-485D-A2E2-AB2D3DD7A172} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7DCBF260-D0C5-4341-BC64-3D893D428DA8} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {82AA5CE4-41A2-435E-90AD-7ED5FAF801AA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {886F310E-66ED-431B-9000-3A21D877B737} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-06-16] (Dropbox, Inc.)
Task: {8CEB6C2D-B287-4E58-B3B0-B5ED05B7828B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {8D54117F-DA52-47B0-8E69-198607AF5DAC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8FC5574E-FFF2-4BF9-9825-532FD6676D45} - \SPDriver -> No File <==== ATTENTION
Task: {912A3361-293B-4F50-977F-6FF60E5A26D6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {93E10B5E-B869-48F1-9329-9BD6E935A5FB} - \windealistSWU -> No File <==== ATTENTION
Task: {95332BE7-CD3D-4EBA-9C55-AF72B39117F8} - \ZKUKSKH -> No File <==== ATTENTION
Task: {958D2E2A-B2AB-4221-AB82-0968D68212C1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {A06EE362-F9F4-4155-8E04-BB3C4904C4FD} - \UNELEVATE_13100 -> No File <==== ATTENTION
Task: {A5135441-AC2B-44CD-B259-4619103763E3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3915288326-451774416-4169082938-1000 => c:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {A912A67E-40DF-4D4A-99BE-A727FEA351D4} - \SMupdate1 -> No File <==== ATTENTION
Task: {AD6E6D2E-46A3-48A7-BE53-527FAE1F036E} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {AE05A50C-2B13-4C67-BC46-A2CEEDFC36D7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B7023B4F-4FEF-415E-9EB8-9353A6C09F47} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BA03FFDC-8543-451D-AD25-64248DF1DA97} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {BB70DAB8-7304-4054-ADC0-1DF4198FF5E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {C69AD0BB-A807-48C3-87C5-093422670DF9} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {C82D2F60-978B-4C3D-A010-57D93801E5F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C9753A8B-9E53-4854-9F54-50E626885FE7} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\boris\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {D26255F8-30B6-4043-825E-D60AD171C0EC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D53ED639-E79F-4861-AC80-C18C2CA521BA} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: {D919F590-6AE0-46A4-9A55-868F1D7EFB7A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E18E2435-4341-4763-840F-33EDFB501EC8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E7932BB7-14AE-4AF0-9BF2-000D261F1C9E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EA0EA94F-7D53-410F-BC6E-AD5B349F81E7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {ED9EAE10-2888-4553-871F-0CD7AE878967} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3915288326-451774416-4169082938-1000 => c:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {EF3368E9-2430-4343-9562-4698238EA964} - \Your File Updater -> No File <==== ATTENTION
Task: {F66EE7B0-9D3E-40E0-8804-1CD22A4C55BE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FD2110D2-B125-469C-A867-ABAB497409A3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FEA3ABDC-8946-4717-AC5F-A61C00689A92} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3915288326-451774416-4169082938-1000 => c:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 09:25 - 2016-07-16 09:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 19:42 - 2016-12-09 11:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-12 14:16 - 2016-10-12 14:15 - 02493440 _____ () C:\Program Files\Origin\libGLESv2.dll
2016-04-29 10:58 - 2016-04-29 11:01 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-10 16:50 - 2014-06-10 16:50 - 00039568 _____ () c:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-10 21:03 - 2014-06-10 21:03 - 00023552 _____ () c:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2016-12-14 19:42 - 2016-12-09 11:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-16 09:25 - 2016-07-16 09:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 10:11 - 2016-12-21 05:42 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 10:12 - 2016-12-21 05:25 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 10:12 - 2016-12-21 05:21 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-08 12:59 - 2016-10-08 12:59 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 10:12 - 2016-12-21 05:22 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 10:12 - 2016-12-21 05:24 - 03158016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-23 11:18 - 2016-11-25 19:02 - 03324368 _____ () C:\Users\boris\AppData\Roaming\Event Monitor\em.exe
2017-02-08 09:55 - 2017-02-07 05:48 - 00801600 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2017-02-08 09:55 - 2017-01-14 00:53 - 00035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2017-02-08 09:55 - 2017-01-14 00:53 - 00100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2017-02-02 21:11 - 2017-01-14 00:53 - 00018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2017-02-02 21:11 - 2017-02-07 05:50 - 00019776 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2017-02-02 21:11 - 2017-01-14 00:53 - 00694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00020824 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-02-08 09:55 - 2017-01-14 00:54 - 00123856 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 01682768 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-08 09:55 - 2017-01-14 00:53 - 00145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2017-02-08 09:55 - 2017-01-14 00:54 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2017-02-08 09:55 - 2017-01-14 00:53 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2017-02-02 21:11 - 2017-01-14 00:56 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00052544 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00038712 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2017-02-08 09:55 - 2017-01-14 00:53 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2017-02-08 09:55 - 2017-01-14 00:56 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2017-02-02 21:11 - 2017-01-14 00:56 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2017-02-02 21:11 - 2017-02-07 05:50 - 00381760 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2017-02-02 21:11 - 2017-01-14 00:56 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-02-02 21:11 - 2017-01-14 00:56 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2017-02-08 09:55 - 2017-01-14 00:56 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2017-02-02 21:11 - 2017-01-14 00:56 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00246608 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-02-08 09:55 - 2017-01-14 00:55 - 00241104 _____ () C:\Program Files\Dropbox\Client\_jpegtran.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00022336 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 01826104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2017-02-02 21:11 - 2017-01-14 00:54 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 01972536 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 03928896 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00531264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00133432 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00224064 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00207680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00021840 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00069968 _____ () C:\Program Files\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00022872 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00022872 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00103232 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00025936 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-08 09:55 - 2017-01-14 00:51 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2017-02-08 09:55 - 2017-02-07 05:50 - 00033112 _____ () C:\Program Files\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-02-08 09:55 - 2016-12-22 07:58 - 00293392 _____ () C:\Program Files\Dropbox\Client\EnterpriseDataAdapter.dll
2017-02-08 09:55 - 2017-02-07 05:50 - 00084288 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-08 09:55 - 2017-01-14 01:02 - 00017864 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2017-02-08 09:55 - 2017-01-14 01:02 - 01631184 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2017-02-08 09:55 - 2017-02-07 05:50 - 00042816 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00171336 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00357688 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2017-02-08 09:55 - 2017-01-14 00:57 - 00060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-08 09:55 - 2017-02-07 05:50 - 00546104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2017-02-02 21:11 - 2017-01-14 01:04 - 00697304 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2017-02-06 17:34 - 2017-02-06 17:34 - 00064512 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 17:34 - 2017-02-06 17:34 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 17:34 - 2017-02-06 17:34 - 30889472 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 17:34 - 2017-02-06 17:34 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x86__kzf8qxf38zg5c\roottools.dll
2014-06-25 12:20 - 2014-06-25 12:20 - 00861784 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2017-02-07 19:11 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 19:11 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-05-08 13:42 - 00000841 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\boris\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Bureaubladachtergrond van Windows Live Photo Gallery.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PC Alert 4.lnk => C:\Windows\pss\PC Alert 4.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sitecom Wireless Utility.lnk => C:\Windows\pss\Sitecom Wireless Utility.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => LPort=808
FirewallRules: [{02C4959B-E0E3-47D7-B4F2-A915773F7411}] => C:\Program Files\Driver Updater Plus\dup.exe
FirewallRules: [{0C7D3870-4CE7-435C-A5C7-C12945E0660E}] => C:\ProgramData\Chromium\Chromium.exe
FirewallRules: [{33ECC2C1-042B-40BE-9213-38931C64D7F7}] => C:\Program Files\Chromium\Application\chrome.exe
FirewallRules: [{807B8787-48E9-496F-9846-EABBB3799919}] => C:\Program Files\Chromium\Update\ChromiumUpdate.exe
FirewallRules: [{5527948D-CA99-4A72-8009-829F1F5449F2}] => C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{78F92D16-8716-42D1-95D1-674B1806EB9B}] => C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{4C8D8729-EB80-4CD5-A25B-36D54B9A2479}] => C:\Program Files\Google\Google Talk\googletalk.exe
FirewallRules: [{67EE1321-0DE5-4381-95D2-CF4E94F903A4}] => C:\Program Files\Google\Google Talk\googletalk.exe
FirewallRules: [TCP Query User{17032619-4920-4C28-B351-D1DE9D67D730}C:\windows.old\program files\ares\ares.exe] => C:\windows.old\program files\ares\ares.exe
FirewallRules: [UDP Query User{67A0B1B4-427A-4C9B-BA3E-14915915D223}C:\windows.old\program files\ares\ares.exe] => C:\windows.old\program files\ares\ares.exe
FirewallRules: [{65DF7E43-6F72-480A-8861-A341C353D621}] => C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5E329E0D-D9BE-4102-87B1-1E2E6F035A7F}] => LPort=2869
FirewallRules: [{646FED02-FFF9-4A71-BF4C-C760BE8E5387}] => LPort=1900
FirewallRules: [{35E17949-742C-422C-A276-123582E1E598}] => C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{2F7F1A2C-0592-4768-AC80-97233FB411D7}C:\windows.old\program files\ares\ares.exe] => C:\windows.old\program files\ares\ares.exe
FirewallRules: [UDP Query User{DCAF6A06-5F49-4138-8577-BD0472F69E3A}C:\windows.old\program files\ares\ares.exe] => C:\windows.old\program files\ares\ares.exe
FirewallRules: [{80A7504D-0AEB-49F9-AB98-F96C37F20B92}] => C:\Program Files\GameSpy Arcade\Aphex.exe
FirewallRules: [{8988AEAB-CACD-4763-90A5-B6469C80453C}] => C:\Program Files\GameSpy Arcade\Aphex.exe
FirewallRules: [TCP Query User{40BFA317-7401-4CE3-82B3-9C49E50B7E76}C:\program files\mozilla firefox\plugin-container.exe] => C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{E48752C5-A2EF-4FFF-B3BF-9FF67EAD11F2}C:\program files\mozilla firefox\plugin-container.exe] => C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{6512B389-1D11-4608-AEB2-649CBC72CD0A}] => C:\Users\boris\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{27932D31-D3B2-4BEE-841E-052972111031}] => C:\Users\boris\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{713E57A1-8FE9-4CF6-9A1C-0611902D6FC9}C:\windows.old\program files\ea games\battlefield 2\bf2.exe] => C:\windows.old\program files\ea games\battlefield 2\bf2.exe
FirewallRules: [UDP Query User{FB6D643A-263B-4CA7-9548-E1E6A39946C1}C:\windows.old\program files\ea games\battlefield 2\bf2.exe] => C:\windows.old\program files\ea games\battlefield 2\bf2.exe
FirewallRules: [{E163DD93-3A01-42A4-B687-B6DA15F73A7E}] => C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{003413C0-38CA-4ED0-BCFA-7B8F5C96E3CC}] => C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{131CFFA8-3FD6-42F5-8C26-B392C5DC230A}] => C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{3E17F7C6-E49C-4438-A854-778E6B54D757}] => C:\Windows\System32\PnkBstrB.exe
FirewallRules: [TCP Query User{36A79D26-2B40-49DA-B365-21D206EFE92A}C:\windows.old\program files\ea games\battlefield 2\bf2.exe] => C:\windows.old\program files\ea games\battlefield 2\bf2.exe
FirewallRules: [UDP Query User{0E13C110-0C66-4745-A92D-30B8892F9449}C:\windows.old\program files\ea games\battlefield 2\bf2.exe] => C:\windows.old\program files\ea games\battlefield 2\bf2.exe
FirewallRules: [TCP Query User{9F5EBA78-56F6-4050-814C-E5B219D97CBA}C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1BB590E9-8863-443E-94BD-F20380F1AF41}C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{9319CC26-263B-4B7C-894E-6A45C4CDCCBE}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{725DDA4C-00B9-4E08-B415-41600CB08E50}C:\users\boris\downloads\fake_webcam_source_v6.1_downloader.exe] => C:\users\boris\downloads\fake_webcam_source_v6.1_downloader.exe
FirewallRules: [UDP Query User{E23097F4-229A-44A8-A4DE-82137F346D49}C:\users\boris\downloads\fake_webcam_source_v6.1_downloader.exe] => C:\users\boris\downloads\fake_webcam_source_v6.1_downloader.exe
FirewallRules: [{8930E7F0-0260-4C0C-8A3F-4268925322D1}] => c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{6C5A3894-11ED-4E6F-A668-39422D73BE75}] => C:\Users\boris\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1769CD20-6029-4454-8875-701550A634B0}] => C:\Users\boris\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E3DF0C5C-1D51-457E-82A5-D32A69EBC3C4}C:\program files\ea games\battlefield play4free\bfp4f.exe] => C:\program files\ea games\battlefield play4free\bfp4f.exe
FirewallRules: [UDP Query User{19A18823-0FEE-4F63-B43C-FD3C73903542}C:\program files\ea games\battlefield play4free\bfp4f.exe] => C:\program files\ea games\battlefield play4free\bfp4f.exe
FirewallRules: [TCP Query User{B1DABB2C-D395-46ED-9F01-8FE65B724D19}C:\users\boris\appdata\roaming\gameranger\gameranger\gameranger.exe] => C:\users\boris\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{10570515-2B38-47F1-8571-B8309852CF71}C:\users\boris\appdata\roaming\gameranger\gameranger\gameranger.exe] => C:\users\boris\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{C8B6E6E4-D0CF-471E-90BD-A05BE8DBB1B3}] => C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{71E9379C-604E-4C47-9195-8261D9A9898C}] => C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [TCP Query User{8344E5C7-4ED9-4A4E-AD56-2E8250181296}C:\users\boris\appdata\roaming\torntv.com\torntv downloader.exe] => C:\users\boris\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{148C44AA-5F05-4DD8-9D3D-66277ED36A8F}C:\users\boris\appdata\roaming\torntv.com\torntv downloader.exe] => C:\users\boris\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [{8D17514E-C8A4-49CE-AFA8-69956475FE82}] => C:\Users\boris\Downloads\CamDecoy_7.6.019_crack.rar_RAR_6.00M_downloader.exe
FirewallRules: [{C29BE23C-4417-46BF-8151-E05BBDB335B0}] => C:\Users\boris\Downloads\CamDecoy_7.6.019_crack.rar_RAR_6.00M_downloader.exe
FirewallRules: [{DD0F3781-2EC3-472D-9ABD-F0E599296D2E}] => C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{85BE3DFB-7C5C-4CDD-8198-BD9444FED5B0}] => C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{D44C4316-6E6B-4163-AAE3-5B4C5FFFEC57}] => C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{CB37E9C5-A6B8-4299-B6A3-230E88764213}] => C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{18FBD4B2-52FA-415B-A9B6-A1AB1DB6910C}] => C:\TEMP\Rar$EXa0.144\badoo_credits_generator_v1.1.rar.exe
FirewallRules: [{15D09878-05E6-40A8-A600-DF4ED76EBD0C}] => C:\TEMP\Rar$EXa0.144\badoo_credits_generator_v1.1.rar.exe
FirewallRules: [{3AEF798B-A124-486F-B279-8AB1B143462E}] => C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{5F173C3A-89E6-4CFB-89DA-2A93F97B214C}] => C:\Windows\System32\muzapp.exe
FirewallRules: [{2F1994F2-87C9-4008-9A3D-8D5F9189E08E}] => C:\Windows\System32\muzapp.exe
FirewallRules: [{638843EA-6607-4750-8F61-4E89C7E8AB70}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0DFD6BBD-2AB7-4F14-B956-45EB8F0BAD69}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4F08BD9A-81A2-46E2-9773-5AFEEB2B7E8A}] => C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{1BC488C6-79E1-4523-853A-C67BCB2862A8}] => C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{A32E138C-D4EA-4E80-896D-AB810A9C4A50}] => C:\Program Files\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
FirewallRules: [{35CAA6F6-59E1-4EB6-BDEF-FE11EC09BD3A}] => C:\Program Files\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
FirewallRules: [{37478700-92A8-4CE7-BA7B-E307033BEF1D}] => C:\Program Files\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
FirewallRules: [{B1922756-9C14-4EBD-8CA9-460E5C2DAF16}] => C:\Program Files\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
FirewallRules: [{40640606-D1A1-4830-B150-B0231B90FCF1}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{F748D2D3-29ED-494C-A1FB-45D0FC933297}] => C:\Program Files\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

