Zoek.exe v5.0.0.0 Updated 28-March-2015 Tool run by Gebruiker on zo 29/03/2015 at 18:58:19,19. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files (x86)\Conceptronic\Common\RaRegistry.exe C:\Program Files (x86)\Conceptronic\Common\RaRegistry64.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Popcorn Time\Updater.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\system32\conhost.exe C:\Windows\Explorer.EXE C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe C:\Windows\system32\msiexec.exe C:\Program Files (x86)\KidLogger\Kidlogger.exe C:\Users\Gebruiker\AppData\Local\iLivid\iLivid.exe C:\Program Files (x86)\QuickTime\QTTask.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\EmvSmartCardReader\BePCSC.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\EmvSmartCardReader\SmartMON.exe C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\Program Files (x86)\AVG Web TuneUp\vprot.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\splwow64.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Gebruiker\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== System Restore Info ====================== 29/03/2015 19:01:46 Zoek.exe System Restore Point Created Successfully. ==== Windows Installer Info ====================== Adobe AIR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\080E7FFA4791FB54390101EDA1F1E50D]c:\Windows\Installer\a30343.msi Adobe Photoshop Elements 12 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F157B777409C7DB4D8FF189FA7C3B05C]C:\Windows\Installer\41d0e3.msi Adobe Photoshop Lightroom 5.6 64-bit [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2C99E91DD9D657044B644B83E7FA075A]C:\Windows\Installer\54d4b4.msi Adobe Reader X (10.1.13) - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73401B744AA0100000010]C:\Windows\Installer\578ab.msi Apple Application Support [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\277C90D53BCEB244C96C4B43C187DF2C]C:\Windows\Installer\1403e2a.msi Apple Mobile Device Support [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\045F27F206F16624596059B2126D46D0]C:\Windows\Installer\6a9eef.msi Apple Software Update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\46B5A9879DD95AB419A50FCFA0B1B7EF]C:\Windows\Installer\2ecc0d.msi AVG 2015 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\36464AF4C966BDD44B44CD9BC9E0C4AF]C:\Windows\Installer\13ae2.msi AVG 2015 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\61693FFB5B73D4F4582D872288044AA8]C:\Windows\Installer\11afc.msi BabylonObjectInstaller [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193]C:\Windows\Installer\3378fc.msi Belgium e-ID middleware 3.5.6 (build 6954) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ED365428DA576614D90C6B84F2029645]C:\Windows\Installer\12b06.msi Bonjour [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B0163E6D0340BE4183EB2758E9BEDD8]C:\Windows\Installer\2ecc01.msi Elements 12 Organizer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B7A08D910CDD584EA3917D055B9C565]C:\Windows\Installer\41d0f8.msi Etron USB3.0 Host Controller [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C837BBFD8D175CD48B2D6DC57386E072]C:\Windows\Installer\2f539.msi Filmmaker's Toolkit for Studio [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5C271FC4121FAF140B0BD09448B00F30]C:\Windows\Installer\364e4be.msi Google Earth [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0336A2D4B8F23E11C9048BCAF6798BE8]C:\Windows\Installer\a2f9d.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\232d20e.msi Hollywood FX Volumes 1-3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F181D3EB642F79449E5D69BC8AB6677]C:\Windows\Installer\364e4ca.msi iCloud [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3030C407C02DFA54DBB255E6FA13EB90]C:\Windows\Installer\1aaa09.msi iTunes [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\30F0FF67707B23345B1D5AC6383015E4]C:\Windows\Installer\356f6.msi Java 8 Update 40 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF2381208040F]C:\Windows\Installer\bb0e.msi Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2FA0BBE92DA4ABA359FE79E7EB1ABC90]C:\Windows\Installer\4a4d7f.msi Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE4EBED704B66673BB53C5BB3C58AD73]C:\Windows\Installer\5d83e.msi Microsoft Office Access MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109510031400000000000F01FEC]C:\Windows\Installer\1fd3a00.msi Microsoft Office Enterprise 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC]C:\Windows\Installer\1fd3a16.msi Microsoft Office Excel MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109610031400000000000F01FEC]C:\Windows\Installer\1fd39ab.msi Microsoft Office File Validation Add-In [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109500200000000000000F01FEC]C:\Windows\Installer\50d1f.msi Microsoft Office Groove MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109AB0031400000000000F01FEC]C:\Windows\Installer\1fd39bf.msi Microsoft Office InfoPath MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109440031400000000000F01FEC]C:\Windows\Installer\1fd39c5.msi Microsoft Office Office 64-bit Components 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A20000000100000000F01FEC]C:\Windows\Installer\1fd3a0d.msi Microsoft Office OneNote MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021091A0031400000000000F01FEC]C:\Windows\Installer\1fd3a06.msi Microsoft Office Outlook MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A10031400000000000F01FEC]C:\Windows\Installer\1fd39b2.msi Microsoft Office PowerPoint MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109810031400000000000F01FEC]C:\Windows\Installer\1fd39b9.msi Microsoft Office Proof (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10031400000000000F01FEC]C:\Windows\Installer\1fd39d1.msi Microsoft Office Proof (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10090400000000000F01FEC]C:\Windows\Installer\1fd39e5.msi Microsoft Office Proof (French) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F100C0400000000000F01FEC]C:\Windows\Installer\1fd39de.msi Microsoft Office Proof (German) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10070400000000000F01FEC]C:\Windows\Installer\1fd39d7.msi Microsoft Office Proofing (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109C20031400000000000F01FEC]C:\Windows\Installer\1fd39eb.msi Microsoft Office Publisher MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109910031400000000000F01FEC]C:\Windows\Installer\1fd39f2.msi Microsoft Office Shared 64-bit MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A20031400100000000F01FEC]C:\Windows\Installer\1fd39cb.msi Microsoft Office Shared MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109E60031400000000000F01FEC]C:\Windows\Installer\1fd39a5.msi Microsoft Office Word MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109B10031400000000000F01FEC]C:\Windows\Installer\1fd39f9.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]C:\Windows\Installer\1b6a39e.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3e43b73803c7c394f8a6b2f0402e19c2]C:\Windows\Installer\7d666.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\2358ee.msi Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E58EC68CABDDFF39B774E7BF9389C90]C:\Windows\Installer\14347e.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]C:\Windows\Installer\12433c.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98]C:\Windows\Installer\16342d.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]C:\Windows\Installer\589dbb.msi Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]C:\Windows\Installer\180caa.msi Motion Graphics Toolkit for Studio [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4F17D8711BFDCE04D95923F68D3A7E0A]C:\Windows\Installer\364e4c3.msi MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217]C:\Windows\Installer\2af22bb.msi MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE]C:\Windows\Installer\6a060f.msi MSXML 4.0 SP3 Parser (KB2721691) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0CA5B553EEEC5C24DAD4F7C3DF08C663]C:\Windows\Installer\1628c35.msi MSXML 4.0 SP3 Parser (KB2758694) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09AB59D18F4FCE748A2844C1993DC0E1]C:\Windows\Installer\279ef41.msi MSXML 4.0 SP3 Parser [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1F764691F11C67F458B88521DA8CB349]C:\Windows\Installer\7a86c9.msi Nikon File Uploader 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C2417E1D3CB6BE947AA15E7DDACA5799]C:\Windows\Installer\7d6c8.msi Nikon Message Center 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\44EE410B791931546931176EBEB115E4]C:\Windows\Installer\7d6cf.msi NVIDIA PhysX [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\67C4BD9B4A105D6498017FAA3667BDFA]C:\Windows\Installer\1a1512.msi