Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Gebruiker on ma 17-03-2014 at 12:41:52,50. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Desktop\zoek(1).exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 17-3-2014 12:44:30 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Movdap deleted successfully C:\PROGRA~2\TomTom DesktopSuite deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Adobe deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\Mic deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Gebruiker\AppData\Local\Adobe deleted successfully C:\Users\Gebruiker\AppData\Local\VirtualStore deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2027060751-2346385369-3789192830-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-2027060751-2346385369-3789192830-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ASUS VivoBook Adobe Digital Editions 2.0 Adobe Flash Player 12 Plugin Apple Application Support Apple Software Update ASUS InstantOn ASUS Smart Gesture Atheros Outlook Addin 2010 ATK Package Avira Antivirus Premium b-PAC Client Component Bridge met Berry (remove only) CCleaner Citrix Online Launcher Cub Rummi Lite versie 1.0.21 Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition eLicenser Control FileZilla Client 3.6.0.2 Fingertips version 2.4.3 (gamma) FreeMind GemistDownloader-plugin GemistDownloader Glary Utilities 4.0 Google Earth Plug-in Google Update Helper GoToMeeting 5.9.0.1207 Intel(R) Dynamic Platform and Thermal Framework Intel(R) Processor Graphics IZArc 4.1.1 Java 7 Update 25 (64-bit) Java 7 Update 51 Java Auto Updater Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Professional Plus 2013 - nl-nl Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 32-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft OneDrive Microsoft Silverlight Microsoft SQL Server 2012 PowerPivot voor Excel 64-bits Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mijn Internet Club (remove only) Mozilla Firefox 27.0.1 (x86 nl) Mozilla Maintenance Service NoteWorthy Composer 2 Viewer Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component OGA Notifier 2.0.0048.0 PDF-XChange Editor Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Client Installation Program QuickTime 7 RegClean Pro Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition SkypeT 6.2 Speccy SUPERAntiSpyware TomTom HOME TomTom HOME Visual Studio Merge Modules Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition WaveLab LE 7 Windows-stuurprogrammapakket - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) XMind 2013 (v3.4.1) ==== Running Processes ====================== C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe E:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe E:\Program Files (x86)\Glary Utilities 4\Integrator.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Gebruiker\Desktop\zoek(1).exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\8n5q4ffh.default ---- Lines mixidj removed from prefs.js ---- user_pref("extensions.mixidj.admin", false); user_pref("extensions.mixidj.aflt", "babsst"); user_pref("extensions.mixidj.appId", "{A2773ED4-83BD-488A-A186-73590706C916}"); user_pref("extensions.mixidj.autoRvrt", "false"); user_pref("extensions.mixidj.dfltLng", "nl"); user_pref("extensions.mixidj.excTlbr", false); user_pref("extensions.mixidj.ffxUnstlRst", false); user_pref("extensions.mixidj.id", "1625daab0000000000006c71d908b3f0"); user_pref("extensions.mixidj.instlDay", "15932"); user_pref("extensions.mixidj.instlRef", "sst"); user_pref("extensions.mixidj.newTab", false); user_pref("extensions.mixidj.prdct", "mixidj"); user_pref("extensions.mixidj.prtnrId", "mixidj"); user_pref("extensions.mixidj.rvrt", "false"); user_pref("extensions.mixidj.smplGrp", "none"); user_pref("extensions.mixidj.tlbrId", "baseyh"); user_pref("extensions.mixidj.tlbrSrchUrl", ""); user_pref("extensions.mixidj.vrsn", "1.8.18.8"); user_pref("extensions.mixidj.vrsnTs", "1.8.18.817:16:30"); user_pref("extensions.mixidj.vrsni", "1.8.18.8"); ---- Lines mixidj removed from user.js ---- user_pref("extensions.mixidj.tlbrSrchUrl", ""); user_pref("extensions.mixidj.id", "1625daab0000000000006c71d908b3f0"); user_pref("extensions.mixidj.appId", "{A2773ED4-83BD-488A-A186-73590706C916}"); user_pref("extensions.mixidj.instlDay", "15932"); user_pref("extensions.mixidj.vrsn", "1.8.18.8"); user_pref("extensions.mixidj.vrsni", "1.8.18.8"); user_pref("extensions.mixidj.vrsnTs", "1.8.18.817:16:30"); user_pref("extensions.mixidj.prtnrId", "mixidj"); user_pref("extensions.mixidj.prdct", "mixidj"); user_pref("extensions.mixidj.aflt", "babsst"); user_pref("extensions.mixidj.smplGrp", "none"); user_pref("extensions.mixidj.tlbrId", "baseyh"); user_pref("extensions.mixidj.instlRef", "sst"); user_pref("extensions.mixidj.dfltLng", "nl"); user_pref("extensions.mixidj.excTlbr", false); user_pref("extensions.mixidj.ffxUnstlRst", false); user_pref("extensions.mixidj.admin", false); user_pref("extensions.mixidj.autoRvrt", "false"); user_pref("extensions.mixidj.rvrt", "false"); user_pref("extensions.mixidj.newTab", false); ---- Lines mindspark removed from prefs.js ---- user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com"); ---- Lines crossrider removed from prefs.js ---- user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_meta.value", "%7B%22images/ user_pref("extensions.crossrider.bic", "143be068e34fb808d1564430c84d7ecc"); ---- Lines a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383 removed from prefs.js ---- user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841a user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841a user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.active", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.addressbar", "NA"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.addressbarenhanced", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.asyncdb.was_copied", "true"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.asyncdb_dbWasSet", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.asyncdb_dbWasSet_FF25_FIX", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.asyncinternaldb.was_copied", "true"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.asyncinternaldb_dbWasSet", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.asyncinternaldb_dbWasSet_FF25_FIX", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.backgroundver", 4); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.certdomaininstaller", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.changeprevious", false); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.cookie.InstallationTime.expiration", "Fri Feb 01 user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.cookie.InstallationTime.value", "1390462537"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.description", "Helpt je met het downloaden met G user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.domain", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.enablesearch", false); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.homepage", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.iframe", false); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.InstallationThankYouPage", false); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.InstallationTime", 1390462537); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.installer.expiration", "Fri Feb 01 20 user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.installer.value", "%7B%22InstallerIde user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.InstallerIdentifiers.expiration", "Fr user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.InstallerIdentifiers.value", "%7B%22i user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.InstallerParamsCache.expiration", "Fr user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.InstallerParamsCache.value", "%7B%22s user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_appVer.expiration", "Fri Fe user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_appVer.value", "51"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_lastVersion.expiration", "F user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_lastVersion.value", "26"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_meta.expiration", "Fri Feb user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_nextCheck.expiration", "Mon user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_queue.expiration", "Fri Feb user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_remote_resources.expiration user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_remote_resources.value", "% user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_resource_546792.expiration" user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_resource_546792.value", "%2 user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_resource_546793.expiration" user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.lastDailyReport", "1395055555539"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.lastUpdate", "1395055552339"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.manifesturl", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.name", "GemistDownloader-plugin"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.newtab", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.opensearch", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.pluginsversion", 8); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.publisher", "Wietze"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.searchstatus", 0); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.setnewtab", false); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.thankyou", "http://www.helpdeskweb.nl/gemistdown user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.updateinterval", 360); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.ver", 51); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.apps", "30383"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.bic", "143be068e34fb808d1564430c84d7ecc"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.cid", 30383); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.FilesValidatorDueTime", "1394973442700"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.firstrun", false); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.hadappinstalled", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.installationdate", 1390462537); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.modetype", "production"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.reportInstall", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.statsDailyCounter", 118); ---- FireFox user.js and prefs.js backups ---- user_17-03-2014_1251_.backup prefs_17-03-2014_1251_.backup ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\TomTom\HOME\Profiles\5aecsuc6.