22-01-2017 19:17:18 Scheduled Checkpoint
01-02-2017 10:38:39 Scheduled Checkpoint
10-02-2017 17:51:06 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2017 05:10:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Boris-PC)
Description: Het pakket windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel is beindigd omdat het onderbreken te lang duurde.

Error: (02/13/2017 09:26:45 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/11/2017 03:34:24 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:24 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:24 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:24 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:24 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:23 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:23 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/11/2017 03:34:23 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt.

Details:
(HRESULT : 0x80040210) (0x80040210)


System errors:
=============
Error: (02/13/2017 09:35:48 AM) (Source: DCOM) (EventID: 10010) (User: Boris-PC)
Description: De server {37998346-3765-45B1-8C66-AA88CA6B20B8} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.

Error: (02/13/2017 09:27:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
en APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (02/13/2017 09:26:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De NetTcpActivator-service is afhankelijk van de NetTcpPortSharing-service, die vanwege de volgende fout niet kan worden gestart:
Kan de service niet starten omdat deze is uitgeschakeld of omdat
het geen ingeschakelde apparaten met zich heeft verbonden.

Error: (02/13/2017 09:26:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 7:51:17 PM op ?2/?12/?2017 is onverwacht gebeurd.

Error: (02/12/2017 10:27:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
en APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (02/11/2017 03:34:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
en APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (02/11/2017 03:32:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De NetTcpActivator-service is afhankelijk van de NetTcpPortSharing-service, die vanwege de volgende fout niet kan worden gestart:
Kan de service niet starten omdat deze is uitgeschakeld of omdat
het geen ingeschakelde apparaten met zich heeft verbonden.

Error: (02/11/2017 03:32:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 11:00:28 PM op ?2/?10/?2017 is onverwacht gebeurd.

Error: (02/10/2017 05:01:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
en APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (02/08/2017 09:51:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
en APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


CodeIntegrity:
===================================
Date: 2017-02-13 09:54:40.282
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-11 22:09:51.741
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-08 10:00:33.217
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-06 18:08:32.798
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-05 09:42:26.768
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-03 16:22:41.558
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-03 16:22:41.552
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-03 16:22:41.436
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-03 16:22:41.432
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-03 16:22:41.428
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 45%
Total physical RAM: 3197.24 MB
Available physical RAM: 1757.21 MB
Total Virtual: 6397.24 MB
Available Virtual: 4265.25 MB

==================== Drives ================================

Drive c: (Big Volume) (Fixed) (Total:595.73 GB) (Free:258.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Local Disk Oud) (Fixed) (Total:18.13 GB) (Free:1.45 GB) NTFS
Drive e: (DATA Oud) (Fixed) (Total:27.04 GB) (Free:2.99 GB) NTFS
Drive f: (APPS Oud) (Fixed) (Total:31.15 GB) (Free:12.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 76.3 GB) (Disk ID: DF8FDF8F)
Partition 1: (Active) - (Size=18.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.2 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 5F1BA9A4)
Partition 1: (Active) - (Size=595.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

--- Update ---

Bedankt voor je bericht, Abraham!

Hopelijk kan je me helpen en kan je hier wat mee....
Het zijn wel persoonlijke computergegevens als ik zo kijk maar ik heb niks te verbergen dus ja.. haha!

Ik hoor graag van je.

Groetjes,
 
Dit wordt dan de eerste fix, maar daarna zijn we nog lang niet klaar.


Waarschuwing: onderstaande bewerking is enkel voor deze computer bedoeld, het toepassen hiervan in een andere computer kan tot schade in Windows leiden.


We gaan
51a5c8edc4692-icon1337952077.png


Farbar Recovery Scan Tool (FRST.exe) opnieuw gebruiken.

Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programmas\Bureau-accessoires\Kladblok (of Notepad)".
Kopieer en plak de volgende (blauwe tekst in het code-venster) in het lege kladblokvenster.

Code:
[B][color=#0000FF]
start

Gebruik jij enkel de RealVideo downloader om YouTube video's te downloaden?
Verwijder Apple Quictime - Apple ondersteunt dit tool al lang niet meer en het is daarom een beveiligingsprobleem!
Na des-installatie de computer opnieuw opstarten.