PhotoNow [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\623DD63D08278D11798C00109267C0EB]C:\Windows\Installer\7fa074.msi Pinnacle Studio 16 - Install Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC6881F37F9A714299EE7A00B0F0E99]C:\Windows\Installer\32e52b8.msi Pinnacle Studio 16 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CBDFB4826CADCE34588A1EEC0C3D1A41]C:\Windows\Installer\364e4a9.msi PMB [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F5E89A6B7A6DBF64E9D9F1B74F3494C1]C:\Windows\Installer\dd359e.msi PowerDirector [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\098990BCF5D15D11E99A0005AB3E711E]C:\Windows\Installer\7fa06a.msi PowerProducer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\60EC0A7BE8606D1179DF0005ABBC8F16]C:\Windows\Installer\124341.msi Premium Pack Volumes 1-2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6A8D4C8845990A6469D5295ED5BA7843]C:\Windows\Installer\364e4d1.msi PVSonyDll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D366E3D3E7E477545A06E7DCDD5445A8]C:\Windows\Installer\1a14ec.msi QuickTime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ABFAB76BF9C4AF84496939E3B3520544]C:\Windows\Installer\1aacb9.msi ScoreFitter Volumes 1-2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ACE9ADF03AD6E0847B9A673F35FAB6C6]C:\Windows\Installer\364e4d8.msi Skype Click to Call [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7692FC6BE18C0C0489510C7547EF1F02]C:\Windows\Installer\24041.msi SkypeT 6.11 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E7FF67E4ABEA78C47B88DC745E24B5D9]C:\Windows\Installer\dbbe87.msi SmartCard Reader Driver Installation [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68519D6C89F9DFC4B93CCF8000190150]C:\Windows\Installer\12b00.msi Sunny Explorer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BCC8C0F97C3568E41B605115D753EC41]C:\Windows\Installer\13b9eb.msi Title Extreme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4104127FEE7273249987F2D9511555B9]C:\Windows\Installer\364e4e6.msi ViewNX 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29426DDD7A23B214A81FC20F23DA243E]C:\Windows\Installer\7d6b3.msi Visual Studio 2008 x64 Redistributables [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994]C:\Windows\Installer\163431.msi Visual Studio 2010 x64 Redistributables [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D331B1297950F74EBC16F6A3B4096F3]C:\Windows\Installer\180cb0.msi Visual Studio 2012 x64 Redistributables [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07E577C8197A8AD4CB3CA67B31F64448]C:\Windows\Installer\104a10f.msi Visual Studio 2012 x86 Redistributables [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A91FFE89BA03B4E49B340FB6C136BE8F]C:\Windows\Installer\104a109.msi ==== Empty Folders Check ====================== C:\PROGRA~2\hpmonitor deleted successfully C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Avid deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\eSafe deleted successfully C:\PROGRA~3\InstallMate deleted successfully C:\PROGRA~3\Ralink deleted successfully C:\Users\Gebruiker\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Gebruiker\AppData\Roaming\WinRAR deleted successfully C:\Users\Gebruiker\AppData\Local\Conduit deleted successfully C:\Users\Gebruiker\AppData\Local\LooksBuilder deleted successfully C:\Users\Gebruiker\AppData\Local\PackageAware deleted successfully ==== Checking Systemdrive for Symlinks ====================== De volumenaam van station C is Windows 7 Het volumenummer is 04C8-3536 Map van C:\ 14/07/2009 07:08 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\Program Files\Windows NT 14/02/2011 14:45 Bureau-accessoires [C:\Program Files\Windows NT\Accessories] 0 bestand(en) 0 bytes Map van C:\ProgramData 14/07/2009 07:08 Application Data [C:\ProgramData] 14/02/2011 14:45 Bureaublad [C:\Users\Public\Desktop] 14/07/2009 07:08 Desktop [C:\Users\Public\Desktop] 14/02/2011 14:45 Documenten [C:\Users\Public\Documents] 14/07/2009 07:08 Documents [C:\Users\Public\Documents] 14/02/2011 14:45 Favorieten [C:\Users\Public\Favorites] 14/07/2009 07:08 Favorites [C:\Users\Public\Favorites] 14/02/2011 14:45 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 14/02/2011 14:45 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14/07/2009 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\ProgramData\Microsoft\Windows\Start Menu 14/02/2011 14:45 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\ProgramData\Oracle\Java\javapath 29/03/2015 18:52 java.exe [C:\Program Files (x86)\Java\jre1.8.0_40\bin\java.exe] 29/03/2015 18:52 javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_40\bin\javaw.exe] 29/03/2015 18:52 javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_40\bin\javaws.exe] 3 bestand(en) 0 bytes Map van C:\Users 14/07/2009 07:08 All Users [C:\ProgramData] 14/07/2009 07:08 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 14/07/2009 07:08 Application Data [C:\ProgramData] 14/02/2011 14:45 Bureaublad [C:\Users\Public\Desktop] 14/07/2009 07:08 Desktop [C:\Users\Public\Desktop] 14/02/2011 14:45 Documenten [C:\Users\Public\Documents] 14/07/2009 07:08 Documents [C:\Users\Public\Documents] 14/02/2011 14:45 Favorieten [C:\Users\Public\Favorites] 14/07/2009 07:08 Favorites [C:\Users\Public\Favorites] 14/02/2011 14:45 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 14/02/2011 14:45 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14/07/2009 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Microsoft\Windows\Start Menu 14/02/2011 14:45 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Oracle\Java\javapath 29/03/2015 18:52 java.exe [C:\Program Files (x86)\Java\jre1.8.0_40\bin\java.exe] 29/03/2015 18:52 javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_40\bin\javaw.exe] 29/03/2015 18:52 javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_40\bin\javaws.exe] 3 bestand(en) 0 bytes Map van C:\Users\Gebruiker 14/02/2011 14:45 Application Data [C:\Users\Gebruiker\AppData\Roaming] 14/02/2011 14:45 Cookies [C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Cookies] 14/02/2011 14:45 Local Settings [C:\Users\Gebruiker\AppData\Local] 14/02/2011 14:45 Menu Start [C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu] 14/02/2011 14:45 Mijn documenten [C:\Users\Gebruiker\Documents] 14/02/2011 14:45 NetHood [C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 14/02/2011 14:45 Netwerkprinteromgeving [C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14/02/2011 14:45 Recent [C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Recent] 14/02/2011 14:45 SendTo [C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\SendTo] 14/02/2011 14:45 Sjablonen [C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Gebruiker\AppData\Local 14/02/2011 14:45 Application Data [C:\Users\Gebruiker\AppData\Local] 14/02/2011 14:45 Geschiedenis [C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\History] 14/02/2011 14:45 Temporary Internet Files [C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu 14/02/2011 14:45 Programma's [C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Gebruiker\Documents 14/02/2011 14:45 Mijn afbeeldingen [C:\Users\Gebruiker\Pictures] 14/02/2011 14:45 Mijn muziek [C:\Users\Gebruiker\Music] 14/02/2011 14:45 Mijn video's [C:\Users\Gebruiker\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 14/02/2011 14:45 Mijn afbeeldingen [C:\Users\Public\Pictures] 14/02/2011 14:45 Mijn muziek [C:\Users\Public\Music] 14/02/2011 14:45 Mijn video's [C:\Users\Public\Videos] 14/07/2009 07:08 My Music [C:\Users\Public\Music] 14/07/2009 07:08 My Pictures [C:\Users\Public\Pictures] 14/07/2009 07:08 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Map van C:\Users\UpdatusUser 18/11/2012 02:04 Application Data [C:\Users\UpdatusUser\AppData\Roaming] 18/11/2012 02:04 Local Settings [C:\Users\UpdatusUser\AppData\Local] 18/11/2012 02:04 Menu Start [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu] 0 bestand(en) 0 bytes Map van C:\Users\UpdatusUser\AppData\Local 18/11/2012 02:04 Application Data [C:\Users\UpdatusUser\AppData\Local] 18/11/2012 02:04 Geschiedenis [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History] 18/11/2012 02:04 Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu 18/11/2012 02:04 Programma's [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Windows\System32\config\systemprofile 17/05/2013 08:14 Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming] 17/05/2013 08:14 Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies] 17/05/2013 08:14 Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local] 17/05/2013 08:14 Menu Start [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu] 17/05/2013 08:14 Mijn documenten [C:\Windows\system32\config\systemprofile\Documents] 