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_17-03-2014_1251_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\RegClean Pro deleted C:\Users\Gebruiker\AppData\Roaming\Babylon deleted C:\Users\Gebruiker\AppData\Roaming\Systweak deleted C:\PROGRA~3\Tarma Installer deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro deleted C:\WINDOWS\SysNative\roboot64.exe deleted C:\Users\Gebruiker\Downloads\rcpsetupst_RC1_NL_F_1.exe deleted C:\Users\Gebruiker\Downloads\rcpsetupst_RC1_NL_L_1.exe deleted C:\Users\Gebruiker\Downloads\SoftonicDownloader_voor_just-color-picker.exe deleted C:\Users\Gebruiker\Downloads\Typen SoftonicDownloader_voor_keyblaze-typing-tutor.exe deleted C:\Users\Gebruiker\Downloads\Typen SoftonicDownloader_voor_rapid-typing.exe deleted C:\Users\Gebruiker\AppData\LocalLow\mixidj deleted C:\windows\SysNative\tasks\RegClean Prosch deleted C:\windows\SysNative\tasks\RegClean Pro_DEFAULT deleted C:\windows\SysNative\tasks\RegClean Pro_UPDATES deleted C:\WINDOWS\tasks\RegClean Prosch.job deleted C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job deleted C:\WINDOWS\tasks\RegClean Pro_UPDATES.job deleted C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\8n5q4ffh.default\searchplugins\babylon.xml deleted C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\8n5q4ffh.default\extensions\3f85ebca-5ee0-4042-935e-20d7bb38c127@f20b526a-b828-41ab-9361-de1cad391506.com deleted "C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\8n5q4ffh.default\searchplugins\mixidj.xml" deleted ==== System Specs ====================== Operating System: Microsoft Windows 8.1 6.3.9600 64 bits Manufacturer: ASUSTeK COMPUTER INC. - Model: S400CA Install Date: 18-10-2013 22:56:11 Last Boot: 17-3-2014 12:24:20 Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz Number of Processors: 4 Work Station Bootmode: Normal boot Total RAM: 3981 MB (free 2716 MB - 68) Computername: ASUS Domain: WORKGROUP User: Gebruiker (Administrator account) Local Disk: C:\ - NTFS - 97 GB (free 42 GB) Local Disk: D:\ - NTFS - 97 GB (free 62 GB) Local Disk: E:\ - NTFS - 270 GB (free 264 GB) Bootdevice: \Device\HarddiskVolume1 Windows update: Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Avira Desktop On-access scanning disabled (Outdated) Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Avira Desktop disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Firefox 27.0.1 Internet Explorer Version: 11.0.9600.16521 Mozilla Firefox version: 27.0.1 (x86 nl) Sun Java version: 1.7.0_51 (32-bit) Sun Java version: 1.7.0_25 (64-bit) Flash Player version: 12.0.0.77 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== 2014-03-12 05:43:51 A4A5DC596651DCFF8A8B94BF5B1F1EC2 17879432 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\{CF8705B4-56F0-4215-A108-0DFFDCABC295}\InstallFlashPlayer.exe ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2014-03-12 20:59:42 D292652F380DFC23897CB31B1940E56C 588800 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2014-03-12 20:59:42 42433CDEC449D40F508752F2D487D8E4 478208 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2014-03-12 20:59:41 3104FCDE0470E5D89C9991FC0EDDE57E 18643560 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2014-03-12 20:59:40 9929F71938D9FCE4550BEB935071F0C8 13949440 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-03-12 20:59:38 A00970DBAD7034523CF9D2C395A944B8 103936 ----a-w- C:\WINDOWS\SysWOW64\OEMLicense.dll 2014-03-12 20:59:38 716046CF7941B176C18AA58785899A2D 174592 ----a-w- C:\WINDOWS\SysWOW64\WSClient.dll 2014-03-12 20:59:37 A863A4DEF854D579C36EAA9DECF21C80 336896 ----a-w- C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2014-03-12 20:59:37 65ACE54B8EDA937EE7706733D27F40A8 802816 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2014-03-12 20:59:36 EC308077E9BEEDF523AE3D6BA042E016 630272 ----a-w- C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll 2014-03-12 20:59:36 E2C1E49EBFB8EFA1AFF6966533BAD12B 140800 ----a-w- C:\WINDOWS\SysWOW64\easwrt.dll 2014-03-12 20:59:36 DBB6B2FA462A5E7029766B09ED9CDA73 381168 ----a-w- C:\WINDOWS\SysWOW64\mfsvr.dll 2014-03-12 20:59:36 CF8746715C1AA00C29F789825E321C7C 770560 ----a-w- C:\WINDOWS\SysWOW64\ReAgent.dll 2014-03-12 20:59:36 A7DE6E0B69826D5B6F5FF68AABCF7035 218112 ----a-w- C:\WINDOWS\SysWOW64\sti.dll 2014-03-12 20:59:36 986ABF43F76F5B0E3557363FB4925C78 1472048 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll 2014-03-12 20:59:31 D34CE666D9BA3D5232609D3C15075B70 5770752 ----a-w- C:\WINDOWS\SysWOW64\mstscax.dll 2014-03-12 20:59:30 ECEBFCEF5799B57BFF242D24B27E4FE4 2143960 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll 2014-03-12 20:59:30 6C8AC5035C39C818624EFA962B24AB3D 1036288 ----a-w- C:\WINDOWS\SysWOW64\kernel32.dll 2014-03-12 20:59:30 34823DAA381423CAE81FEE7C2EEE52F4 669352 ----a-w- C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-03-12 20:59:30 2A3626E0B7F5A5317902EBDAF2B4CCE0 1371824 ----a-w- C:\WINDOWS\SysWOW64\combase.dll 2014-03-12 20:59:30 17500825FE6C7094ACC6E7DC6B578399 369280 ----a-w- C:\WINDOWS\SysWOW64\Faultrep.dll 2014-03-12 20:59:29 