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

AppInit_DLLs: c:\progra~1\sw-boo~1\assist~1.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTe rms}
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-04-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\cfg [2015-04-26] <==== ATTENTION
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M0 1E5793E-A347-4E91-8C0A-5E56196B4131&SearchSource=55&CUI=&UM=8&UP=SPE9BA70 BA-7CC0-43B8-AB7C-4F6765A29FB9&D=032115&SSPV=SP2220TA_sp_ch","hxxp://www.mystartsearch.com/?type=hppp&ts=1425149725&from=ima&uid=MaxtorX6Y080 L0_Y2AKN7ZC","hxxp://binkiland.com/?f=7&a=bnk_ir_15_11&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0Ay DyCtDtAyEtB0F0C0DtCyDtN0D0Tzu0StCtCyCzztN1L2XzutAt FzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1 L1Qzu2SyC0FzyzytAzytB0BtG0Bzy0BzytGzzyC0FtDtGtC0Et BtCtGyCyB0AtAyCzy0FtCyDzz0C0B2QtN1M1F1B2Z1V1N2Y1L1 Qzu2SyC0FtDyCtAtDyB0FtG0C0E0AyBtGyE0Czz0AtG0A0CyC0 AtG0ByC0EyEzz0B0Czz0AtC0C0F2Q&cr=2045885007&ir="
CustomCLSID: HKU\S-1-5-21-3915288326-451774416-4169082938-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> c:\TEMP\41CA.exe => No File
c:\TEMP\41CA.ex
Task: {0065B82A-AB63-4B89-B2BE-3B87160466F4} - System32\Tasks\RunAtStartup => C:\Users\boris\AppData\Roaming\Event Monitor\em.exe [2016-11-25] () <==== ATTENTION
Task: {00D3880C-0600-43B2-B470-D1683E56D668} - \Microsoft\Windows\Maintenance\SMupdate2 -> No File <==== ATTENTION
C:\Users\boris\AppData\Roaming\Event Monitor
Task: {09ED3440-226D-420A-B451-EAABE6C4FDF6} - \ShopperPro -> No File <==== ATTENTION
Task: {0B98EDF3-3E92-4753-8B5D-A2F413CF7966} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Microsoft\Windows\Setup\EOONotify
Task: {12893AB5-067F-4B67-8155-F6DADD0DF9CB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled =>
Task: {13CA9A5C-9767-4E0C-A4B8-825134840ADF} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {1C8457E0-0265-45F3-91FA-0CF1C998DD2E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {21B8F382-8B7E-4BAE-888D-59E52D7F832E} - \SimpleFiles Installer Starter -> No File <==== ATTENTION
Task: {22395CA2-1FA7-444F-B866-E22F23D8D35B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {251C9D70-C59B-4346-8D23-12385B245F30} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {2540F237-4F00-497D-9E99-AFE926CD0940} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {3709CDC6-EF8F-4EEB-A6BD-ACFD1279F918} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {381EF91E-16A4-4FCA-9C96-5E6DB570E83B} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {3C6D2117-47A0-4888-BF95-7860AFE2AAC6} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {4136C9B2-6CDC-4923-A589-505F742677EF} - \YTDownloader -> No File <==== ATTENTION
Task: {41EB3524-F82C-4496-95E4-9AEF76637D32} - \Funmoods -> No File <==== ATTENTION
Task: {4A9205B3-344F-4745-913D-72788E3FAF03} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {58122E01-022B-4D32-8037-A0E2BACF8A0A} - \LuckyTab -> No File <==== ATTENTION
Task: {59CAB280-1BC6-4466-8447-3F24BB9DA796} - \ASP -> No File <==== ATTENTION
Task: {718AD78A-7726-41F1-906C-F0C7C5FE9942} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {79101417-42A6-4408-A447-DD8E8EB3E909} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {7A395EF2-CB56-485D-A2E2-AB2D3DD7A172} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7DCBF260-D0C5-4341-BC64-3D893D428DA8} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {82AA5CE4-41A2-435E-90AD-7ED5FAF801AA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {8CEB6C2D-B287-4E58-B3B0-B5ED05B7828B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {8FC5574E-FFF2-4BF9-9825-532FD6676D45} - \SPDriver -> No File <==== ATTENTION
Task: {912A3361-293B-4F50-977F-6FF60E5A26D6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {93E10B5E-B869-48F1-9329-9BD6E935A5FB} - \windealistSWU -> No File <==== ATTENTION
Task: {95332BE7-CD3D-4EBA-9C55-AF72B39117F8} - \ZKUKSKH -> No File <==== ATTENTION
Task: {958D2E2A-B2AB-4221-AB82-0968D68212C1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {A06EE362-F9F4-4155-8E04-BB3C4904C4FD} - \UNELEVATE_13100 -> No File <==== ATTENTIONTask: {A912A67E-40DF-4D4A-99BE-A727FEA351D4} - \SMupdate1 -> No File <==== ATTENTION
Task: {AD6E6D2E-46A3-48A7-BE53-527FAE1F036E} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {AE05A50C-2B13-4C67-BC46-A2CEEDFC36D7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B7023B4F-4FEF-415E-9EB8-9353A6C09F47} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {C69AD0BB-A807-48C3-87C5-093422670DF9} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {D26255F8-30B6-4043-825E-D60AD171C0EC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D53ED639-E79F-4861-AC80-C18C2CA521BA} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: {D919F590-6AE0-46A4-9A55-868F1D7EFB7A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E18E2435-4341-4763-840F-33EDFB501EC8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E7932BB7-14AE-4AF0-9BF2-000D261F1C9E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EA0EA94F-7D53-410F-BC6E-AD5B349F81E7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {EF3368E9-2430-4343-9562-4698238EA964} - \Your File Updater -> No File <==== ATTENTION
Task: {F66EE7B0-9D3E-40E0-8804-1CD22A4C55BE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FD2110D2-B125-469C-A867-ABAB497409A3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\webcompanion.com -> hxxp://webcompanion.com

cmd: ipconfig /flushdns
cmd: netsh winsock reset
[/COLOR][/B]

Sla nu dit kladblokbestand in de dezelfde locatie waar ook FRST.exe aanwezig is op als Fixlist.txt

Farbar Recovery Scan Tool (FRST.exe) met de fixlist.txt gebruiken
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op FRST.exe en kies voor "Als Administrator uitvoeren".
  • Als het programma wordt gestart, klik dan op Ja in de popup.
  • Druk op de Fix knop.
  • Na de fix wordt een logbestand - Fixlog.txt - in dezelfde locatie aangemaakt van waaruit FRST.exe is gestart.
  • Post de inhoud van dit logbestand in jouw volgende bericht.
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 12-02-2017
Ran by boris (13-02-2017 21:31:14) Run:1
Running from C:\Users\boris\Downloads
Loaded Profiles: boris (Available Profiles: boris & willem & Edmee & DefaultAppPool)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

Gebruik jij enkel de RealVideo downloader om YouTube video's te downloaden?
Verwijder Apple Quictime - Apple ondersteunt dit tool al lang niet meer en het is daarom een beveiligingsprobleem!
Na des-installatie de computer opnieuw opstarten.


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

AppInit_DLLs: c:\progra~1\sw-boo~1\assist~1.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTe rms}
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-04-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\cfg [2015-04-26] <==== ATTENTION
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M0 1E5793E-A347-4E91-8C0A-5E56196B4131&SearchSource=55&CUI=&UM=8&UP=SPE9BA70 BA-7CC0-43B8-AB7C-4F6765A29FB9&D=032115&SSPV=SP2220TA_sp_ch","hxxp://www.mystartsearch.com/?type=hppp&ts=1425149725&from=ima&uid=MaxtorX6Y080 L0_Y2AKN7ZC","hxxp://binkiland.com/?f=7&a=bnk_ir_15_11&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0Ay DyCtDtAyEtB0F0C0DtCyDtN0D0Tzu0StCtCyCzztN1L2XzutAt FzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1 L1Qzu2SyC0FzyzytAzytB0BtG0Bzy0BzytGzzyC0FtDtGtC0Et BtCtGyCyB0AtAyCzy0FtCyDzz0C0B2QtN1M1F1B2Z1V1N2Y1L1 Qzu2SyC0FtDyCtAtDyB0FtG0C0E0AyBtGyE0Czz0AtG0A0CyC0 AtG0ByC0EyEzz0B0Czz0AtC0C0F2Q&cr=2045885007&ir="
CustomCLSID: HKU\S-1-5-21-3915288326-451774416-4169082938-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> c:\TEMP\41CA.exe => No File
c:\TEMP\41CA.ex
Task: {0065B82A-AB63-4B89-B2BE-3B87160466F4} - System32\Tasks\RunAtStartup => C:\Users\boris\AppData\Roaming\Event Monitor\em.exe [2016-11-25] () <==== ATTENTION
Task: {00D3880C-0600-43B2-B470-D1683E56D668} - \Microsoft\Windows\Maintenance\SMupdate2 -> No File <==== ATTENTION
C:\Users\boris\AppData\Roaming\Event Monitor
Task: {09ED3440-226D-420A-B451-EAABE6C4FDF6} - \ShopperPro -> No File <==== ATTENTION
Task: {0B98EDF3-3E92-4753-8B5D-A2F413CF7966} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Microsoft\Windows\Setup\EOONotify
Task: {12893AB5-067F-4B67-8155-F6DADD0DF9CB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled =>
Task: {13CA9A5C-9767-4E0C-A4B8-825134840ADF} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {1C8457E0-0265-45F3-91FA-0CF1C998DD2E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {21B8F382-8B7E-4BAE-888D-59E52D7F832E} - \SimpleFiles Installer Starter -> No File <==== ATTENTION
Task: {22395CA2-1FA7-444F-B866-E22F23D8D35B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {251C9D70-C59B-4346-8D23-12385B245F30} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {2540F237-4F00-497D-9E99-AFE926CD0940} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3709CDC6-EF8F-4EEB-A6BD-ACFD1279F918} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {381EF91E-16A4-4FCA-9C96-5E6DB570E83B} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {3C6D2117-47A0-4888-BF95-7860AFE2AAC6} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {4136C9B2-6CDC-4923-A589-505F742677EF} - \YTDownloader -> No File <==== ATTENTION
Task: {41EB3524-F82C-4496-95E4-9AEF76637D32} - \Funmoods -> No File <==== ATTENTION
Task: {4A9205B3-344F-4745-913D-72788E3FAF03} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {58122E01-022B-4D32-8037-A0E2BACF8A0A} - \LuckyTab -> No File <==== ATTENTION
Task: {59CAB280-1BC6-4466-8447-3F24BB9DA796} - \ASP -> No File <==== ATTENTION
Task: {718AD78A-7726-41F1-906C-F0C7C5FE9942} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {79101417-42A6-4408-A447-DD8E8EB3E909} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {7A395EF2-CB56-485D-A2E2-AB2D3DD7A172} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7DCBF260-D0C5-4341-BC64-3D893D428DA8} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {82AA5CE4-41A2-435E-90AD-7ED5FAF801AA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {8CEB6C2D-B287-4E58-B3B0-B5ED05B7828B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {8FC5574E-FFF2-4BF9-9825-532FD6676D45} - \SPDriver -> No File <==== ATTENTION
Task: {912A3361-293B-4F50-977F-6FF60E5A26D6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {93E10B5E-B869-48F1-9329-9BD6E935A5FB} - \windealistSWU -> No File <==== ATTENTION
Task: {95332BE7-CD3D-4EBA-9C55-AF72B39117F8} - \ZKUKSKH -> No File <==== ATTENTION
Task: {958D2E2A-B2AB-4221-AB82-0968D68212C1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {A06EE362-F9F4-4155-8E04-BB3C4904C4FD} - \UNELEVATE_13100 -> No File <==== ATTENTIONTask: {A912A67E-40DF-4D4A-99BE-A727FEA351D4} - \SMupdate1 -> No File <==== ATTENTION
Task: {AD6E6D2E-46A3-48A7-BE53-527FAE1F036E} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {AE05A50C-2B13-4C67-BC46-A2CEEDFC36D7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B7023B4F-4FEF-415E-9EB8-9353A6C09F47} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C69AD0BB-A807-48C3-87C5-093422670DF9} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {D26255F8-30B6-4043-825E-D60AD171C0EC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D53ED639-E79F-4861-AC80-C18C2CA521BA} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: {D919F590-6AE0-46A4-9A55-868F1D7EFB7A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E18E2435-4341-4763-840F-33EDFB501EC8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E7932BB7-14AE-4AF0-9BF2-000D261F1C9E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EA0EA94F-7D53-410F-BC6E-AD5B349F81E7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EF3368E9-2430-4343-9562-4698238EA964} - \Your File Updater -> No File <==== ATTENTION
Task: {F66EE7B0-9D3E-40E0-8804-1CD22A4C55BE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FD2110D2-B125-469C-A867-ABAB497409A3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\...\webcompanion.com -> hxxp://webcompanion.com