17/05/2013 08:14 NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 17/05/2013 08:14 Netwerkprinteromgeving [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 17/05/2013 08:14 Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent] 17/05/2013 08:14 SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo] 17/05/2013 08:14 Sjablonen [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Windows\System32\config\systemprofile\AppData\Local 17/05/2013 08:14 Application Data [C:\Windows\system32\config\systemprofile\AppData\Local] 17/05/2013 08:14 Geschiedenis [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History] 17/05/2013 08:14 Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu 17/05/2013 08:14 Programma's [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Windows\System32\config\systemprofile\Documents 17/05/2013 08:14 Mijn afbeeldingen [C:\Windows\system32\config\systemprofile\Pictures] 17/05/2013 08:14 Mijn muziek [C:\Windows\system32\config\systemprofile\Music] 17/05/2013 08:14 Mijn video's [C:\Windows\system32\config\systemprofile\Videos] 0 bestand(en) 0 bytes Map van C:\Windows\SysWOW64\config\systemprofile 17/05/2013 08:14 Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming] 17/05/2013 08:14 Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies] 17/05/2013 08:14 Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local] 17/05/2013 08:14 Menu Start [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu] 17/05/2013 08:14 Mijn documenten [C:\Windows\system32\config\systemprofile\Documents] 17/05/2013 08:14 NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 17/05/2013 08:14 Netwerkprinteromgeving [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 17/05/2013 08:14 Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent] 17/05/2013 08:14 SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo] 17/05/2013 08:14 Sjablonen [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Windows\SysWOW64\config\systemprofile\AppData\Local 17/05/2013 08:14 Application Data [C:\Windows\system32\config\systemprofile\AppData\Local] 17/05/2013 08:14 Geschiedenis [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History] 17/05/2013 08:14 Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu 17/05/2013 08:14 Programma's [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Windows\SysWOW64\config\systemprofile\Documents 17/05/2013 08:14 Mijn afbeeldingen [C:\Windows\system32\config\systemprofile\Pictures] 17/05/2013 08:14 Mijn muziek [C:\Windows\system32\config\systemprofile\Music] 17/05/2013 08:14 Mijn video's [C:\Windows\system32\config\systemprofile\Videos] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 6 bestand(en) 0 bytes 92 map(pen) 156.248.215.552 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1755704755-2522349076-452139643-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-1755704755-2522349076-452139643-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-1755704755-2522349076-452139643-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) æTorrent Adobe AIR Adobe Flash Player 16 ActiveX Adobe Flash Player 16 NPAPI Adobe Photoshop Elements 12 Adobe Photoshop Lightroom 5.6 64-bit Adobe Reader X (10.1.13) - Nederlands Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2015 AVG Web TuneUp BabylonObjectInstaller Belgium e-ID middleware 3.5.6 (build 6954) Bonjour browse2buy Conceptronic 300N Wireless Adapter (v3.0) ConvertXtoDVD 4.1.19.365 Creative Pack Volume 1 CyberLink PhotoNow CyberLink PowerDirector CyberLink PowerProducer eastobuy Elements 12 Organizer Etron USB3.0 Host Controller Facebook Video Calling 3.1.0.521 Filmmaker's Toolkit for Studio Google Earth Google Update Helper Hamster Free Video Converter HiJackThis Hollywood FX Volumes 1-3 iCloud Intel(R) Management Engine Components iTunes Java 8 Update 40 Java Auto Updater K-Lite Codec Pack 10.6.5 Basic KidLogger 5.6.11 marketcomiparrE marvell 91xx driver Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MKV Player 2.0.1 Motion Graphics Toolkit for Studio MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) nicedeal Nikon File Uploader 2 Nikon Message Center 2 NVIDIA-configuratiescherm 311.06 NVIDIA 3D Vision stuurprogramma 311.06 NVIDIA Grafisch stuurprogramma 311.06 NVIDIA HD Audio-stuurprogramma 1.1.13.1 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX systeemsoftware 9.10.0514 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components Pando Media Booster Picasa 3 Picture Control Utility Pinnacle Studio 16 - Install Manager Pinnacle Studio 16 - Standard Content Pack Pinnacle Studio 16 Pinnacle videodriver PMB Popcorn Time Premium Pack Volumes 1-2 PSE12 STI Installer PVSonyDll QuickTime Realtek Ethernet Controller Driver For Windows 7 ScoreFitter Volumes 1-2 Scratch Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2984939) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956106) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956107) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2956103) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2899580) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2956109) 32-Bit Edition Skype Click to Call SkypeT 6.11 SmartCard Reader Driver Installation Stuurprogrammapakket voor Windows - Fedict SmartCard (12/08/2009 4.0.0.3) Sunny Explorer Title Extreme Tuyttens Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2920794) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2956104) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Video2Go Driver ViewNX 2 Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WtuSystemSupport deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.4.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.4.0 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\tjc1dnnz.default ---- Lines searches removed from prefs.js ---- user_pref("browser.search.defaultenginename", "dosearches"); user_pref("browser.search.selectedEngine", "dosearches"); ---- FireFox user.js and prefs.js backups ---- user_20152903_1913_.backup prefs_20152903_1913_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Deleting Files \ Folders ====================== C:\PROGRA~2\hpmonitor not found C:\ProgramData\marketcomiparrE deleted C:\ProgramData\nicedeal deleted C:\ProgramData\browse2buy deleted C:\PROGRA~3\focpklcfkooikeffbbeampjiedojogal deleted C:\PROGRA~3\3867d032645db2f9 deleted C:\PROGRA~3\Premium deleted C:\Users\Gebruiker\AppData\LocalLow\Conduit deleted C:\Users\Gebruiker\daemonprocess.txt deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\dosearches.xml deleted C:\PROGRA~2\DealPly deleted C:\PROGRA~2\PC Speed Up deleted C:\PROGRA~2\SpeedItup Free deleted C:\Users\Gebruiker\AppData\Roaming\appdataFr2.bin deleted C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk deleted C:\Users\Gebruiker\AppData\Roaming\BabylonToolbar deleted C:\Users\Gebruiker\AppData\Roaming\GEBRUIKER-PC.MTBF.txt deleted C:\Users\Gebruiker\AppData\Roaming\__AvidCloudManager.log deleted C:\Users\Gebruiker\AppData\Roaming\__AvidCloudManagerPrevious.log deleted C:\PROGRA~3\spds90.txt deleted C:\PROGRA~3\AVG Web TuneUp deleted C:\PROGRA~3\Avg_Update_0215tb deleted C:\PROGRA~3\Avg_Update_0414b deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\AVG Secure Search deleted C:\Users\Gebruiker\AppData\Local\Mobogenie deleted C:\Users\Gebruiker\AppData\Local\cache deleted C:\Users\Gebruiker\AppData\Local\Babylon deleted C:\Users\Gebruiker\Downloads\avg_free_stb_all_2015_5557_cnet.exe deleted C:\Users\Gebruiker\AppData\LocalLow\AVG Web TuneUp deleted C:\Users\Gebruiker\AppData\LocalLow\ElectroLyrics-16 deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job deleted C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Gebruiker\Documents\Mobogenie deleted C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\tjc1dnnz.default\extensions\staged deleted "C:\Windows\Installer\3378fc.msi" deleted "C:\Windows\Installer\3378fc.msi" deleted "C:\Users\Gebruiker\AppData\Roaming\Booms" deleted "C:\Users\Gebruiker\AppData\Roaming\Breath Pad" deleted "C:\Users\Gebruiker\AppData\Roaming\Brother" deleted "C:\ProgramData\Bundle" deleted "C:\ProgramData\CIOSupport" deleted "C:\ProgramData\CMMs" deleted "C:\PROGRA~2\AVG Web TuneUp\avgcefrend.exe" deleted "C:\PROGRA~2\AVG Web TuneUp\icudt.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\libcef.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\TBAPI.