FCD51A3EB7E47FBCE17382A95FD3AB35 2873344 ----a-w- C:\WINDOWS\SysWOW64\dbgeng.dll 2014-03-12 20:59:29 F5033F3C6F8E706D78ACB9351EBF7B3E 1238016 ----a-w- C:\WINDOWS\SysWOW64\dbghelp.dll 2014-03-12 20:59:29 D4A17A8DEB194D77AD9651F0EE0C76EB 138752 ----a-w- C:\WINDOWS\SysWOW64\DWWIN.EXE 2014-03-12 20:59:29 D0B6EB329D696A5C2122352EAE722290 855552 ----a-w- C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-03-12 20:59:29 878B3C936C3C2850A57C24C6F104EBC5 208896 ----a-w- C:\WINDOWS\SysWOW64\rdpencom.dll 2014-03-12 20:59:29 3DA5CD1E3B9BDAF79731CB6CB1029CB3 53248 ----a-w- C:\WINDOWS\SysWOW64\tsgqec.dll 2014-03-12 20:59:29 249DE8C6F690646CC8EC53D49ABC6BE9 408480 ----a-w- C:\WINDOWS\SysWOW64\WerFault.exe 2014-03-12 20:59:26 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2014-03-12 20:59:25 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2014-03-12 20:59:24 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2014-03-12 20:59:24 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2014-03-12 20:59:24 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2014-03-12 20:59:24 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2014-03-12 20:59:24 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-03-12 20:59:24 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2014-03-12 20:59:10 07B5CC5559ED3F55A3F940B3211D89C2 124416 ----a-w- C:\WINDOWS\SysWOW64\poqexec.exe 2014-03-12 20:59:06 F80E8CF9E4A051C2CC338C85088A046C 488448 ----a-w- C:\WINDOWS\SysWOW64\qedit.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-03-12 20:59:42 FF73B88BA206966BD228320F664D4D92 21199256 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2014-03-12 20:59:42 968FB3BA8E7DF0933A1CF593BD503F4A 461312 ----a-w- C:\WINDOWS\Sysnative\XpsGdiConverter.dll 2014-03-12 20:59:42 43D0F8E593ABD37B5BC9573EDD71EFEB 628736 ----a-w- C:\WINDOWS\Sysnative\SettingSyncHost.exe 2014-03-12 20:59:42 1D8F8BE07D2B06C32ADB4B08F0F2A357 749056 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll 2014-03-12 20:59:40 04B5ADB034D17585D3BCFC6DE5CADFF8 18576384 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2014-03-12 20:59:38 B88A70259DF2927787C0B766DD4CFB5C 206336 ----a-w- C:\WINDOWS\Sysnative\WSClient.dll 2014-03-12 20:59:38 68085A085DE8E3540EE8E02CAE575B2E 138240 ----a-w- C:\WINDOWS\Sysnative\OEMLicense.dll 2014-03-12 20:59:37 E80700EB046D0B82B694C98CF7231C08 481944 ----a-w- C:\WINDOWS\Sysnative\mfsvr.dll 2014-03-12 20:59:37 E069B63DAD920D231FA8A141DFF43A8C 960512 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll 2014-03-12 20:59:37 A95838FFFAEAA7500263D491575F7E0C 1214976 ----a-w- C:\WINDOWS\Sysnative\schedsvc.dll 2014-03-12 20:59:36 E287F157F7A0011D93179C64EF8ADCF2 376320 ----a-w- C:\WINDOWS\Sysnative\pnrpsvc.dll 2014-03-12 20:59:36 D03BF756457B6A1EB305B26046BB9B4D 914944 ----a-w- C:\WINDOWS\Sysnative\ReAgent.dll 2014-03-12 20:59:36 C8ACFF60C553E63949A79DC370B516E4 947712 ----a-w- C:\WINDOWS\Sysnative\reseteng.dll 2014-03-12 20:59:36 A0D3749BB1BC942C7D21C4D99E79A615 131160 ----a-w- C:\WINDOWS\Sysnative\easinvoker.exe 2014-03-12 20:59:36 847CFF96ACB575CE73C0E2E86C6BA993 842752 ----a-w- C:\WINDOWS\Sysnative\MsSpellCheckingFacility.dll 2014-03-12 20:59:36 66F214C9E446407D78048681394820A6 178176 ----a-w- C:\WINDOWS\Sysnative\easwrt.dll 2014-03-12 20:59:36 3D136E8D4C0407D9C40FD8BDD649B587 1720560 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll 2014-03-12 20:59:36 1FCA4E287F0ED13BF037A484AA2FE3B1 419160 ----a-w- C:\WINDOWS\Sysnative\hal.dll 2014-03-12 20:59:36 0B9FBEC5714523FF76DDFEB320FE2DF2 303616 ----a-w- C:\WINDOWS\Sysnative\sti.dll 2014-03-12 20:59:31 C993A0B97BECD3AAF5158E3869878465 6353960 ----a-w- C:\WINDOWS\Sysnative\sppsvc.exe 2014-03-12 20:59:31 BAAD43360A7DF630ECC414671AEFA28C 6640640 ----a-w- C:\WINDOWS\Sysnative\mstscax.dll 2014-03-12 20:59:31 977F77CE98456F6B115E5360A1160449 2133208 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll 2014-03-12 20:59:30 CFADC50692A845BAC30940E203393219 1287064 ----a-w- C:\WINDOWS\Sysnative\kernel32.dll 2014-03-12 20:59:30 C7DFBE21051D5E44B479CBF74B968335 1486848 ----a-w- C:\WINDOWS\Sysnative\dbghelp.dll 2014-03-12 20:59:30 C7B69F90B823182CE6BE7C5374832DE5 764864 ----a-w- C:\WINDOWS\Sysnative\mfmpeg2srcsnk.dll 2014-03-12 20:59:30 C039246195C736A602F581D29F18A43D 1928144 ----a-w- C:\WINDOWS\Sysnative\combase.dll 2014-03-12 20:59:30 B5D2EBAD81739185A91D210F5F01824B 407024 ----a-w- C:\WINDOWS\Sysnative\Faultrep.dll 2014-03-12 20:59:30 819A1E0F89B6AC222E9D95CA000A40B1 4175360 ----a-w- C:\WINDOWS\Sysnative\dbgeng.dll 2014-03-12 20:59:30 2684605E822359CBD1ED2BD2C8E76397 249856 ----a-w- C:\WINDOWS\Sysnative\rdpencom.dll 2014-03-12 20:59:29 C83AFB0B285F293EDECF5EBDEC074A94 458616 ----a-w- C:\WINDOWS\Sysnative\WerFault.exe 2014-03-12 20:59:29 AFCAB4DC692CCE37E283B00E2D7B438F 447488 ----a-w- C:\WINDOWS\Sysnative\sppcomapi.dll 2014-03-12 20:59:29 99453C649DC4B0BE6D062B701CD2917F 716288 ----a-w- C:\WINDOWS\Sysnative\swprv.dll 2014-03-12 20:59:29 94D79382FB796B0A8C90270654A70563 1057280 ----a-w- C:\WINDOWS\Sysnative\rdvidcrl.dll 2014-03-12 20:59:29 735CB57F806D292FB7ABE8BDFD3B5853 233920 ----a-w- C:\WINDOWS\Sysnative\mfps.dll 2014-03-12 20:59:29 724ADFEE7743C26C550ABFE04271DCFD 160256 ----a-w- C:\WINDOWS\Sysnative\DWWIN.EXE 2014-03-12 20:59:29 3FFEC6927D4017829A82ECDB277BB23E 64512 ----a-w- C:\WINDOWS\Sysnative\tsgqec.dll 