cmd: ipconfig /flushdns
cmd: netsh winsock reset
*****************

Gebruik jij enkel de RealVideo downloader om YouTube video's te downloaden? => Error: No automatic fix found for this entry.
Verwijder Apple Quictime - Apple ondersteunt dit tool al lang niet meer en het is daarom een beveiligingsprobleem! => Error: No automatic fix found for this entry.
Na des-installatie de computer opnieuw opstarten. => Error: No automatic fix found for this entry.
Restore point was successfully created.
Processes closed successfully.
"c:\progra~1\sw-boo~1\assist~1.dll" => Value data removed successfully..
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key removed successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.
HKCR\PROTOCOLS\Handler\livecall => key not found.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
HKCR\PROTOCOLS\Handler\msnim => key not found.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
HKCR\PROTOCOLS\Handler\skype4com => key not found.
HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.
C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js => moved successfully
C:\Program Files\mozilla firefox\cfg => moved successfully
Chrome StartupUrls => removed successfully.
HKU\S-1-5-21-3915288326-451774416-4169082938-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5} => key removed successfully.
"c:\TEMP\41CA.ex" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0065B82A-AB63-4B89-B2BE-3B87160466F4} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0065B82A-AB63-4B89-B2BE-3B87160466F4} => key removed successfully.
C:\Windows\System32\Tasks\RunAtStartup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAtStartup => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00D3880C-0600-43B2-B470-D1683E56D668} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00D3880C-0600-43B2-B470-D1683E56D668} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2 => key removed successfully.
C:\Users\boris\AppData\Roaming\Event Monitor => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09ED3440-226D-420A-B451-EAABE6C4FDF6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09ED3440-226D-420A-B451-EAABE6C4FDF6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0B98EDF3-3E92-4753-8B5D-A2F413CF7966} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B98EDF3-3E92-4753-8B5D-A2F413CF7966} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOONotify => key removed successfully.
Microsoft\Windows\Setup\EOONotify => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12893AB5-067F-4B67-8155-F6DADD0DF9CB} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12893AB5-067F-4B67-8155-F6DADD0DF9CB} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled => => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13CA9A5C-9767-4E0C-A4B8-825134840ADF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13CA9A5C-9767-4E0C-A4B8-825134840ADF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C8457E0-0265-45F3-91FA-0CF1C998DD2E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C8457E0-0265-45F3-91FA-0CF1C998DD2E} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21B8F382-8B7E-4BAE-888D-59E52D7F832E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21B8F382-8B7E-4BAE-888D-59E52D7F832E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SimpleFiles Installer Starter => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22395CA2-1FA7-444F-B866-E22F23D8D35B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22395CA2-1FA7-444F-B866-E22F23D8D35B} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{251C9D70-C59B-4346-8D23-12385B245F30} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{251C9D70-C59B-4346-8D23-12385B245F30} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2540F237-4F00-497D-9E99-AFE926CD0940} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2540F237-4F00-497D-9E99-AFE926CD0940} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3709CDC6-EF8F-4EEB-A6BD-ACFD1279F918} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3709CDC6-EF8F-4EEB-A6BD-ACFD1279F918} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{381EF91E-16A4-4FCA-9C96-5E6DB570E83B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{381EF91E-16A4-4FCA-9C96-5E6DB570E83B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C6D2117-47A0-4888-BF95-7860AFE2AAC6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C6D2117-47A0-4888-BF95-7860AFE2AAC6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4136C9B2-6CDC-4923-A589-505F742677EF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4136C9B2-6CDC-4923-A589-505F742677EF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41EB3524-F82C-4496-95E4-9AEF76637D32} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41EB3524-F82C-4496-95E4-9AEF76637D32} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A9205B3-344F-4745-913D-72788E3FAF03} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A9205B3-344F-4745-913D-72788E3FAF03} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58122E01-022B-4D32-8037-A0E2BACF8A0A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58122E01-022B-4D32-8037-A0E2BACF8A0A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59CAB280-1BC6-4466-8447-3F24BB9DA796} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59CAB280-1BC6-4466-8447-3F24BB9DA796} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{718AD78A-7726-41F1-906C-F0C7C5FE9942} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{718AD78A-7726-41F1-906C-F0C7C5FE9942} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79101417-42A6-4408-A447-DD8E8EB3E909} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79101417-42A6-4408-A447-DD8E8EB3E909} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A395EF2-CB56-485D-A2E2-AB2D3DD7A172} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A395EF2-CB56-485D-A2E2-AB2D3DD7A172} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DCBF260-D0C5-4341-BC64-3D893D428DA8} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DCBF260-D0C5-4341-BC64-3D893D428DA8} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82AA5CE4-41A2-435E-90AD-7ED5FAF801AA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82AA5CE4-41A2-435E-90AD-7ED5FAF801AA} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CEB6C2D-B287-4E58-B3B0-B5ED05B7828B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CEB6C2D-B287-4E58-B3B0-B5ED05B7828B} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8FC5574E-FFF2-4BF9-9825-532FD6676D45} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FC5574E-FFF2-4BF9-9825-532FD6676D45} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{912A3361-293B-4F50-977F-6FF60E5A26D6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{912A3361-293B-4F50-977F-6FF60E5A26D6} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93E10B5E-B869-48F1-9329-9BD6E935A5FB} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93E10B5E-B869-48F1-9329-9BD6E935A5FB} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\windealistSWU => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95332BE7-CD3D-4EBA-9C55-AF72B39117F8} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95332BE7-CD3D-4EBA-9C55-AF72B39117F8} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZKUKSKH => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{958D2E2A-B2AB-4221-AB82-0968D68212C1} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{958D2E2A-B2AB-4221-AB82-0968D68212C1} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A06EE362-F9F4-4155-8E04-BB3C4904C4FD} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A06EE362-F9F4-4155-8E04-BB3C4904C4FD} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UNELEVATE_13100 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD6E6D2E-46A3-48A7-BE53-527FAE1F036E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD6E6D2E-46A3-48A7-BE53-527FAE1F036E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE05A50C-2B13-4C67-BC46-A2CEEDFC36D7} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE05A50C-2B13-4C67-BC46-A2CEEDFC36D7} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7023B4F-4FEF-415E-9EB8-9353A6C09F47} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7023B4F-4FEF-415E-9EB8-9353A6C09F47} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C69AD0BB-A807-48C3-87C5-093422670DF9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C69AD0BB-A807-48C3-87C5-093422670DF9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D26255F8-30B6-4043-825E-D60AD171C0EC} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D26255F8-30B6-4043-825E-D60AD171C0EC} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D53ED639-E79F-4861-AC80-C18C2CA521BA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D53ED639-E79F-4861-AC80-C18C2CA521BA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D919F590-6AE0-46A4-9A55-868F1D7EFB7A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D919F590-6AE0-46A4-9A55-868F1D7EFB7A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E18E2435-4341-4763-840F-33EDFB501EC8} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E18E2435-4341-4763-840F-33EDFB501EC8} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7932BB7-14AE-4AF0-9BF2-000D261F1C9E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7932BB7-14AE-4AF0-9BF2-000D261F1C9E} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA0EA94F-7D53-410F-BC6E-AD5B349F81E7} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA0EA94F-7D53-410F-BC6E-AD5B349F81E7} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EF3368E9-2430-4343-9562-4698238EA964} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF3368E9-2430-4343-9562-4698238EA964} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Your File Updater => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F66EE7B0-9D3E-40E0-8804-1CD22A4C55BE} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F66EE7B0-9D3E-40E0-8804-1CD22A4C55BE} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD2110D2-B125-469C-A867-ABAB497409A3} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD2110D2-B125-469C-A867-ABAB497409A3} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => key removed successfully.
HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => key removed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 624229 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 131023891 B
Java, Flash, Steam htmlcache => 98456 B
Windows/system/drivers => 152811859 B
Edge => 91939630 B
Chrome => 737299620 B
Firefox => 197506346 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
boris => 4230943 B
willem => 72987 B
Edmee => 39415 B
DefaultAppPool => 0 B

RecycleBin => 11659817094 B
EmptyTemp: => 12.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:34:06 ====
 
Ik denk dat jouw Windows nu wel al sneller is.
Gebruik je geen schoonmaakprogramma?


Download
51a46ae42d560-malwarebytes_anti_malware.png
MalwareBytes Anti-Malware.