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\vprot.exe" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\iLivid.exe" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\libeay32.dll" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\msvcp100.dll" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\msvcr100.dll" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\QtCore4.dll" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\QtGui4.dll" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\QtNetwork4.dll" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\QtWebKit4.dll" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\QtXml4.dll" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\ssleay32.dll" deleted "C:\Users\Gebruiker\AppData\Local\AVG Web TuneUp\IE\cef_cache\Cookies" deleted "C:\Users\Gebruiker\AppData\Local\AVG Web TuneUp\IE\cef_cache\data_0" deleted "C:\Users\Gebruiker\AppData\Local\AVG Web TuneUp\IE\cef_cache\data_1" deleted "C:\Users\Gebruiker\AppData\Local\AVG Web TuneUp\IE\cef_cache\data_2" deleted "C:\Users\Gebruiker\AppData\Local\AVG Web TuneUp\IE\cef_cache\data_3" deleted "C:\Users\Gebruiker\AppData\Local\AVG Web TuneUp\IE\cef_cache\index" deleted "C:\PROGRA~2\AVG Web TuneUp\locales\en-US.pak" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.4.0\avgdttbx.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\imageformats\qgif4.dll" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\imageformats\qico4.dll" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\imageformats\qjpeg4.dll" deleted "C:\Users\Gebruiker\AppData\Local\AVG Web TuneUp" deleted "C:\PROGRA~2\AVG Web TuneUp" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\Users\Gebruiker\AppData\Local\iLivid" deleted "C:\Users\Gebruiker\AppData\Local\AVG Web TuneUp\IE" deleted "C:\Users\Gebruiker\AppData\Local\AVG Web TuneUp\IE\cef_cache" deleted "C:\PROGRA~2\AVG Web TuneUp\locales" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.4.0" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.4.0" deleted "C:\Users\Gebruiker\AppData\Local\iLivid\imageformats" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8175 MB CPU Info: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz CPU Speed: 3444,3 MHz Sound Card: Luidsprekers (2- High Definitio | Digitale audio (S/PDIF) (2- Hig | Display Adapters: NVIDIA GeForce GT 220 | NVIDIA GeForce GT 220 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SH-S223C Ports: COM16 | COM18 | COM9 | COM15 | COM17 | COM8 | COM4 | COM3 | COM11 LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 244,0GB | D: 687,4GB Hard Disks - Free: C: 145,1GB | D: 434,9GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 01/20/11 | ALASKA - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: ASRock P67 Extreme4 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated) Internet Explorer Version: 11.0.9600.17691 Adobe Reader version: 10.1.13.16 Sun Java version: 1.8.0_40 (32-bit) Sun Java version: 1.8.0_40 (64-bit) Flash Player version: 16.0.0.305 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== ====== Java Cache ===== 2015-03-29 16:54:42 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-4fc67d8a 2015-03-29 16:54:37 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-3ac7650e 2015-03-29 16:54:37 FDB2D30C6E43B3C1E2C2D655C3748CDC 425 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2015-03-29 16:54:36 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-667a988b 2015-03-29 16:54:37 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-6bc19126 ====== C:\Windows\SysWOW64 ===== 2015-03-29 16:52:52 7A76F83B4DCA86B5DB17D43A5820CF40 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-03-25 06:10:52 EBDE90C94A0671F05AAA0DF2A2139F43 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2015-03-25 06:10:52 EBDBE8037B0BE75B05CBC5DEEE49BA90 677888 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-03-25 06:10:52 E82D241A892C15FB42AB0A3D83C01ACA 414720 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-03-25 06:10:52 B3B9C29F90A10216F13113757BCACAD8 1107456 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-03-25 06:10:52 82009026471290E8A512D1FE2442FDFC 760832 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-03-25 06:10:52 75A43F9EA79BF721DC6D94980F85F87D 943616 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-03-25 06:10:52 4BA77DD4E4894EAF2BCB2D3E0A0B6F7A 30720 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-03-25 06:10:52 1C11E0739B2B354647D292FCDCB7AF8E 192000 ----a-w- C:\Windows\Sysnative\aepic.dll ====== C:\Windows\Sysnative\drivers ===== 2015-03-25 10:21:34 079F75EE36CD275620298DA7D7636006 281056 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys 2015-03-11 06:42:31 ED6E75158D28D33A2E2A020AC5B2B59D 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys 2015-03-11 06:42:26 87BCD1034CBF33537D4D4C251D39BA26 94656 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys 2015-03-11 06:42:20 90C53BD47979FB8814F465A08B885102 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2015-03-11 06:41:37 8BA90F480705D7153AD0060CCA62222A 155576 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-03-11 06:41:37 56ED3EE5FED6BF2FC1305CF872042868 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-03-11 06:41:37 27667A788130A7F7A5858DE27572E6D7 459336 ----a-w- C:\Windows\Sysnative\drivers\cng.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-03-29 15:18:56 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-03-29 16:52:54 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Gebruiker\AppData\Roaming ====== 2015-03-29 16:33:14 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\Sun ====== C:\Users\Gebruiker ====== 2015-03-29 16:28:23 0ED6FD8B4046871E2921C9E3D09343FB 560552 ----a-w- C:\Users\Gebruiker\Downloads\JavaSetup8u40.exe 2015-03-29 15:13:07 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Gebruiker\Desktop\RSITx64.exe ====== C: exe-files == 2015-03-29 16:52:32 A07427A93E1133A7F0F4691CC54B9294 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-03-29 16:52:32 94017ABBDE345580542D8301793EFF7A 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-03-29 16:52:32 30E9397C2F0C8FF128219D6A25E172BB 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-03-29 16:52:28 F95C5163F6D8955BEF59A896C7F7112D 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\unpack200.exe 2015-03-29 16:52:28 DFB1F31DD4A08FA5892886DC7117064A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\rmid.exe 2015-03-29 16:52:28 AF28DAA2B4EB3AD87203202264A2491C 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\klist.exe 2015-03-29 16:52:28 A29B7A1BAD1A1EB608ACF7684F1F1E37 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\tnameserv.exe 2015-03-29 16:52:28 A07427A93E1133A7F0F4691CC54B9294 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\javaws.exe 2015-03-29 16:52:28 946FD6292EAE3FBB93CC3BB01BA8763D 76712 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2launcher.exe 2015-03-29 16:52:28 94017ABBDE345580542D8301793EFF7A 191400 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\javaw.exe 2015-03-29 16:52:28 79B6403F5BD398BB9880F00FAF7C69DA 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe 2015-03-29 16:52:28 7833052815087E5BF9346AC78FDCED68 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssvagent.exe 2015-03-29 16:52:28 751E8649890CC42727D80F8D6DE1F1CB 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\servertool.exe 2015-03-29 16:52:28 7162180C98D1BE5D1315FC05B3C91E9D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\pack200.exe 2015-03-29 16:52:28 689916BDF4F58C7F7AD25F8B3ABB783A 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\rmiregistry.exe 2015-03-29 16:52:28 6031BACB59D93E5ECB4ACDE6E12565EA 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\jabswitch.exe 2015-03-29 16:52:28 3DB4CD42B36FD2C98E9B51E3CBC1670E 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\jjs.exe 2015-03-29 16:52:28 32700B34EE49959FAF64EC46D96B3630 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\ktab.exe 2015-03-29 16:52:28 30E9397C2F0C8FF128219D6A25E172BB 190888 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\java.exe 2015-03-29 16:52:28 2794D464D89260B0316C16A9FE24C660 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\java-rmi.exe 2015-03-29 16:52:28 1FA2D0F07730F502A857BFC63DA6C193 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\kinit.exe 2015-03-29 16:52:28 0A9C7408BADBA5D2C841817C22ACBF07 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\policytool.exe 2015-03-29 16:52:28 08363434BEC1B0AE6420C77820BC12E9 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\orbd.exe 2015-03-29 16:52:28 042B789E469D238D5FA9DEC4241CE3FD 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\bin\keytool.exe 2015-03-29 16:28:23 0ED6FD8B4046871E2921C9E3D09343FB 560552 ----a-w- C:\Users\Gebruiker\Downloads\JavaSetup8u40.exe 2015-03-29 15:18:56 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Gebruiker.exe 2015-03-29 15:13:07 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Gebruiker\Desktop\RSITx64.exe 2015-03-28 12:17:29 AF3F12BD23C0F248995E53B96B4D9A76 70096 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avguirux.exe 2015-03-28 12:17:29 