2014-03-12 20:59:29 110BE5198A63D3FF3CE9C30F1DC12EC3 386722 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml 2014-03-12 20:59:28 4E0709D9BB951AD1C22E4FF519B90839 23133696 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2014-03-12 20:59:25 9C5ADB26632D46919ABB231CF7DE98B9 13051904 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2014-03-12 20:59:24 E6ACA421DA3E50D7F0A31228F0C547B0 627200 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2014-03-12 20:59:24 DF79CE9B950C62677D232154E93A81C7 2334208 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2014-03-12 20:59:24 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2014-03-12 20:59:24 CF1C73DE1FADE3D3C44FCAF254F57DB2 5768704 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2014-03-12 20:59:24 BA0A21F761CE5001DF712C51BF11F953 1393664 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2014-03-12 20:59:24 76862AAF77C049EC20217FDC209F7F13 2765824 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2014-03-12 20:59:24 48ED94DA88F65684B28FCD87C01288A7 817664 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2014-03-12 20:59:10 4A8D40E38BC2C57E5D630AD6994A85CB 139776 ----a-w- C:\WINDOWS\Sysnative\poqexec.exe 2014-03-12 20:59:07 695C842DAA76536CE44C336C9E27B25D 1507704 ----a-w- C:\WINDOWS\Sysnative\winload.exe 2014-03-12 20:59:07 1A1DDFD4BA6523979C76BE188984C3AC 1643584 ----a-w- C:\WINDOWS\Sysnative\winload.efi 2014-03-12 20:59:06 1A69D165DDA78A4329B854D4FEDAD132 4189184 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2014-03-12 20:59:06 05894DFC52A78C3B1DD5EF6F30FAD28C 586240 ----a-w- C:\WINDOWS\Sysnative\qedit.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2014-03-16 13:25:28 C0BA352412C002730831E83E69285BB6 17088 ----a-w- C:\WINDOWS\Sysnative\drivers\BootDefragDriver.sys 2014-03-12 20:59:37 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2014-03-12 20:59:36 D22EB844EB57D016CC34178AC86456DF 325464 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS 2014-03-12 20:59:36 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\WINDOWS\Sysnative\drivers\rdbss.sys 2014-03-12 20:59:36 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2014-03-12 20:59:30 ECC68BD5347BDE9631EE68274858A41F 2543960 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-03-12 20:59:29 C85C075DE5B6D0FE116043054DE8EE02 311640 -c--a-w- C:\WINDOWS\Sysnative\drivers\volsnap.sys 2014-03-12 20:59:21 C52148456E0F6EAD9E903020A79207FC 236888 ----a-w- C:\WINDOWS\Sysnative\drivers\WdFilter.sys 2014-03-12 20:59:21 241895E8A9C158DF86E12FDD21033A32 35856 ----a-w- C:\WINDOWS\Sysnative\drivers\WdBoot.sys 2014-03-12 20:59:20 57F22324FAAF92ADF957B281E88F1743 124760 ----a-w- C:\WINDOWS\Sysnative\drivers\WdNisDrv.sys 2014-02-17 07:00:32 ED39D676080A1AEA755F1DEC1A8DF1A4 1119064 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys 2014-02-17 07:00:31 79B6F3DF7CDFD12159871FF71464F0CE 403456 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2014-02-17 07:00:29 B7342B3C58E91107F6E946A93D9D4EFD 142848 ----a-w- C:\WINDOWS\Sysnative\drivers\ipnat.sys 2014-02-17 07:00:29 4628B415A84EA9D4D396A56F1D0CB6C6 142680 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS 2014-02-17 07:00:27 1C89EF529DB7DCA98E801EFDCC8437DE 19456 -c--a-w- C:\WINDOWS\Sysnative\drivers\BtaMPM.sys ====== C:\WINDOWS\Tasks ====== 2014-02-21 07:03:42 FC63586611D150ECB190C8067E0BD0F6 3096 ----a-w- C:\WINDOWS\Sysnative\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2027060751-2346385369-3789192830-1001 ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-03-16 12:14:10 -------- d-----w- C:\Program Files\trend micro 2014-03-16 12:00:11 -------- d-----w- C:\Program Files\Speccy 2014-03-12 21:01:53 -------- d-----w- C:\Program Files\Common Files\Atheros ======= C:\PROGRA~2 ===== 2014-03-03 11:16:33 -------- d-----w- C:\PROGRA~2\QuickTime ======= C: ===== ====== C:\Users\Gebruiker\AppData\Roaming ====== 2014-03-17 11:25:55 -------- d-----r- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-03-15 12:32:01 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Tracker Software ====== C:\Users\Gebruiker ====== 2014-03-17 11:34:50 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Gebruiker\Downloads\MicrosoftFixit.Search.FISC.6331848682266932.2.1.Run.exe 2014-03-16 13:38:59 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Gebruiker\Downloads\MicrosoftFixit.WinFileFolder.FISC.53318405076116996.2.2.Run.exe 2014-03-16 12:52:31 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Gebruiker\Downloads\MicrosoftFixit.Search.FISC.53318405076116996.2.1.Run.exe 2014-03-16 12:13:41 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Gebruiker\Downloads\RSITx64.exe 2014-03-16 12:00:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-03-16 11:59:07 024542793EF5B061EA2AE16D991D2DD3 4845384 ----a-w- C:\Users\Gebruiker\Downloads\spsetup125.exe 2014-03-15 12:31:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 2014-03-03 11:16:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-03-03 11:16:33 -------- d-----w- C:\ProgramData\Apple Computer 2014-02-24 06:26:18 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp ====== C: exe-files == 2014-03-17 12:09:55 A43959C4F02876DF766EB4AB7802AB18 737512 ----a-w- C:\Program Files\Microsoft Office 15\Data\ClientUpdateDir\integratedoffice.exe 2014-03-17 