Let op bij de installatie van MBAM: in het laatste installatievenster staan twee vinkjes bij de meldingen,
haal nu het bovenste vinkje weg (MBAM als volledige demo-versie gebruiken) en maak de installatie af.
Daarna kan je Malwarebytes MBAM als gratis versie telken opnieuw gebruiken!

  • Windows 2000 en Windows XP: dubbelklik op mbam-setup.exe.
  • Windows Vista, Windows 7, Windows 8: en Windows 10: via rechtsklik op mbam-setup.exe en kies voor "Als Administrator uitvoeren".
  • Klik in het menu van Malwarebytes ANTI-MALWARE op Instellingen" en daar op "Detectie en Bescherming" en zet vervolgens een vinkje bij "Scan naar rootkits".
  • Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
  • Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
  • De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.

  • Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
  • Klik vervolgens op de knop Exporteer en kies de optie "Tekstbestand (*.txt)".
  • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog.
  • Kies bijvoorbeeld het bureaublad als opslaglocatie en klik vervolgens op de knop Opslaan.

  • Wanneer er wel bedreigingen zijn gedetecteerd klikt u na de scan op Acties toepassen.
  • Bij de melding om de computer opnieuw op te starten klikt u op Ja / Yes.
  • Open na de herstart MalwareBytes Anti-Malware en klik bovenaan op Historie en selecteer Programmalogboeken.
  • Klik op de nieuwste Scan Log.
  • Klik op "Exporteer" en kies de optie "Tekstbestand (*.txt)".
    5557b93ba94ab-Malwarebytes_Exporteer_ScanLog.png
  • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog.
  • Kies bijvoorbeeld het bureaublad als opslaglocatie en klik vervolgens op de knop Opslaan.
    532aab157609a-MBAM-Scan.png

MBAM-Log posten:
  • Kopieer nu de inhoud van het zojuist opgeslagen log en plak dit in uw nieuwe antwoord erbij.
 
Malwarebytes
www.malwarebytes.com

-Logboekdetails-
Scandatum: 14-02-17
Scantijd: 17:34
Logboekbestand: Logboek.txt
Beheerder: Ja

-Software-informatie-
Versie: 3.0.6.1469
Versie componenten: 1.0.50
Update pakketversie: 1.0.1064
Licentie: Proef

-Systeeminformatie-
Besturingssysteem: Windows 10
Processor: x86
Bestandssysteem: NTFS
Gebruiker: System

-Scansamenvatting-
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 471808
Verstreken tijd: 34 min, 14 sec

-Scanopties-
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Uitgeschakeld
POA: Ingeschakeld

-Scandetails-
Proces: 0
(Geen kwaadaardige items gedetecteerd)

Module: 0
(Geen kwaadaardige items gedetecteerd)

Registersleutel: 101
PUP.Optional.Incredibar, HKLM\SOFTWARE\CLASSES\APPID\{608D3067-77E8-463D-9084-908966806826}, In quarantaine, [8829], [169779],1.0.1064
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F}, In quarantaine, [11966], [169917],1.0.1064
PUP.Optional.MultiPlug, HKU\S-1-5-21-3915288326-451774416-4169082938-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}, In quarantaine, [191], [167497],1.0.1064
PUP.Optional.MultiPlug, HKU\S-1-5-21-3915288326-451774416-4169082938-1004_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}, In quarantaine, [191], [167497],1.0.1064
PUP.Optional.MyBrowser, HKLM\SOFTWARE\CLASSES\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}, In quarantaine, [1576], [169163],1.0.1064
PUP.Optional.Blabbers, HKLM\SOFTWARE\CLASSES\APPID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}, In quarantaine, [8726], [167709],1.0.1064
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In quarantaine, [9545], [188717],1.0.1064
PUP.Optional.Wajam, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In quarantaine, [131], [244687],1.0.1064
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, In quarantaine, [131], [-1],0.0.0
PUP.Optional.TabNav, HKLM\SOFTWARE\TABNAV, In quarantaine, [17566], [243913],1.0.1064
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\HD-Quality-3.1V21.04-nv, In quarantaine, [306], [237348],1.0.1064
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\HD-Quality-3.1V21.04-nv-ie, In quarantaine, [306], [237348],1.0.1064
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In quarantaine, [11134], [234975],1.0.1064
PUP.Optional.Blabbers, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\Blabbers, In quarantaine, [8726], [245965],1.0.1064
PUP.Optional.Cinema, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\CinemaP-1.8cV28.02-nv-ie, In quarantaine, [8284], [236453],1.0.1064
PUP.Optional.CrossBrowse, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\Crossbrowse, In quarantaine, [8018], [237104],1.0.1064
PUP.Optional.CrossBrowse, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\CrossBrowser, In quarantaine, [8018], [237104],1.0.1064
PUP.Optional.InstallCore, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\csastats, In quarantaine, [8], [260986],1.0.1064
PUP.Optional.FileScout, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\FileScout, In quarantaine, [8784], [238352],1.0.1064
PUP.Optional.GoHD, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\GoHDV28.02-nv-ie, In quarantaine, [7853], [238803],1.0.1064
PUP.Optional.CrossRider, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\HD-Quality-3.1V21.04-nv-ie, In quarantaine, [306], [237348],1.0.1064
PUP.Optional.HighDefAction, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\HighDefAction, In quarantaine, [17067], [239059],1.0.1064
PUP.Optional.HomeTab, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\HomeTab, In quarantaine, [8808], [239118],1.0.1064
PUP.Optional.InstallCore, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\ICSW1.22, In quarantaine, [8], [239562],1.0.1064
PUP.Optional.iWebar, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\iWebar-nv-ie, In quarantaine, [1864], [239643],1.0.1064
PUP.Optional.Jawego, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\jawego, In quarantaine, [2359], [351909],1.0.1064
PUP.Optional.ObjectBrowser, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\Object Browser-nv-ie, In quarantaine, [4203], [241274],1.0.1064
PUP.Optional.SearchProtect.AppFlsh, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\SearchProtectWS, In quarantaine, [2572], [253640],1.0.1064
PUP.Optional.SysTweak, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\systweak, In quarantaine, [320], [327156],1.0.1064
PUP.Optional.Tuto4PC, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\TutoTag, In quarantaine, [113], [244265],1.0.1064
PUP.Optional.Wajam, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\WajIntEnhance, In quarantaine, [131], [244671],1.0.1064
PUP.Optional.YorkNewCin, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\YorkNewCin, In quarantaine, [11184], [245167],1.0.1064
PUP.Optional.CinemaPlus, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\ARENAHD, In quarantaine, [2996], [236510],1.0.1064
PUP.Optional.Conduit, HKU\S-1-5-21-3915288326-451774416-4169082938-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In quarantaine, [714], [236865],1.0.1064
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In quarantaine, [714], [236865],1.0.1064
PUP.Optional.Conduit, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In quarantaine, [714], [236865],1.0.1064
PUP.Optional.PCCleanPlus, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\PC\CLEAN\Plus, In quarantaine, [62], [256462],1.0.1064
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\SYSTWEAK\ssd, In quarantaine, [13771], [190781],1.0.1064
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\AskPartnerNetwork, In quarantaine, [11210], [186877],1.0.1064
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\Crossbrowse, In quarantaine, [8018], [237107],1.0.1064
PUP.Optional.HighDefAction, HKLM\SOFTWARE\HighDefAction, In quarantaine, [17067], [239060],1.0.1064
PUP.Optional.IHProtect, HKLM\SOFTWARE\IHProtect, In quarantaine, [17077], [239373],1.0.1064
PUP.Optional.KeyFind.ShrtCln, HKLM\SOFTWARE\key-findSoftware, In quarantaine, [13817], [187468],1.0.1064
PUP.Optional.LuckyTab, HKLM\SOFTWARE\LuckyTab, In quarantaine, [12932], [240015],1.0.1064
PUP.Optional.MediaWatch, HKLM\SOFTWARE\MediaWatchV1, In quarantaine, [12941], [240273],1.0.1064
PUP.Optional.MBot, HKLM\SOFTWARE\MYBESTOFFERSTODAY, In quarantaine, [14389], [240129],1.0.1064
PUP.Optional.MyStartSearch.ShrtCln, HKLM\SOFTWARE\mystartsearchSoftware, In quarantaine, [13855], [188665],1.0.1064
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\omniboxesSoftware, In quarantaine, [13816], [187451],1.0.1064
PUP.Optional.PicColor, HKLM\SOFTWARE\PicColor Utility, In quarantaine, [4214], [241681],1.0.1064
PUP.Optional.WPM, HKLM\SOFTWARE\supWindowsMangerProtect, In quarantaine, [14809], [245116],1.0.1064
PUP.Optional.SysTweak, HKLM\SOFTWARE\systweak, In quarantaine, [320], [327155],1.0.1064
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\CRSBRWSHTML, In quarantaine, [8018], [237102],1.0.1064
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\Tutorials, In quarantaine, [113], [315599],1.0.1064
PUP.Optional.Vittalia, HKLM\SOFTWARE\Vittalia, In quarantaine, [1280], [315309],1.0.1064
PUP.Optional.Goobzo, HKLM\SOFTWARE\CLASSES\ShopperPro.ShopperProBHO.1, In quarantaine, [434], [185899],1.0.1064
PUP.Optional.Goobzo, HKLM\SOFTWARE\CLASSES\ShopperPro.ShopperProBHO, In quarantaine, [434], [185899],1.0.1064
PUP.Optional.Wajam, HKLM\SOFTWARE\WajIntEnhance, In quarantaine, [131], [244694],1.0.1064
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3E87EA0C-D5FA-4BD8-A9E1-C341F4B798F8}, In quarantaine, [13825], [234010],1.0.1064
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2865317, In quarantaine, [13825], [234010],1.0.1064
PUP.Optional.YorkNewCin, HKLM\SOFTWARE\YorkNewCin, In quarantaine, [11184], [245168],1.0.1064
PUP.Optional.CrossRider, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In quarantaine, [306], [237505],1.0.1064
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\Crossbrowse, In quarantaine, [8018], [237106],1.0.1064
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9423E5D1-7EB0-4E53-BE7F-6C7C74058A17}, In quarantaine, [11083], [253595],1.0.1064
PUP.Optional.Binkiland, HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\binkiland.exe, In quarantaine, [2937], [235826],1.0.1064
PUP.Optional.Binkiland, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elggllhppljlljkgfeokjpehmdamkejk, In quarantaine, [2937], [235822],1.0.1064
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\crossbrowse.exe, In quarantaine, [8018], [237110],1.0.1064
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LaunchSignup, In quarantaine, [307], [315080],1.0.1064
PUP.Optional.PCCleanPlus, HKLM\SOFTWARE\PC\CLEAN\Plus, In quarantaine, [62], [256464],1.0.1064
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\SYSTWEAK\PARAMS, In quarantaine, [345], [326817],1.0.1064
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SMupdate1, In quarantaine, [434], [238821],1.0.1064
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SPBIW_UpdateTask_Time_333932393432363732312d6c5b5a345b4132452d5a346c, In quarantaine, [434], [257737],1.0.1064
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\PARETOLOGIC\PC Health Advisor, In quarantaine, [2415], [366346],1.0.1064
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\SYSTWEAK\ssd, In quarantaine, [13771], [190782],1.0.1064
PUP.Optional.TornTV.OL, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Torntv, In quarantaine, [2094], [339894],1.0.1064
PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In quarantaine, [17673], [245008],1.0.1064
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, In quarantaine, [306], [237370],1.0.1064
PUP.Optional.Binkiland, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elggllhppljlljkgfeokjpehmdamkejk, In quarantaine, [2937], [235816],1.0.1064
PUP.Optional.Iminent, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In quarantaine, [3725], [239415],1.0.1064
PUP.Optional.CrossRider, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In quarantaine, [306], [237370],1.0.1064
PUP.Optional.Iminent, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In quarantaine, [3725], [239416],1.0.1064
PUP.Optional.SearchProtect.AppFlsh, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In quarantaine, [2572], [253633],1.0.1064
PUP.Optional.RegCleanPro, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\REG\Clean, In quarantaine, [1747], [347493],1.0.1064
PUP.Optional.Vosteran, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In quarantaine, [9545], [244628],1.0.1064
PUP.Optional.Wajam, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In quarantaine, [131], [244660],1.0.1064
PUP.Optional.OutBrowse, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\OB, In quarantaine, [468], [241463],1.0.1064
PUP.Optional.ParetoLogic, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\PARETOLOGIC\PC Health Advisor, In quarantaine, [2415], [366347],1.0.1064
PUP.Optional.CinemaPlus, HKLM\SOFTWARE\ARENAHD, In quarantaine, [2996], [236526],1.0.1064
PUP.Optional.CleanMyPC, HKLM\SOFTWARE\REG\Clean, In quarantaine, [2234], [348488],1.0.1064
PUP.Optional.GlobalUpdate, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, In quarantaine, [962], [238772],1.0.1064
PUP.Optional.Blabbers, HKLM\SOFTWARE\CLASSES\APPID\wit4ie.DLL, In quarantaine, [8726], [235854],1.0.1064
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6A716181-31AB-409E-8AC9-A75EF3F1EDAA}, In quarantaine, [307], [315079],1.0.1064
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{767D5869-C460-488E-8354-1026F2A18F19}, In quarantaine, [434], [258229],1.0.1064
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A912A67E-40DF-4D4A-99BE-A727FEA351D4}, In quarantaine, [434], [183636],1.0.1064
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\crossbrowse.exe, In quarantaine, [8018], [237112],1.0.1064
PUP.Optional.ShopperPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\ShopperPro.exe, In quarantaine, [1044], [243018],1.0.1064
PUP.Optional.AdvancedSystemProtector, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\SYSTWEAK\PARAMS, In quarantaine, [345], [326825],1.0.1064
PUP.Optional.KeepMySearch, HKU\S-1-5-21-3915288326-451774416-4169082938-1000_Classes\keepmysearch, In quarantaine, [17125], [239725],1.0.1064
PUP.Optional.MultiPlug, HKU\S-1-5-21-3915288326-451774416-4169082938-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, In quarantaine, [191], [247117],1.0.1064
PUP.Optional.MultiPlug, HKU\S-1-5-21-3915288326-451774416-4169082938-1001_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, In quarantaine, [191], [247117],1.0.1064
PUP.Optional.MultiPlug, HKU\S-1-5-21-3915288326-451774416-4169082938-1004_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, In quarantaine, [191], [247117],1.0.1064
PUP.Optional.MultiPlug, HKU\S-1-5-21-3915288326-451774416-4169082938-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, In quarantaine, [191], [247117],1.0.1064