85EA06E302FCB8332E279344FE5B471C 24016 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtesta.exe 2015-03-28 12:17:29 67CC44B392217B6E8DDF2F3277257290 22992 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtestx.exe 2015-03-28 12:17:29 20E969D3E7990BD96941E1AA97842DC9 6325528 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe 2015-03-25 10:34:46 E2FDE8691C03525F095C8D01F005FA97 3416016 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe 2015-03-25 10:29:36 C6C959E1F210A4DB236A8F786DFF08C8 2955728 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe 2015-03-25 10:29:20 9F22AF691BB098BA98951BC3DFDD779A 3723728 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgui.exe 2015-03-25 10:28:12 2BE95C4599C4090FBA81D1510615AECC 786896 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgemca.exe 2015-03-25 10:27:30 8993215C0804A287A35E52AE8386B577 250320 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgcmgr.exe 2015-03-25 10:26:20 A7B4662F1E9ED3D0EFB5C20D70657C36 403736 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe 2015-03-25 10:26:10 46C8BE85E33C995F425BA55B2155DCDA 884176 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgntdumpa.exe 2015-03-25 10:25:40 66E60DF77A96B8A2B78192F5427982BE 1110480 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe 2015-03-25 10:25:30 8C29ED5356B4BF9F59BB8DEF1C945A0A 722896 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgdumpx.exe 2015-03-25 10:25:14 87F8F62858095D8EA0C21750AE1CB4F6 1306576 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe 2015-03-25 10:24:50 E21E319B65B3E40C004077B8B778AC36 865744 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe 2015-03-25 10:24:40 66F7AFB40A4EEFDF0E382D19DCE2866A 338384 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe 2015-03-25 10:24:18 F9D81013E269EF385ACCB63F83CC5ECF 322512 ----a-w- C:\Program Files (x86)\AVG\AVG2015\fixcfg.exe 2015-03-25 10:23:52 87801794E09B4969D9BB433AC6E93D0C 890832 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgdumpa.exe 2015-03-25 10:23:28 9CF71FCEC055A00EBA4AE04E5A0FFB2B 718800 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgntdumpx.exe 2015-03-25 10:23:22 5612A91A0E73B883C13B3E9B10FFEB5A 703440 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgcsrvx.exe 2015-03-25 10:23:00 06F83A75DFF93F8C43E811EFE43917CD 371152 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgcomdlga.exe 2015-03-25 10:22:48 3D311D3110F3BB179DFA048950B5FE41 475600 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgscana.exe 2015-03-25 10:21:40 DCF350D917112A03D3CDC33C8ADEA87A 309232 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe 2015-03-25 10:21:34 25BB20DC170EA8B638288127C21BB61A 408016 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgscanx.exe 2015-03-25 06:10:52 F22794B93C9FC55A934C1544F9600B43 70832 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe === C: other files == 2015-03-29 16:52:28 9DCBFF045A2A43212A4763C3461A50B9 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_40\lib\deploy\ffjcext.zip 2015-03-28 14:29:09 B06E410EFB36FFAAC6A427463ECE8BBC 27202 ----a-w- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\834CN8F2\jw-cozy[1].zip 2015-03-25 10:37:06 CEF59C1F0BE67B626C91AC2B10938E29 1205445 ----a-w- C:\Program Files (x86)\AVG\AVG2015\banners\banners.zip 2015-03-25 10:23:22 DF448F0C0ABEF60F553FEC5B53A9F540 224736 ----a-w- C:\Program Files (x86)\AVG\AVG2015\Drivers\avgidsdriverx.sys 2015-03-25 10:21:34 079F75EE36CD275620298DA7D7636006 281056 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2015-03-25 10:21:34 079F75EE36CD275620298DA7D7636006 281056 ----a-w- C:\Program Files (x86)\AVG\AVG2015\Drivers\avgidsdrivera.sys 2015-03-25 06:10:52 7EBB5DAD11B1D0B12317A191C8325991 21128 ----a-w- C:\Windows\System32\appraiser\nxquery.sys ======== System Restore Points ======== RP350: 11/03/2015 7:41:59 - Windows Update RP351: 14/03/2015 9:33:58 - Windows Update RP352: 14/03/2015 9:49:57 - Windows Update RP353: 21/03/2015 12:47:10 - Gepland controlepunt RP354: 25/03/2015 7:16:37 - Windows Update RP355: 29/03/2015 18:29:32 - Removed Java 7 Update 51 RP356: 29/03/2015 18:32:30 - Removed Java(TM) 6 Update 30 RP357: 29/03/2015 19:01:33 - zoek.exe restore point ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1755704755-2522349076-452139643-1000\Software\Microsoft\Windows\CurrentVersion\Run] "MS Shell Services"="C:\Program Files (x86)\KidLogger\Kidlogger.exe -m" "AVG-Secure-Search-Update_1213b"="C:\Users\Gebruiker\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8bfed51270d347d69a6fd16c646aa1ba-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b" "CAHeadless"="C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" "Facebook Update"="C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "iLivid"="C:\Users\Gebruiker\AppData\Local\iLivid\iLivid.exe -autorun" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "BePCSC"="C:\Program Files (x86)\EmvSmartCardReader\BePCSC.exe" "SmartMon"="C:\Program Files (x86)\EmvSmartCardReader\SmartMON.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "UpdatePPShortCut"="C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\PowerProducer UpdateWithCreateOnce Software\CyberLink\PowerProducer\5.0" "PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Nikon Message Center 2"="C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" "vProt"="C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MS Shell Services"="C:\Program Files (x86)\KidLogger\Kidlogger.exe -m" "AVG-Secure-Search-Update_1213b"="C:\Users\Gebruiker\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8bfed51270d347d69a6fd16c646aa1ba-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b" "CAHeadless"="C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" "Facebook Update"="C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "iLivid"="C:\Users\Gebruiker\AppData\Local\iLivid\iLivid.exe -autorun" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [06/02/2015 00:15] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1755704755-2522349076-452139643-1000Core.job --a------ C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [22/09/2014 21:06] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1755704755-2522349076-452139643-1000UA.job --a------ C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [22/09/2014 21:06] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/05/2014 19:54] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/05/2014 19:54] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Gebruiker-PC-Gebruiker" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1755704755-2522349076-452139643-1000Core" [C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1755704755-2522349076-452139643-1000UA" [C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\{391563AA-185F-4423-B5C0-E239F97FC14F}" [C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe] "C:\Windows\SysNative\tasks\{C6F8D041-DBC7-4C9F-B88F-D21ED3D11DE3}" [C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe] "C:\Windows\SysNative\tasks\{C6FA5687-EFE9-43E8-AAC0-F43D8FAA3367}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe] "C:\Windows\SysNative\tasks\{CD9F39D5-C097-4AAC-B9E2-FD40238B45BB}" [C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe] "C:\Windows\SysNative\tasks\{E496854C-30F3-458D-A10B-92D805BF1F85}" [C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe] "C:\Windows\SysNative\tasks\{F6074749-1D3A-435B-B7C0-D9DC85F0016C}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?page=tsProgressBar] "C:\Windows\SysNative\tasks\{FADF1553-5364-429A-97EC-484B22AF792E}" [C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe] "C:\Windows\SysNative\tasks\{FDD265E1-0F0D-45F2-B3BB-CDD8E92CF412}" [C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\tjc1dnnz.default user_pref("browser.startup.homepage", "http://microminimus.com/"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "support@2yourface.com"="C:\Program Files (x86)\2YourFace\ffextension" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "support@2yourface.com"="C:\Program Files (x86)\2YourFace\ffextension" [] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lmblfngognklgemafekefcdjcnkdhmdm - C:\Program Files (x86)\2YourFace\2YourFace.crx[] Facebook Login Video Background - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofmneijajkgajeffbphblliaeidahcn Ask Toolbar - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne Docs - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo DropToS - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo Torch Music - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\gcjbdjlojcomlphfchhihkigepfabcad FaceLift - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\gimjmfipknpppbpmkdenjjpfhobiiojk Facebook Login Video Background - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\kofmneijajkgajeffbphblliaeidahcn