12:09:55 57FFC647042C5CD7BE0CAF5787C16DF1 820424 ----a-w- C:\Program Files\Microsoft Office 15\Data\ClientUpdateDir\officec2rclient.exe 2014-03-17 12:09:55 03F5F6B3FA0BACD7D385C5CE6D309F7A 2169016 ----a-w- C:\Program Files\Microsoft Office 15\Data\ClientUpdateDir\officeclicktorun.exe 2014-03-17 11:34:50 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Gebruiker\Downloads\MicrosoftFixit.Search.FISC.6331848682266932.2.1.Run.exe 2014-03-16 13:38:59 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Gebruiker\Downloads\MicrosoftFixit.WinFileFolder.FISC.53318405076116996.2.2.Run.exe 2014-03-16 12:52:31 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Gebruiker\Downloads\MicrosoftFixit.Search.FISC.53318405076116996.2.1.Run.exe 2014-03-16 12:14:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Gebruiker.exe 2014-03-16 12:13:41 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Gebruiker\Downloads\RSITx64.exe 2014-03-16 11:59:07 024542793EF5B061EA2AE16D991D2DD3 4845384 ----a-w- C:\Users\Gebruiker\Downloads\spsetup125.exe 2014-03-15 12:51:28 6CEFCC79BAFBA725DCE5A245C1034FFF 2228224 ----a-w- C:\Users\Gebruiker\AppData\Local\Packages\5812179B29925.3284964C256C_vp95hwg6x04ww\AC\Microsoft\CLR_v4.0_32\NativeImages\Kesyn.Book\8d3b7b636e9c6d6f917de0b00175e452\Kesyn.Book.ni.exe 2014-03-15 12:26:50 2D4DE3BDE2888A714F87582968C6DAD0 54506928 ----a-w- C:\Users\Gebruiker\Downloads\PDF reader XVE3\PDFXVE3.exe 2014-03-15 12:16:49 6AB585DAB91E7D88AAA1B562AFA9377C 217768 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\MSOXMLED.EXE 2014-03-15 12:16:47 F0B54CE877BE92DB307905FB49259266 33440 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\vfs\ProgramFilesX86\Microsoft Office\Office15\AppSharingHookController.exe 2014-03-15 12:16:47 9E24E6015CD1F35C6B2EF75FB326B01F 3015336 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\WORDICON.EXE 2014-03-15 12:16:44 F7973FCD48D8EE5D5735288EF08C7A88 377008 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\msoia.exe 2014-03-15 12:16:44 002CAA8D4D2EBA86B32D340D27B8175F 107760 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE 2014-03-15 12:16:42 96E662C8C9B23AC7DE7D1948C145B4FB 3509416 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\PPTICO.EXE 2014-03-15 12:16:39 3C683E054BBBA0298C0C832E8F31B460 39584 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\AppSharingHookController64.exe 2014-03-15 12:16:37 F0EA9218B3C1F961873EFAE9AC82A20D 588008 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE 2014-03-15 12:16:35 21587EAAD3120394426B036FC5B7277F 997584 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE 2014-03-15 12:16:33 D4826D1A19220F5BFFE2DD34BC100D91 3748008 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\ACCICONS.EXE 2014-03-15 12:16:33 79F0E929756083D13F8B12BE81DDD435 49344 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\flattener\Flattener.exe 2014-03-15 12:16:27 906900B79D2E3E92E7AE7EBC9B033EB4 5282008 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CMigrate.exe 2014-03-15 12:16:26 5E0C267F8CF897C1ED3A9B6289AAC15D 614568 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\MSOICONS.EXE 2014-03-15 12:16:25 5D6F2D337FB91576CDBADC3080364DB8 14022320 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\PDFREFLOW.EXE 2014-03-15 12:16:22 1F56DF410344B10F10958B81CD39B2FF 1056944 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\protocolhandler.exe 2014-03-15 12:16:21 B64096648F30C744F2CE42AB5B8EC557 652472 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\MSOSQM.EXE 2014-03-15 12:16:20 B3ADBDE5F1EAD2528B164523AF6A9338 3685544 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\XLICONS.EXE 2014-03-15 12:16:20 96EA29F53F0475C4189008DFA22A89C3 6077128 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\Integration\OneDriveSetup.exe 2014-03-15 12:16:19 86ABD59E7C4CF6BFA97651417625DC1D 7113432 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CMigrate.exe 2014-03-15 12:16:11 EDC0A2B201BA18CABEB2717C4129D5B0 1626840 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe 2014-03-15 12:16:11 E3E0F7264AEB08CB05D567606A201794 110792 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\NAMECONTROLSERVER.EXE 2014-03-15 12:16:11 A73405073AD648319BD8167F8B9AC5EB 277696 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\CLVIEW.EXE 2014-03-15 12:16:11 8379A7F5AFD74161BB14049BD40AFAAB 626368 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\MSOUC.EXE 2014-03-15 12:16:11 672E98E0F48968CA1E4CFC5757C11EE9 55512 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\SETLANG.EXE 2014-03-15 12:16:10 F6D9E689E65BCC03F7A31E3D25FE6486 471232 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\MSOSYNC.EXE 2014-03-15 12:16:10 A56DF62F436C9EF30E9980EC282609B8 666864 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\IEContentService.exe 2014-03-15 12:16:10 9E8379C216A0F8F26C2DC69536ED6531 37040 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\msoev.exe 2014-03-15 12:16:10 9E64B9034767EAC60032A1C23CEBEF29 221360 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\ONENOTEM.EXE 2014-03-15 12:16:10 893F383169D3FA2979026ED8CE0F3C30 873120 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\MSQRY32.EXE 2014-03-15 12:16:10 7897B0641FEDEBEFE30E9831784BD30E 576728 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\SELFCERT.EXE 