Registerwaarde: 39
PUP.Optional.EazelBar, HKLM\SOFTWARE\CLASSES\TOOLBAR.BANDOBJECT.1|CLSID, In quarantaine, [248], [316656],1.0.1064
PUP.Optional.Binkiland, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|APPPATH, In quarantaine, [2937], [235824],1.0.1064
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In quarantaine, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In quarantaine, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-3915288326-451774416-4169082938-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In quarantaine, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-3915288326-451774416-4169082938-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In quarantaine, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In quarantaine, [131], [-1],0.0.0
PUP.Optional.TabNav, HKLM\SOFTWARE\TABNAV|AFFID, In quarantaine, [17566], [243913],1.0.1064
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In quarantaine, [2572], [-1],0.0.0
PUP.Optional.CinemaPlus, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\ARENAHD|VALUE, In quarantaine, [2996], [236510],1.0.1064
PUP.Optional.Conduit, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In quarantaine, [714], [236865],1.0.1064
PUP.Optional.Conduit, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, In quarantaine, [714], [236865],1.0.1064
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.XHT\OPENWITHPROGIDS|CRSBRWSHTML, In quarantaine, [8018], [251992],1.0.1064
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.SHTML\OPENWITHPROGIDS|CRSBRWSHTML, In quarantaine, [8018], [251990],1.0.1064
PUP.Optional.EazelBar, HKLM\SOFTWARE\CLASSES\TOOLBAR.BANDOBJECT|CLSID, In quarantaine, [248], [316657],1.0.1064
PUP.Optional.PCTuner, HKLM\SOFTWARE\HIGHDEFACTION|VALUE, In quarantaine, [14470], [241635],1.0.1064
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9423E5D1-7EB0-4E53-BE7F-6C7C74058A17}|APPPATH, In quarantaine, [11083], [253595],1.0.1064
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\SYSTWEAK\PARAMS|ASPINSTALLEDPATH, In quarantaine, [345], [326817],1.0.1064
PUP.Optional.SearchEngine, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|SEARCHENGINE@GMAIL.COM, In quarantaine, [14585], [242695],1.0.1064
PUP.Optional.FFToolbar, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|FFTOOLBAR2014@ETECH.COM, In quarantaine, [14178], [238347],1.0.1064
PUP.Optional.CrossBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{3AEF798B-A124-486F-B279-8AB1B143462E}, In quarantaine, [8018], [257551],1.0.1064
PUP.Optional.PCTuner, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\HIGHDEFACTION|VALUE, In quarantaine, [14470], [241632],1.0.1064
PUP.Optional.OutBrowse, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\OB|MONITYPE15, In quarantaine, [468], [241463],1.0.1064
PUP.Optional.OutBrowse, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\OB|MONITYPE1, In quarantaine, [468], [241463],1.0.1064
PUP.Optional.OutBrowse, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\OB|MONITYPE9, In quarantaine, [468], [241463],1.0.1064
PUP.Optional.CinemaPlus, HKLM\SOFTWARE\ARENAHD|VALUE, In quarantaine, [2996], [236526],1.0.1064
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.HTML\OPENWITHPROGIDS|CRSBRWSHTML, In quarantaine, [8018], [237101],1.0.1064
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.WEBP\OPENWITHPROGIDS|CRSBRWSHTML, In quarantaine, [8018], [251991],1.0.1064
PUP.Optional.EazelBar, HKLM\SOFTWARE\CLASSES\TOOLBAR.TOOLBARHELPEROBJECT|CLSID, In quarantaine, [248], [316655],1.0.1064
PUP.Optional.GlobalUpdate, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|SOURCE, In quarantaine, [962], [238772],1.0.1064
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.HTM\OPENWITHPROGIDS|CRSBRWSHTML, In quarantaine, [8018], [237100],1.0.1064
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, In quarantaine, [8018], [251993],1.0.1064
PUP.Optional.EazelBar, HKLM\SOFTWARE\CLASSES\APPID\TOOLBAR.DLL|APPID, In quarantaine, [248], [316653],1.0.1064
PUP.Optional.EazelBar, HKLM\SOFTWARE\CLASSES\TOOLBAR.TOOLBARHELPEROBJECT.1|CLSID, In quarantaine, [248], [316654],1.0.1064
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6A716181-31AB-409E-8AC9-A75EF3F1EDAA}|PATH, In quarantaine, [307], [315079],1.0.1064
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{767D5869-C460-488E-8354-1026F2A18F19}|PATH, In quarantaine, [434], [258229],1.0.1064
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A912A67E-40DF-4D4A-99BE-A727FEA351D4}|PATH, In quarantaine, [434], [183636],1.0.1064
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\REGISTEREDAPPLICATIONS|CROSSBROWSE, In quarantaine, [8018], [237113],1.0.1064
PUP.Optional.AdvancedSystemProtector, HKU\S-1-5-21-3915288326-451774416-4169082938-1000\SOFTWARE\SYSTWEAK\PARAMS|ASPINSTALLEDPATH, In quarantaine, [345], [326825],1.0.1064

Registerdata: 0
(Geen kwaadaardige items gedetecteerd)

Gegevensstroom: 0
(Geen kwaadaardige items gedetecteerd)

Map: 26
PUP.Optional.ParetoLogic, C:\PROGRAMDATA\ParetoLogic\PC Health Advisor, In quarantaine, [2415], [366052],1.0.1064
PUP.Optional.Jawego, C:\USERS\BORIS\APPDATA\ROAMING\Jawego, In quarantaine, [2359], [348970],1.0.1064
PUP.Optional.LuckyTab, C:\USERS\BORIS\APPDATA\ROAMING\Microsoft\Windows\Start Menu\LuckyTab, In quarantaine, [12932], [178026],1.0.1064
PUP.Optional.ParetoLogic, C:\USERS\BORIS\APPDATA\ROAMING\ParetoLogic\PC Health Advisor, In quarantaine, [2415], [366052],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Administrator\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Administrator\AppData\Local\Crossbrowse\Crossbrowse\User Data, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Administrator\AppData\Local\Crossbrowse\Crossbrowse, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\Crossbrowse, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse\User Data, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\USERS\EDMEE\APPDATA\LOCAL\Crossbrowse, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Guest\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Guest\AppData\Local\Crossbrowse\Crossbrowse\User Data, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Guest\AppData\Local\Crossbrowse\Crossbrowse, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\USERS\GUEST\APPDATA\LOCAL\Crossbrowse, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse\Crossbrowse\User Data, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse\Crossbrowse, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\USERS\HOMEGROUPUSER$\APPDATA\LOCAL\Crossbrowse, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\USERS\WILLEM\APPDATA\LOCAL\Crossbrowse, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CROSSBROWSE, In quarantaine, [8018], [176311],1.0.1064
PUP.Optional.BrowserHelper, C:\USERS\BORIS\APPDATA\LOCAL\BROWSERHELPER, In quarantaine, [13967], [302247],1.0.1064