Torch Helper - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg Torch Music - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed Hola - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\pdehmppfilefbolgganhfihpbmjlgebh Gmail - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Gebruiker\AppData\Local\Torch\User Data\Default\Preferences "homepage": "http://home.torchbrowser.com/?systemid=406&appid=420&ua=Torch&clid={B4555FE2-51E5-41D6-B179-F131FF47E51E}", ==== Chromium Fix ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_customers-research.com_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_customers-research.com_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://mysearch.avg.com/?cid={016354F2-8E20-4543-842B-5AB607D0A284}&mid=8bfed51270d347d69a6fd16c646aa1ba-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0215tb&pr=fr&d=2014-12-10 19:37:19&v=4.1.0.411&pid=wtu&sg=&sap=hp" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=WDCXWD1002FAEX-007BA0_WD-WMAY0060104701047&ts=1383765402&type=default&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=WDCXWD1002FAEX-007BA0_WD-WMAY0060104701047&ts=1383765402&type=default&q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" ==== Reset Google Chrome ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Gebruiker\AppData\Local\Torch\User Data\Default\Preferences was reset successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\Gebruiker\AppData\Local\Torch\User Data\Default\Web Data was reset successfully C:\Users\Gebruiker\AppData\Local\Torch\User Data\Default\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1755704755-2522349076-452139643-1000\Software\Mozilla\Firefox\Extensions\support@2yourface.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\support@2yourface.com deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Default\Desktop\Cyberlink PowerProducer.lnk - C:\Program Files (x86)\CyberLink\PowerProducer\Producer.exe C:\Users\Default User\Desktop\Cyberlink PowerProducer.lnk - C:\Program Files (x86)\CyberLink\PowerProducer\Producer.exe C:\Users\Gebruiker\Desktop\Adobe Photoshop Elements 12.lnk - C:\Program Files (x86)\Adobe\Elements 12 Organizer\Photoshop Elements 12.0.exe C:\Users\Gebruiker\Desktop\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe C:\Users\Gebruiker\Desktop\Cyberlink PowerProducer.lnk - C:\Program Files (x86)\CyberLink\PowerProducer\Producer.exe C:\Users\Gebruiker\Desktop\HiJackThis.lnk - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe C:\Users\Gebruiker\Desktop\Popcorn Time.lnk - C:\Users\Gebruiker\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe . C:\Users\Gebruiker\Desktop\Scratch.lnk - C:\Program Files (x86)\Scratch\Scratch.exe "C:\Program Files (x86)\Scratch\Scratch.image" C:\Users\Gebruiker\Desktop\µTorrent.lnk - C:\Users\UpdatusUser\Desktop\Cyberlink PowerProducer.lnk - C:\Program Files (x86)\CyberLink\PowerProducer\Producer.exe C:\Users\UpdatusUser\Desktop\Scratch.lnk - C:\Program Files (x86)\Scratch\Scratch.exe "C:\Program Files (x86)\Scratch\Scratch.image" ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Download Assistant.lnk - C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe C:\Users\Public\Desktop\Adobe Reader X .lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Users\Public\Desktop\AVG 2015.lnk - C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\Users\Public\Desktop\CyberLink PowerDirector.lnk - C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.exe C:\Users\Public\Desktop\eID-Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Lightroom 5.3 64-bits.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Pinnacle Studio 16.lnk - C:\Program Files (x86)\Pinnacle\Studio 16\programs\PinnacleStudio.EXE C:\Users\Public\Desktop\PMB Help.lnk - C:\Program Files (x86)\Sony\PMB\help\PMBHelp.chm C:\Users\Public\Desktop\PMB Launcher.lnk - C:\Program Files (x86)\Sony\PMB\PMBLauncher.exe C:\Users\Public\Desktop\PMB.lnk - C:\Program Files (x86)\Sony\PMB\PMBBrowser.exe C:\Users\Public\Desktop\Popcorn Time.lnk - C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe --no-proxy-server C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\Sunny Explorer.lnk - C:\Program Files (x86)\SMA\Sunny Explorer\SunnyExplorer.exe C:\Users\Public\Desktop\Tuyttens.lnk - F:\Tuyttens\Tuyttens.exe C:\Users\Public\Desktop\ViewNX 2.lnk - C:\Program Files (x86)\Nikon\ViewNX 2\ViewNX2.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X .lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AA1000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2015.lnk - C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - ==== shortcuts in Quick Launch ====================== C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=sc&from=amt&uid=WDCXWD1002FAEX-007BA0_WD-WMAY0060104701047&ts=1383765402 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE /recycle C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=sc&from=amt&uid=WDCXWD1002FAEX-007BA0_WD-WMAY0060104701047&ts=1383765402 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sunny Explorer.lnk - C:\Program Files (x86)\SMA\Sunny Explorer\SunnyExplorer.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office PowerPoint 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Uninstall List x64 ====================== æTorrent [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}] Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR] Adobe Flash Player 16 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Adobe Flash Player 16 NPAPI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] Adobe Photoshop Elements 12 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{777B751F-C904-4BD7-8DFF-81F97A3C0BC5}] Adobe Photoshop Elements 12 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop Elements 12] Adobe Photoshop Lightroom 5.6 64-bit [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}] Adobe Reader X (10.1.13) - Nederlands [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1043-7B44-AA1000000001}] Apple Application Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}] Apple Mobile Device Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2F72F540-1F60-4266-9506-952B21D6640D}] Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}] AVG 2015 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4FA46463-669C-4DDB-B444-DCB99C0E4CFA}] AVG 2015 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BFF39616-37B5-4F4D-85D2-78228840A48A}] AVG 2015 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG] AVG Web TuneUp [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp] BabylonObjectInstaller [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}] Belgium e-ID middleware 3.5.6 (build 6954) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{824563DE-75AD-4166-9DC0-B6482F206954}] Bonjour [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}] browse2buy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D11ED002-6B5F-0D8B-FFCE-C72742F2ABA3}] Conceptronic 300N Wireless Adapter (v3.0) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}] ConvertXtoDVD 4.1.19.365 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1] Creative Pack Volume 1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}] CyberLink PhotoNow [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D36DD326-7280-11D8-97C8-000129760CBE}] CyberLink PhotoNow [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}] CyberLink PowerDirector [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] CyberLink PowerDirector [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] CyberLink PowerProducer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B7A0CE06-068E-11D6-97FD-0050BACBF861}] CyberLink PowerProducer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}] eastobuy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D8A1935D-51FD-3756-66BB-245293F64ED9}] Elements 12 Organizer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D80A7B7-DC01-485D-AE93-710D559B5C56}] Etron USB3.0 Host Controller [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}] Etron USB3.0 Host Controller [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}] Facebook Video Calling 3.1.0.521 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2091F234-EB58-4B80-8C96-8EB78C808CF7}] Filmmaker's Toolkit for Studio [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CF172C5-F121-41FA-B0B0-0D49840BF003}] Filmmaker's Toolkit for Studio [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{4CF172C5-F121-41FA-B0B0-0D49840BF003}] Google Earth [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] Hamster Free Video Converter [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1] HiJackThis [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45A66726-69BC-466B-A7A4-12FCBA4883D7}] Hollywood FX Volumes 1-3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3D181F8-246B-497F-945E-6DB98CBA6677}] iCloud [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{704C0303-D20C-45AF-BD2B-556EAF31BE09}] Intel(R) Management Engine Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}] iTunes [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{76FF0F03-B707-4332-B5D1-A56C8303514E}] Java 8 Update 40 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218040F0}] K-Lite Codec Pack 10.6.5 Basic [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KLiteCodecPack_is1] KidLogger 5.6.11 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KidLogger_is1] marketcomiparrE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7D367FDF-8E9F-EE67-25C5-ECABBBAD5692}] marvell 91xx driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MagniDriver] Microsoft .NET Framework 4.5.1 (Nederlands) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043] Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9EBB0AF2-4AD2-3ABA-95EF-977EBEA1CB09}] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft Office Enterprise 2007 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}] Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}] MKV Player 2.0.