2014-03-15 12:16:10 711D8404BFFD66284111A6D284AE55E2 29463712 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\excelcnv.exe 2014-03-15 12:16:10 671BEB6315244A46BAEC4E7890DB3A53 47336 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\SCANPST.EXE 2014-03-15 12:16:10 6394852B6EB5563C18E74847E5AF932C 37048 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\msotd.exe 2014-03-15 12:16:10 4C3636BECC56AEDE1AF8B372C7D334FB 1026728 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\misc.exe 2014-03-15 12:16:10 40708CB81D1E024E0A1C8A2674644A8D 696056 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\ORGCHART.EXE 2014-03-15 12:16:10 240299DED0EEE0E2B1A1F7D51FF46F57 6132928 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\GRAPH.EXE 2014-03-15 12:16:08 E1516703A43A5D0B299128646A2551C9 1848016 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\OcPubMgr.exe 2014-03-15 12:16:08 C8CC4AC85399EC3B8236B0C57A7D776E 8463016 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\lynchtmlconv.exe 2014-03-15 12:16:07 A62C45FB70F128B84AF81A7B018091FB 227496 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\CNFNOT32.EXE 2014-03-15 12:16:07 A5B8B4E12D6086F06250D89279DC99C7 860832 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\UcMapi.exe 2014-03-15 12:16:07 654F5E1ECA3DDED8E121BFF72B5F7B68 698056 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\VPREVIEW.EXE 2014-03-15 12:15:53 53202A250AE8110206AF419C0638F8EA 833232 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\Integration\Integrator.exe 2014-03-15 12:15:28 B2E32CD230F26E8B6F53026EE62CDA9B 2561704 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\INFOPATH.EXE 2014-03-15 12:15:28 96083845ECC29E60E6A7974FFFB679D2 13280448 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\GROOVE.EXE 2014-03-15 12:15:28 2E1E5D2AD99AC6CBA39D0E22099C5B60 22538400 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\lync.exe 2014-03-15 12:15:27 7E83DB40A8AE716545C55331EE565D11 20594344 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\MSACCESS.EXE 2014-03-15 12:15:27 486DF7009FB985A4DF5ABD5D52D4D84D 27002536 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\OUTLOOK.EXE 2014-03-15 12:15:27 1D3BF44F8CB2372539E331A0BCD7D981 2229416 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\ONENOTE.EXE 2014-03-15 12:15:16 641792470FF487DDB1ABC35126A9EE7B 1925280 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\WINWORD.EXE 2014-03-15 12:15:15 5A58DC4F019C79C198EAE0BEC1DC21EF 32994464 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\EXCEL.EXE 2014-03-15 12:15:15 1AA9714EB50230FF61762200BEFC0708 14110888 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\MSPUB.EXE 2014-03-15 12:15:06 F7E86263A91582BF680C9AAD04819118 968872 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\FIRSTRUN.EXE 2014-03-15 12:15:06 6EA860F880F0AF59E31608AB504B9120 109736 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\perfboost.exe 2014-03-12 20:59:42 43D0F8E593ABD37B5BC9573EDD71EFEB 628736 ----a-w- C:\Windows\System32\SettingSyncHost.exe 2014-03-12 20:59:42 42433CDEC449D40F508752F2D487D8E4 478208 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe 2014-03-12 20:59:36 A0D3749BB1BC942C7D21C4D99E79A615 131160 ----a-w- C:\Windows\System32\easinvoker.exe 2014-03-12 20:59:31 C993A0B97BECD3AAF5158E3869878465 6353960 ----a-w- C:\Windows\System32\sppsvc.exe 2014-03-12 20:59:29 D4A17A8DEB194D77AD9651F0EE0C76EB 138752 ----a-w- C:\Windows\SysWOW64\DWWIN.EXE 2014-03-12 20:59:29 C83AFB0B285F293EDECF5EBDEC074A94 458616 ----a-w- C:\Windows\System32\WerFault.exe 2014-03-12 20:59:29 724ADFEE7743C26C550ABFE04271DCFD 160256 ----a-w- C:\Windows\System32\DWWIN.EXE 2014-03-12 20:59:29 249DE8C6F690646CC8EC53D49ABC6BE9 408480 ----a-w- C:\Windows\SysWOW64\WerFault.exe 2014-03-12 20:59:24 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-03-12 20:59:10 4A8D40E38BC2C57E5D630AD6994A85CB 139776 ----a-w- C:\Windows\System32\poqexec.exe 2014-03-12 20:59:10 07B5CC5559ED3F55A3F940B3211D89C2 124416 ----a-w- C:\Windows\SysWOW64\poqexec.exe 2014-03-12 20:59:07 695C842DAA76536CE44C336C9E27B25D 1507704 ----a-w- C:\Windows\System32\winload.exe 2014-03-12 20:59:07 695C842DAA76536CE44C336C9E27B25D 1507704 ----a-w- C:\Windows\System32\Boot\winload.exe 2014-03-12 05:43:51 A4A5DC596651DCFF8A8B94BF5B1F1EC2 17879432 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\{CF8705B4-56F0-4215-A108-0DFFDCABC295}\InstallFlashPlayer.exe === C: other files == 2014-03-17 11:52:26 A29030FB93B2E48EDD124749881406CE 943211 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\sysspec\SysSpec.zip 2014-03-16 13:25:28 C0BA352412C002730831E83E69285BB6 17088 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys 2014-03-15 12:17:21 54D0ED7F9BB0FDF3F43518D492AF7FF3 86471 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\Ocomprivate.zip 2014-03-15 12:17:14 DDB638579B9FF3B85BB2A3CF16567180 85409 ----a-w- C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\office15\Microsoft.Lync.Model.zip 2014-03-15 12:10:56 0465D4E318A8BF5FEA23E4C4291B7969 54019738 ----a-w- C:\Users\Gebruiker\Downloads\PDFXVE3.zip 2014-03-15 00:58:03 A22531B072BE9D92CF9C04F08A4B0EB8 606 ----a-w- C:\Windows\Temp\2014031500006520.zip 2014-03-12 20:59:37 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-03-12 20:59:36 D22EB844EB57D016CC34178AC86456DF 