Bestand: 39
PUP.Optional.LuckyTab, C:\Users\boris\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab\Get Lucky.lnk, In quarantaine, [12932], [178026],1.0.1064
PUP.Optional.LuckyTab, C:\Users\boris\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab\Help.lnk, In quarantaine, [12932], [178026],1.0.1064
PUP.Optional.ParetoLogic, C:\Users\boris\AppData\Roaming\ParetoLogic\PC Health Advisor\Client.txt, In quarantaine, [2415], [366052],1.0.1064
PUP.Optional.ParetoLogic, C:\Users\boris\AppData\Roaming\ParetoLogic\PC Health Advisor\Server.txt, In quarantaine, [2415], [366052],1.0.1064
PUP.Optional.MultiPlug, C:\PROGRAMDATA\NTUSER.POL, In quarantaine, [191], [-1],0.0.0
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cookies, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Current Session, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Current Tabs, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Favicons, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\History, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Last Session, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Last Tabs, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Shortcuts, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Top Sites, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Visited Links, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\Edmee\AppData\Local\Crossbrowse\Crossbrowse\User Data\Local State, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Bookmarks, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cookies, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Current Session, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Current Tabs, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Favicons, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\History, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Last Session, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Last Tabs, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Shortcuts, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Top Sites, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Visited Links, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.CrossBrowse, C:\Users\willem\AppData\Local\Crossbrowse\Crossbrowse\User Data\Local State, In quarantaine, [8018], [176308],1.0.1064
PUP.Optional.Conduit, C:\USERS\BORIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4XD7I1I0.DEFAULT\PREFS.JS, Vervangen, [714], [301520],1.0.1064
PUP.Optional.Conduit, C:\USERS\BORIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4XD7I1I0.DEFAULT\PREFS.JS, Vervangen, [714], [303091],1.0.1064
Trojan.Injector.BHO, C:\SETTINGS.INI, In quarantaine, [19833], [302129],1.0.1064
PUP.Optional.BrowserHelper, C:\USERS\BORIS\APPDATA\LOCAL\BROWSERHELPER\BROWSERHELPER.TXT, In quarantaine, [13967], [302247],1.0.1064
PUP.Optional.BrowserHelper, C:\Users\boris\AppData\Local\BrowserHelper\BrowserHelperBk.txt, In quarantaine, [13967], [302247],1.0.1064
PUP.Optional.SysTweak, C:\USERS\BORIS\APPDATA\LOCAL\JAWEGO\PC PROTECTOR PLUS\PCPLUSCONTEXTHELPER32.DLL, In quarantaine, [320], [310352],1.0.1064
PUP.Optional.InstallCore, C:\USERS\BORIS\DOWNLOADS\BITLORDSETUP.EXE, In quarantaine, [8], [369994],1.0.1064
PUP.Optional.Solvusoft, C:\USERS\BORIS\DOWNLOADS\SETUP_DRIVERDOC_2016.EXE, In quarantaine, [446], [331663],1.0.1064
PUP.Optional.Solvusoft, C:\USERS\BORIS\DOWNLOADS\SETUP_DRIVERDOC_2016 (1).EXE, In quarantaine, [446], [331663],1.0.1064
PUP.Optional.Binkiland, C:\USERS\BORIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SECURE PREFERENCES, Vervangen, [2937], [302834],1.0.1064
PUP.Optional.Binkiland, C:\USERS\BORIS\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\FavIcon.icoWSE_Binkiland, In quarantaine, [2937], [235812],1.0.1064

Fysieke sector: 0
(Geen kwaadaardige items gedetecteerd)


(end)
 
Dat was een behoorlijke opschoning.
Maar vermoedelijk zijn we er nog niet.


Graag de twee logs in n keer posten - gebruik de tools in de volgorde zoals aangegeven.

Stap 1
Download
51e281a62c183-Junkware_Removal_Tool_icon_Canned_1351185104.png.jpg
Junkware Removal Tool by Thisisu.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
  • Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.:
  • Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
  • Dat tijdens de scan van JRT.exe tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.
Junkware Removal Tool by Thisisu opstarten:
  • Windows 2000 en Windows XP: dubbelklik op JRT.exe.
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op JRT.exe en kies voor "Als Administrator uitvoeren".
  • JRT.exe zal daarna Windows gaan scannen.
  • Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig.
  • Indien de scan voltooid is, zal een logje (JRT.txt) op het bureaublad opgeslagen worden en automatisch openen.
  • Post de inhoud van dit log in je volgende bericht.

Stap 2
Download
52186926180a1-adwcleaner_nieuw.png
AdwCleaner by Xplode.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
AdwCleaner opstarten:
  • Windows 2000 en Windows XP: dubbelklik op adwcleaner.exe.
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".
AdwCleaner is opgestart:
  • Klik op de knop Scan
  • Is de scan gereed, klik dan op de knop Verwijderen
  • Klik bij AdwCleaner Afsluiting van de programma's op OK
  • Klik bij AdwCleaner Herstarten noodzakelijk op OK
AdwCleaner logbestand:
  • Nadat de PC opnieuw is opgestart, opent een logfile.
  • Ingeval het log niet opent, is dit alsnog terug te vinden in C:\AdwCleaner\AdwCleaner[R0, of 1, of 2].txt
  • Post vervolgens de inhoud van dit log in je volgende bericht.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x86
Ran by boris (Administrator) on wo 15-02-2017 at 11:04:05,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 20

Successfully deleted: C:\Users\boris\AppData\Local\{1D3A1A7A-5E3F-413A-AC91-B781C33A1C96} (Empty Folder)
Successfully deleted: C:\Users\boris\AppData\Local\{2F433D9A-4EB2-4AD1-8C0B-35FA83CF0852} (Empty Folder)
Successfully deleted: C:\Users\boris\AppData\Local\{2F9C5C8F-1C3A-4344-A15C-2C148F5B9DB4} (Empty Folder)
Successfully deleted: C:\Users\boris\AppData\Local\{57D29E5B-4CCB-4A4A-87E7-DC5DABA411EE} (Empty Folder)
Successfully deleted: C:\Users\boris\AppData\Local\{6CC9F109-5907-40AE-A5F9-E5560501130B} (Empty Folder)
Successfully deleted: C:\Users\boris\AppData\Local\{85B1098D-7211-482C-9A4A-97BDA046A099} (Empty Folder)
Successfully deleted: C:\Users\boris\AppData\Local\{94DA6E4C-A996-4406-88CF-624571DAF035} (Empty Folder)
Successfully deleted: C:\Users\boris\AppData\Local\{A24B4E3F-59C9-4423-94E9-94F5EB255D15} (Empty Folder)
Successfully deleted: C:\Users\boris\AppData\Local\{A36318AC-AE78-4655-B4DA-F877241E69DD} (Empty Folder)
Successfully deleted: C:\Users\boris\AppData\Local\{B5424F4E-A8F8-4D6F-9989-C0E38B6469E0} (Empty Folder)
Successfully deleted: C:\Users\boris\AppData\Local\{D1268E06-40D4-4C49-9100-0E54E0BFE507} (Empty Folder)
Successfully deleted: C:\Users\boris\AppData\Local\{D3DE02F9-18D5-4DB0-A05A-298AD1D5E3AB} (Empty Folder)
Successfully deleted: C:\Users\boris\AppData\Local\{F02E1C72-3596-499A-A983-CCE5F0938438} (Empty Folder)
Successfully deleted: C:\Users\boris\AppData\Local\clickpotatolitesa (Folder)
Successfully deleted: C:\Users\boris\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\boris\AppData\Local\jawego (Folder)
Successfully deleted: C:\Users\boris\AppData\Roaming\drivercure (Folder)
Successfully deleted: C:\Users\boris\AppData\Roaming\miniget (Folder)
Successfully deleted: C:\Users\boris\AppData\Roaming\Mozilla\Firefox\Profiles\4xd7i1i0.default\Invalidprefs.js (File)
Successfully deleted: C:\Program Files\miniget (Folder)



Registry: 4

Successfully deleted: HKLM\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on wo 15-02-2017 at 11:08:31,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



# AdwCleaner v6.043 - Logfile created 15/02/2017 at 11:19:17
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Pro (X86)
# Username : boris - BORIS-PC
# Running from : C:\Users\boris\Downloads\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\boris\AppData\Roaming\ParetoLogic
[-] Folder deleted: C:\Users\boris\AppData\Roaming\PCPRJ
[#] Folder deleted on reboot: C:\Users\boris\AppData\Roaming\PARETOLOGIC
[-] Folder deleted: C:\ProgramData\ParetoLogic
[#] Folder deleted on reboot: C:\ProgramData\PARETOLOGIC
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ParetoLogic
[#] Folder deleted on reboot: C:\ProgramData\Application Data\PARETOLOGIC
[-] Folder deleted: c:\TEMP\DriverUpdaterPlus
[-] Folder deleted: C:\Users\boris\AppData\Local\Geckofx
[-] Folder deleted: C:\Users\willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
[-] Folder deleted: C:\Users\willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\system32\lavasofttcpservice.dll
[-] File deleted: C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
[-] File deleted: C:\Users\Public\Documents\report.dat
[-] File deleted: C:\Users\boris\AppData\Roaming\Mozilla\Firefox\Profiles\4xd7i1i0.default\searchplugins\bing-lavasoft.xml
[-] File deleted: C:\Users\willem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage
[-] File deleted: C:\Users\willem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal
[-] File deleted: C:\Users\willem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oadboiipflhobonjjffjbfekfjcgkhco_0.localstorage
[-] File deleted: C:\Users\willem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oadboiipflhobonjjffjbfekfjcgkhco_0.localstorage-journal
[-] File deleted: C:\Users\willem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nl.reimageplus.com_0.localstorage
[-] File deleted: C:\Users\willem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nl.reimageplus.com_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: Microsoft\Windows\Multimedia\SMupdate3