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MKV Player_is1] Motion Graphics Toolkit for Studio [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}] Motion Graphics Toolkit for Studio [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}] MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}] MSXML 4.0 SP3 Parser (KB2721691) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}] MSXML 4.0 SP3 Parser (KB2758694) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}] MSXML 4.0 SP3 Parser [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{196467F1-C11F-4F76-858B-5812ADC83B94}] nicedeal [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AED1B7A5-67A5-84A5-B646-E3541CE0BB5F}] Nikon File Uploader 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}] Nikon Message Center 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B014EE44-9197-4513-9613-71E6EB1B514E}] NVIDIA-configuratiescherm 311.06 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel] NVIDIA 3D Vision stuurprogramma 311.06 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] NVIDIA Grafisch stuurprogramma 311.06 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] NVIDIA HD Audio-stuurprogramma 1.1.13.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] NVIDIA Install Application [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] NVIDIA PhysX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}] NVIDIA PhysX systeemsoftware 9.10.0514 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] NVIDIA Stereoscopic 3D Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIAStereo] NVIDIA Update 1.11.3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] NVIDIA Update Components [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update] Pando Media Booster [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{980A182F-E0A2-4A40-94C1-AE0C1235902E}] Picasa 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Picasa 3] Picture Control Utility [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87441A59-5E64-4096-A170-14EFE67200C3}] Pinnacle Studio 16 - Install Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}] Pinnacle Studio 16 - Standard Content Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}] Pinnacle Studio 16 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}] Pinnacle videodriver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6DE721A5-5E89-4D74-994C-652BB3C0672E}] PMB [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}] Popcorn Time [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Popcorn Time_is1] Premium Pack Volumes 1-2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{88C4D8A6-9954-46A0-965D-92E55DAB8734}] PSE12 STI Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}] PVSonyDll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}] QuickTime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B67BAFBA-4C9F-48FA-9496-933E3B255044}] Realtek Ethernet Controller Driver For Windows 7 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] ScoreFitter Volumes 1-2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}] Scratch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Scratch] Skype Click to Call [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6CF2967-C81E-40C0-9815-C05774FEF120}] SkypeT 6.11 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}] SmartCard Reader Driver Installation [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C6D91586-9F98-4CFD-9BC3-FC0800911005}] SmartCard Reader Driver Installation [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C6D91586-9F98-4CFD-9BC3-FC0800911005}] Stuurprogrammapakket voor Windows - Fedict SmartCard (12/08/2009 4.0.0.3) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\C22EC48700B9B9C08DDC2C12DA3BD6F8EA0DFFDE] Sunny Explorer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F0C8CCB-53C7-4E86-B106-15517D35CE14}] Title Extreme [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F7214014-27EE-4237-9978-2F9D1551559B}] Tuyttens [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Tuyttens] Video2Go Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TVEpaDrv] ViewNX 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}] Visual Studio 2008 x64 Redistributables [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}] Visual Studio 2010 x64 Redistributables [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{21B133D6-5979-47F0-BE1C-F6A6B304693F}] Visual Studio 2012 x64 Redistributables [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}] Visual Studio 2012 x86 Redistributables [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}] ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D4D68D1-2588-0A3D-91F1-328009F79B5C} deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lmblfngognklgemafekefcdjcnkdhmdm deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7D367FDF-8E9F-EE67-25C5-ECABBBAD5692} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AED1B7A5-67A5-84A5-B646-E3541CE0BB5F} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D11ED002-6B5F-0D8B-FFCE-C72742F2ABA3} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D8A1935D-51FD-3756-66BB-245293F64ED9} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [BePCSC] C:\Program Files (x86)\EmvSmartCardReader\BePCSC.exe O4 - HKLM\..\Run: [SmartMon] C:\Program Files (x86)\EmvSmartCardReader\SmartMON.exe O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [MS Shell Services] C:\Program Files (x86)\KidLogger\Kidlogger.exe -m O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\Gebruiker\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8bfed51270d347d69a6fd16c646aa1ba-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b O4 - HKCU\..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [iLivid] "C:\Users\Gebruiker\AppData\Local\iLivid\iLivid.exe" -autorun O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (file missing) O23 - Service: Adobe Active File Monitor V12 (AdobeActiveFileMonitor12.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Conceptronic\Common\RaRegistry.exe O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Conceptronic\Common\RaRegistry64.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: Update service - Company - C:\Program Files (x86)\Popcorn Time\Updater.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} MS Shell Services = C:\Program Files (x86)\KidLogger\Kidlogger.exe -m [Tesline-service] AVG-Secure-Search-Update_1213b = C:\Users\Gebruiker\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8bfed51270d347d69a6fd16c646aa1ba-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b [file not found] CAHeadless = C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [Adobe Systems Incorporated] Facebook Update = "C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [Facebook Inc.] iLivid = "C:\Users\Gebruiker\AppData\Local\iLivid\iLivid.exe" -autorun [file not found] QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} AdobeAAMUpdater-1.0 = "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [Adobe Systems Incorporated] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} GrooveMonitor = "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [MS] Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] BePCSC = C:\Program Files (x86)\EmvSmartCardReader\BePCSC.exe [null data] SmartMon = C:\Program Files (x86)\EmvSmartCardReader\SmartMON.exe [null data] beid = "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup [Belgian Government] UpdatePPShortCut = "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [CyberLink Corp.] PMBVolumeWatcher = C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [Sony Corporation] APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.] Nikon Message Center 2 = C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s [Nikon Corporation] QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.] iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.] AVG_UI = "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.] vProt = "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" [file not found] SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [Oracle Corporation] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM...Wow...CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM...CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgsea.dll [AVG Technologies CZ, s.r.o.] {c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider -> {HKLM...CLSID} = Icaros Thumbnail Provider \InProcServer32\(Default) = C:\Program Files (x86)\K-Lite Codec Pack\Icaros\IcarosThumbnailProvider.dll [Tabibito Technology] {0c08e2bb-d10b-4cc9-b1b3-701f5be9d6ec} = IcarosPropertyHandler -> {HKLM...CLSID} = IcarosPropertyHandler.IcarosPropertyHandler \InProcServer32\(Default) = mscoree.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...Wow...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...Wow...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...Wow...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...Wow...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler -> {HKLM...Wow...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler -> {HKLM...Wow...CLSID} = Microsoft Office Outlook \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL [MS] {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search -> {HKLM...Wow...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension -> {HKLM...Wow...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgse.dll [AVG Technologies CZ, s.r.o.] {c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider -> {HKLM...Wow...CLSID} = Icaros Thumbnail Provider \InProcServer32\(Default) = C:\Program Files (x86)\K-Lite Codec Pack\Icaros\32-bit\IcarosThumbnailProvider.dll [Tabibito Technology] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgsea.dll [AVG Technologies CZ, s.r.o.] -> {HKLM...Wow...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgse.dll [AVG Technologies CZ, s.r.o.] PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE} -> {HKLM...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [null data] -> {HKLM...Wow...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll [Apple Inc.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgsea.dll [AVG Technologies CZ, s.r.o.] -> {HKLM...Wow...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgse.dll [AVG Technologies CZ, s.r.o.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AdobePhotoshopElements12ShowPicturesOnArrival\ Provider = Adobe Elements Organizer 12.0 InvokeProgID = PhotoshopElements.Application.12 InvokeVerb = launch HKLM\SOFTWARE\Classes\PhotoshopElements.Application.12\shell\launch\command\(Default) = "C:\Program Files (x86)\Adobe\Elements 12 Organizer\PseProxy.exe" -v "%1" [Adobe Systems Incorporated] iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] Lightroom5BetaAutoPlayHandler64\ Provider = Adobe Photoshop Lightroom 5.0 64 InvokeProgID = Adobe.AdobeLightroom64 InvokeVerb = open HKLM\SOFTWARE\Classes\Adobe.AdobeLightroom64\shell\open\command\(Default) = C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\Lightroom.exe "%L" [Adobe Systems] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] Nikon Transfer 2\ Provider = Nikon Transfer 2 InvokeProgID = Nikon Transfer 2 InvokeVerb = open HKLM\SOFTWARE\Classes\Nikon Transfer 2\shell\open\command\(Default) = C:\Program Files (x86)\Nikon\ViewNX 2\Nikon Transfer 2\NktTransfer2.exe /D=%L [Nikon Corporation] PDirDVArrival\ Provider = PowerDirector ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.exe" /DV HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] Picasa2ImportPicturesOnArrival\ Provider = Picasa3 InvokeProgID = picasa2.autoplay InvokeVerb = import HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "%1" [Google Inc.] SonyPMBImportPicturesOnArrival\ Provider = PMB InvokeProgID = SonyPMB.VolumeAutoPlay InvokeVerb = launch HKLM\SOFTWARE\Classes\SonyPMB.VolumeAutoPlay\shell\launch\command\(Default) = C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe /autoplay /path %1 [Sony Corporation] WIA_{200B9C1A-561B-4A3B-8882-D194C1CA6F65}\ Provider = Nikon Transfer 2 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\Nikon\ViewNX 2\Nikon Transfer 2\NktTransfer2.exe; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] AdobeAAMUpdater-1.0-Gebruiker-PC-Gebruiker -> launches: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled [Adobe Systems Incorporated] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] FacebookUpdateTaskUserS-1-5-21-1755704755-2522349076-452139643-1000Core -> launches: C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver [Facebook Inc.] FacebookUpdateTaskUserS-1-5-21-1755704755-2522349076-452139643-1000UA -> launches: C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler [Facebook Inc.] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] SidebarExecute -> launches: C:\Program Files\Windows Sidebar\sidebar.exe /addGadget [MS] {391563AA-185F-4423-B5C0-E239F97FC14F} -> launches: C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe [file not found] {97EFA6D4-4C9B-4E24-97A7-C28B4CB9D899} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge [MS] {C6F8D041-DBC7-4C9F-B88F-D21ED3D11DE3} -> launches: C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe [file not found] {C6FA5687-EFE9-43E8-AAC0-F43D8FAA3367} -> launches: C:\Program Files (x86)\Skype\\Phone\Skype.exe [Skype Technologies S.A.] {CD9F39D5-C097-4AAC-B9E2-FD40238B45BB} -> launches: C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe [file not found] {E496854C-30F3-458D-A10B-92D805BF1F85} -> launches: C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe [file not found] {F6074749-1D3A-435B-B7C0-D9DC85F0016C} -> launches: "c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?page=tsProgressBar [MS] {FADF1553-5364-429A-97EC-484B22AF792E} -> launches: C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe [file not found] {FDD265E1-0F0D-45F2-B3BB-CDD8E92CF412} -> launches: C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe [file not found] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] 000000000008\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] 000000000008\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoeken Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = Verz&enden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call MenuText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...Wow...CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...Wow...CLSID} = &Onderzoeken \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Adobe Active File Monitor V12, AdobeActiveFileMonitor12.0, C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [Adobe Systems Incorporated] Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] AVG WatchDog, avgwd, "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.] AVGIDSAgent, AVGIDSAgent, "C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe" [AVG Technologies CZ, s.r.o.] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] Cyberlink RichVideo Service(CRVS), RichVideo, "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [empty string] iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] NVIDIA Stereoscopic 3D Driver Service, Stereo Service, "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [NVIDIA Corporation] PMBDeviceInfoProvider, PMBDeviceInfoProvider, "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [Sony Corporation] Ralink Registry Writer, RalinkRegistryWriter, C:\Program Files (x86)\Conceptronic\Common\RaRegistry.exe [Ralink Technology, Corp.] Ralink Registry Writer 64, RalinkRegistryWriter64, C:\Program Files (x86)\Conceptronic\Common\RaRegistry64.exe [Ralink Technology, Corp.] UMVPFSrv, UMVPFSrv, C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [Logitech Inc.] Update service, Update service, C:\Program Files (x86)\Popcorn Time\Updater.exe [Company] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ HPCLJ1600LM\Driver = zlhp1600.dll [null data] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Gebruiker\AppData\Local\Torch\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3379 folders=545 352410778 bytes) ==== Empty Temp Folders ====================== C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~2\AVG Web TuneUp" not found ==== EOF on zo 29/03/2015 at 19:24:50,72 ======================