325464 -c--a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2014-03-12 20:59:36 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\Windows\System32\drivers\rdbss.sys 2014-03-12 20:59:36 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2014-03-12 20:59:30 ECC68BD5347BDE9631EE68274858A41F 2543960 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-03-12 20:59:29 C85C075DE5B6D0FE116043054DE8EE02 311640 -c--a-w- C:\Windows\System32\drivers\volsnap.sys 2014-03-12 20:59:21 C52148456E0F6EAD9E903020A79207FC 236888 ----a-w- C:\Windows\System32\drivers\WdFilter.sys 2014-03-12 20:59:21 241895E8A9C158DF86E12FDD21033A32 35856 ----a-w- C:\Windows\System32\drivers\WdBoot.sys 2014-03-12 20:59:20 57F22324FAAF92ADF957B281E88F1743 124760 ----a-w- C:\Windows\System32\drivers\WdNisDrv.sys 2014-03-12 20:59:06 1A69D165DDA78A4329B854D4FEDAD132 4189184 ----a-w- C:\Windows\System32\win32k.sys 2014-03-11 22:38:44 9301584B339D9BCB910FC66401E550ED 606 ----a-w- C:\Windows\Temp\2014031100004168.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2027060751-2346385369-3789192830-1001\Software\Microsoft\Windows\CurrentVersion\Run] "GUDelayStartup"="E:\Program Files (x86)\Glary Utilities 4\StartupManager.exe -delayrun" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GUDelayStartup"="E:\Program Files (x86)\Glary Utilities 4\StartupManager.exe -delayrun" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ASUS InstantOn] ==== Startup Folders ====================== 2013-09-20 16:59:27 1123 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk 2013-06-16 14:44:35 1295 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk 2013-12-28 09:34:31 1295 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\GlaryInitialize 4.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12-10-2013 15:30] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\0" [c:\program files\internet explorer\iexplore.exe] "C:\WINDOWS\SysNative\tasks\4802" [wscript.exe C:\Users\GEBRUI~1\AppData\Local\Temp\launchie.vbs //B] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\ASUS InstantOn Config" [C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe] "C:\WINDOWS\SysNative\tasks\ASUS Patch for VIA Audio" [C:\Windows\system32\AsPatchViaAudio.exe] "C:\WINDOWS\SysNative\tasks\ASUS Touchpad Launcher (x64)" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["E:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\GlaryInitialize 4" [E:\Program Files (x86)\Glary Utilities 4\Initialize.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\8n5q4ffh.default - Pocket - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\8n5q4ffh.default\extensions\isreaditlater@ideashower.com - Undetermined - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\8n5q4ffh.default\extensions\3f85ebca-5ee0-4042-935e-20d7bb38c127@f20b526a-b828-41ab-9361-de1cad391506.com - Pocket - %ProfilePath%\extensions\isreaditlater@ideashower.com - Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi - Firepicker - %ProfilePath%\extensions\firepicker@thedarkone.xpi - Rainbow Color Tools - %ProfilePath%\extensions\rainbow@colors.org.xpi ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\TomTom\HOME\Profiles\5aecsuc6.default - Map status indicator - E:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - E:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\8n5q4ffh.default 95812430959AE88CDD0301AB3A71913B - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash 6512664A6B3E3F037091D0E0CEA970D8 - E:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll - PDF-XChange Editor D6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013 E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Gebruiker\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104 18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL - Microsoft Office 2013 74E615C992BAF1C8EDB720AEAF94A11C - E:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll - PDF-XChange Editor ==== Chrome Look ====================== Docs - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf MixiDj Chrome Toolbar - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn Gmail - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.vlinderkind.eu/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.vlinderkind.eu/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: CrossriderApp0030383 - {11111111-1111-1111-1111-110311031183} - C:\Program Files (x86)\GemistDownloader-plugin\GemistDownloader-plugin-bho.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [GUDelayStartup] E:\Program Files (x86)\Glary Utilities 4\StartupManager.exe -delayrun O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O4 - Startup: Verzenden naar OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @oem19.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\WINDOWS\system32\DptfParticipantProcessorService.exe (file missing) O23 - Service: @oem19.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - E:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: ASUS Wake Service (WakeupService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Gebruiker\AppData\Local\Mozilla\Firefox\Profiles\8n5q4ffh.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=190 folders=31 430526430 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 17-03-2014 at 13:25:31,32 ======================