***** [ Registry ] *****

[-] Key deleted: HKCU\Software\5c6dadae768ed44
[-] Key deleted: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Key deleted: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
[-] Key deleted: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Extension.jshep
[-] Key deleted: HKLM\SOFTWARE\Classes\Extension.jshep.1
[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: HKLM\SOFTWARE\Classes\TornTvDownloader.File
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{94CB6BE7-AE1A-4751-AE74-1EDD6B567264}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{37211D63-CCE9-4780-B182-96538CFC6FED}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8B9C4F32-044E-491C-893E-362CB8A679D5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CF2BF214-9D1E-4803-9AEB-38552615FD40}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\BI
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\BrowserCompanion
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\estdemin
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\GlobalUpdate
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\Kromtech
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\Mozilla\Extends
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\ShopperPro
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\simplytech
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\WEBAPP
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\YourFileDownloader
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\PC
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\Event Monitor
[#] Key deleted on reboot: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\SIMPLYTECH
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\YTDownloader
[#] Key deleted on reboot: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1000\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3915288326-451774416-4169082938-1000\Software\bbrs_002.tb
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3915288326-451774416-4169082938-1000\Software\Blabbers
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3915288326-451774416-4169082938-1000\Software\SweetIM
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1001\Software\InstalledBrowserExtensions
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1001\Software\Myfree Codec
[-] Key deleted: HKU\S-1-5-21-3915288326-451774416-4169082938-1004\Software\InstalledBrowserExtensions
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\BI
[#] Key deleted on reboot: HKCU\Software\BrowserCompanion
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\estdemin
[#] Key deleted on reboot: HKCU\Software\GlobalUpdate
[#] Key deleted on reboot: HKCU\Software\Kromtech
[#] Key deleted on reboot: HKCU\Software\Mozilla\Extends
[#] Key deleted on reboot: HKCU\Software\ParetoLogic
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\ShopperPro
[#] Key deleted on reboot: HKCU\Software\simplytech
[#] Key deleted on reboot: HKCU\Software\WEBAPP
[#] Key deleted on reboot: HKCU\Software\YourFileDownloader
[#] Key deleted on reboot: HKCU\Software\PC
[#] Key deleted on reboot: HKCU\Software\Event Monitor
[#] Key deleted on reboot: HKCU\Software\SIMPLYTECH
[#] Key deleted on reboot: HKCU\Software\YTDownloader
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\EazelBar
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\AIM Toolbar
[-] Key deleted: HKLM\SOFTWARE\BrowserCompanion
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\Email Notifier
[-] Key deleted: HKLM\SOFTWARE\GlobalUpdate
[-] Key deleted: HKLM\SOFTWARE\Jawego
[-] Key deleted: HKLM\SOFTWARE\ParetoLogic
[-] Key deleted: HKLM\SOFTWARE\Pirrit
[-] Key deleted: HKLM\SOFTWARE\RST
[-] Key deleted: HKLM\SOFTWARE\SI-App
[-] Key deleted: HKLM\SOFTWARE\SimpleFiles
[-] Key deleted: HKLM\SOFTWARE\SiteSee
[-] Key deleted: HKLM\SOFTWARE\SpeedBit
[-] Key deleted: HKLM\SOFTWARE\SupDp
[-] Key deleted: HKLM\SOFTWARE\Tarma Installer
[-] Key deleted: HKLM\SOFTWARE\Upt
[-] Key deleted: HKLM\SOFTWARE\Video Player
[-] Key deleted: HKLM\SOFTWARE\VideoPlayerV3
[-] Key deleted: HKLM\SOFTWARE\WinUpd
[-] Key deleted: HKLM\SOFTWARE\YourFileDownloader
[-] Key deleted: HKLM\SOFTWARE\PC
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\Event Monitor
[#] Key deleted on reboot: HKLM\SOFTWARE\SUPDP
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\iedll.dll
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\mseff32.DLL
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.newtabpage.url" - "hxxp://www.bing.com/?pc=COSP&ptag=D072716-AA7EB18D72D&form=CONMHP&conlogo=CT3335454"
[-] [C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M01E5793E-A347-4E91-8C0A-5E56196B4131&SearchSource=55&CUI=&UM=8&UP=SPE9BA70BA-7CC0-43B8-AB7C-4F6765A29FB9&D=032115&SSPV=SP2220TA_sp_ch
[-] [C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.mystartsearch.com/?type=hppp&ts=1425149725&from=ima&uid=MaxtorX6Y080L0_Y2AKN7ZC
[-] [C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://binkiland.com/?f=7&a=bnk_ir_15_11&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDyCtDtAyEtB0F0C0DtCyDtN0D0Tzu0StCtCyCzztN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0FzyzytAzytB0BtG0Bzy0BzytGzzyC0FtDtGtC0EtBtCtGyCyB0AtAyCzy0FtCyDzz0C0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtDyCtAtDyB0FtG0C0E0AyBtGyE0Czz0AtG0A0CyC0AtG0ByC0EyEzz0B0Czz0AtC0C0F2Q&cr=2045885007&ir=
[-] [C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default] [favicon_url] Deleted: hxxp://www.mystartsearch.com/webfavicon.ico
[-] [C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: blmchfpimpbbdmgpcieclabeafkljbhm
[-] [C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bmkckgpgekmanipelfidlhmkfcjicion
[-] [C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: elggllhppljlljkgfeokjpehmdamkejk
[-] [C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fjfiaeaopgmgbenipljajjipecobmbni
[-] [C:\Users\boris\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [17618 Bytes] - [15/02/2017 11:19:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [16463 Bytes] - [15/02/2017 11:16:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [17766 Bytes] ##########
 
Zo, weer een grandioze opruiming.

Nu gaan we de Eset Online Scanner gebruiken.

Die scan kan even duren.
 
Ik wil je HEEL erg bedanken met de hulp tot nu toe! Echt geweldig.

Ik zie dat, ondanks de eerdere scans, de zoekmachines nog steeds actief zijn op mijn pc. Desondanks heb ik wel gezien dat een hoop andere rotzooi door middel van de eerdere scans verwijderd is van mijn pc. Ik hou hoop dat de eerder genoemde zoekmachines snel verdwijnen...

Ik ga nu de Eset online scanner downloaden en toepassen!

Groetjes,

--- Update ---

Hoi!

Ondanks alle virusscans en de zeer grote opschoning van mijn pc, zijn de vervelende zoekmachines nog steeds aanwezig. Ik ben onderhand bang dat ik er nooit meer van af kom.. De virusscans hebben in dat opzicht dus niet gewerkt -_-:eek:

Abraham, heb je wellicht nog enige suggesties of tips hieromtrent?

Groetjes,
 
Laatst bewerkt door een moderator:
Ja, enkel in Google Chrome :huh:
 
Doe onderstaande stappen in de opgegeven volgorde.

Stap 1
Google Chrome Browserinstellingen terugzetten:
  • Open Google Chrome en klik rechtsboven op het icoon met de drie streepjes.
  • Selecteer Instellingen.
  • Klik onderaan op Geavanceerde instellingen weergeven.
  • Klik onder het gedeelte 'Instellingen opnieuw instellen' op Instellingen opnieuw instellen.
    chromereset.png
  • Klik op Terugzetten in het dialoogvenster dat wordt weergegeven.
  • Sluit Google Chrome af om de wijzigingen door te voeren.


Stap 2
Google Chrome Synchronisatie resetten:
  • Open Google Chrome, log in het met het Google account en klik rechtsboven op het icoon met de drie streepjes.
  • Klik op Instellingen
  • Klik nu op de optie Google dashbord.
  • Klik vervolgens in het nieuwe tabblad op de knop Stopzetten en wissen.
  • Klik in het scherm wat nu verschijnt op OK
    5309c5cd05853-chrome.png
  • Het kan enkele uren duren voordat de wijzigingen zijn doorgevoerd.
  • Log vervolgens uit op Google Chrome.
  • Log na enkele uren even opnieuw in en kijk of de wijzigingen inmiddels zijn doorgevoerd en de problemen daarmee zijn verholpen.


Notabene: Gebruik jij wel Google Chrome maar heb je niet de Google Sync geactiveerd, dan sla je stap 2 over.
 
Ha! Die laatste heeft wel gewerkt!

Tot dusver zijn de zoekmachines niet terug gekomen.. geweldig!

Ik wil je (nogmaals) heel erg bedanken voor je tijd en moeite, Abraham. De zoekmachines zijn weg, en boven dat is heel veel rommel van mijn pc verwijderd door jouw tips!

Groetjes,
 
Voordat we gaan opruimen graag nu eerst het volgende doen: download
522adc2487fb5-SecurityCheck_cannednieuw.jpg
Security Check
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
SecurityCheck.exe opstarten:
  • Windows 2000 en Windows XP: dubbelklik op SecurityCheck.exe.
  • Windows Vista, Windows 7[/color, Windows 8: en Windows 10: rechtsklik op SecurityCheck.exe en kies "Als Administrator uitvoeren".
    [*]Let op de instrukties in het zwarte venster.
    [*]Een Kladblok document genaamd checkup.txt dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*]Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.

Post de inhoud van checkup.txt in jouw volgende post
 
Results of screen317's Security Check version 1.014 --- 12/23/15
x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 111
Java version 32-bit out of Date!
Adobe Flash Player 24.0.0.186
Mozilla Firefox (46.0.1)
Google Chrome (56.0.2924.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MpCmdRun.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
 
De Adobe Flasplayer is verouderd.

Schakel de Windows Update in en laat die naar updates zoeken.
Op die wijze update je de Flashplayer voor Windows.


Adobe Flash Player Firefox
Ga daarna met Firefox naar http://get.adobe.com/nl/flashplayer/; vink dan eerst de meeliftende software uit en download dan het setupbestand van de Flashplayer versie 23.0.0.185 voor Firefox.
Sluit vervolgens Firefox en installeer dan vervolgens de Flashplayer plug-in.


In Programma's en Onderdelen van het Configuratiescherm moet dan Adobe Flashplayer in de versie 24.0.0.221 te vinden zijn.


Java is verouderd.

Java
Download eerst Java SE Runtime Environment 8 8 Update 121 Windows Offline (32-bits) bestandsgrootte: 53,81 MB

Echter nog niet de nieuwe versie installeren!

Ga daarna eerst naar het Configuratiescherm
  • Software - Windows 2000/Windows XP
  • Programma's en onderdelen - Windows Vista, Windows 7, Windows 8 en Windows 10
en verwijder daar Java 8 Update 111


Belangrijk: start nu eerst uw PC of notebook opnieuw op, zodat de oude Java instellingen verwijderd worden.
Nadat de computer opnieuw is opgestart, mag de nieuwste Java versie genstalleerd worden.
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan