Zoek.exe v5.0.0.0 Updated 23-04-2015 Tool run by Yves on vr 01/05/2015 at 23:07:40,30. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Yves\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe C:\Program Files\XTab\ProtectService.exe C:\Windows\system32\SecUPDUtilSvc.exe C:\Program Files\Assets Manager\smdmf\SmdmFService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\XTab\cmdshell.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Yves\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\ctfmon.exe ==== System Restore Info ====================== 1/05/2015 23:11:46 Zoek.exe System Restore Point Created Successfully. ==== Windows Installer Info ====================== Adobe Acrobat 7.0 Professional - English, Fran‡ais, Deutsch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA3301004F7706000000000020]C:\Windows\Installer\5c8ed.msi Belgium e-ID middleware 4.0.7 (build 7466) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ED365428DA576614D90C6B84F2024766]C:\Windows\Installer\7d523e.msi CameraHelperMsi [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\10743651ECAB9444B8525176ADC8F93D]C:\Windows\Installer\10176e.msi Evernote v. 5.8.5 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CE52CDE5669D4E11E9C50061E3897E6D]C:\Windows\Installer\5579cab.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\4748ab.msi Image Resizer for Windows [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F17B5826A066B8748A677C6EA676E8A6]C:\Windows\Installer\6b86b5.msi Java 8 Update 45 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF2381208540F]C:\Windows\Installer\67d70.msi LWS Facebook [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\591761FF4EE90C64C87DBF3A54E788BA]C:\Windows\Installer\10177e.msi LWS Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3CE67F61B43E63479BF845CD8B7DEDC]C:\Windows\Installer\101786.msi LWS Help_main [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E6121561DA7E0524291ABFE86D31199C]C:\Windows\Installer\10175e.msi LWS Launcher [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3AF8C38AE4F4C6438293DEC5373836D]C:\Windows\Installer\10178e.msi LWS Motion Detection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F3D66E17900ABA447848572E18B94AAB]C:\Windows\Installer\101796.msi LWS Pictures And Video [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\89201680EA92B5443BD7FEEB50089276]C:\Windows\Installer\10179e.msi LWS Twitter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\13B3A47134C4DD3468F6379CBD88B784]C:\Windows\Installer\1017a6.msi LWS Webcam Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\472D7398182C4E24C8BD0A2BFD791998]C:\Windows\Installer\101766.msi LWS WLM Plugin [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B67AEAD9F05E27245A5910428E6255D3]C:\Windows\Installer\1017ae.msi LWS YouTube Plugin [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4920FD12D9B61474BAF62BBABF2D83E7]C:\Windows\Installer\1017b6.msi Microsoft .NET Framework 4.5.2 (NLD) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6962609F78B5CC9309ECAD52669862D2]C:\Windows\Installer\113af82.msi Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\65FC11932FE9AB9348A62CB73DDC6058]C:\Windows\Installer\c989d5.msi Microsoft Office Access MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109510031400000000000F01FEC]C:\Windows\Installer\152f57.msi Microsoft Office Excel MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109610031400000000000F01FEC]C:\Windows\Installer\152f14.msi Microsoft Office Groove MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109AB0031400000000000F01FEC]C:\Windows\Installer\152f1c.msi Microsoft Office InfoPath MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109440031400000000000F01FEC]C:\Windows\Installer\152f67.msi Microsoft Office OneNote MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000041091A0031400000000000F01FEC]C:\Windows\Installer\152f5f.msi Microsoft Office Outlook MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10031400000000000F01FEC]C:\Windows\Installer\152f25.msi Microsoft Office PowerPoint MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109810031400000000000F01FEC]C:\Windows\Installer\152f0b.msi Microsoft Office Professional Plus 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109110000000000000000F01FEC]C:\Windows\Installer\152f83.msi Microsoft Office Proof (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10031400000000000F01FEC]C:\Windows\Installer\152f2d.msi Microsoft Office Proof (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC]C:\Windows\Installer\152f45.msi Microsoft Office Proof (French) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC]C:\Windows\Installer\152f3d.msi Microsoft Office Proof (German) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC]C:\Windows\Installer\152f35.msi Microsoft Office Proofing (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109C20031400000000000F01FEC]C:\Windows\Installer\152f4d.msi Microsoft Office Publisher MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109910031400000000000F01FEC]C:\Windows\Installer\152f70.msi Microsoft Office Shared MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60031400000000000F01FEC]C:\Windows\Installer\152f03.msi Microsoft Office Word MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109B10031400000000000F01FEC]C:\Windows\Installer\152f79.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]C:\Windows\Installer\ce37a6.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]C:\Windows\Installer\2e9ce2.msi Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]C:\Windows\Installer\dbb4b.msi Microsoft Visual Studio 2010 Tools for Office Runtime (x86) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3FB95CD427D08EC3FBFEE1F8FA86E90B]C:\Windows\Installer\dbb8e.msi Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5A26EE4DCB4BC6C3C99F80A3CF542F10]C:\Windows\Installer\dbba7.msi SkypeT 7.3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0AB19942EE0FDA44C98CE55CA0CE6F7B]C:\Windows\Installer\1bee5fd.msi ==== Empty Folders Check ====================== C:\Program Files\Driver Tool deleted successfully C:\Program Files\InstallShield Installation Information deleted successfully C:\Program Files\LinkSystem deleted successfully C:\Program Files\oTweak deleted successfully C:\Program Files\ReactorSubs deleted successfully C:\PROGRA~2\Skype deleted successfully C:\PROGRA~2\WinZip deleted successfully C:\Users\Yves\AppData\Roaming\AdobeUM deleted successfully C:\Users\Yves\AppData\Roaming\driver deleted successfully C:\Users\Yves\AppData\Roaming\Opera Software deleted successfully C:\Users\Yves\AppData\Local\Opera Software deleted successfully ==== Checking Systemdrive for Symlinks ====================== Het volume in station C heeft geen naam. Het volumenummer is 6888-E339 Map van C:\ 14/07/2009 06:53 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\ProgramData 14/07/2009 06:53 Application Data [C:\ProgramData] 14/07/2009 06:53 Desktop [C:\Users\Public\Desktop] 14/07/2009 06:53 Documents [C:\Users\Public\Documents] 14/07/2009 06:53 Favorites [C:\Users\Public\Favorites] 14/07/2009 06:53 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 06:53 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\ProgramData\Oracle\Java\javapath 19/04/2015 07:39 java.exe [C:\Program Files\Java\jre1.8.0_45\bin\java.exe] 19/04/2015 07:39 javaw.exe [C:\Program Files\Java\jre1.8.0_45\bin\javaw.exe] 19/04/2015 07:39 javaws.exe [C:\Program Files\Java\jre1.8.0_45\bin\javaws.exe] 3 bestand(en) 0 bytes Map van C:\Users 14/07/2009 06:53 All Users [C:\ProgramData] 14/07/2009 06:53 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 14/07/2009 06:53 Application Data [C:\ProgramData] 14/07/2009 06:53 Desktop [C:\Users\Public\Desktop] 14/07/2009 06:53 Documents [C:\Users\Public\Documents] 14/07/2009 06:53 Favorites [C:\Users\Public\Favorites] 14/07/2009 06:53 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 06:53 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Oracle\Java\javapath 19/04/2015 07:39 java.exe [C:\Program Files\Java\jre1.8.0_45\bin\java.exe] 19/04/2015 07:39 javaw.exe [C:\Program Files\Java\jre1.8.0_45\bin\javaw.exe] 19/04/2015 07:39 javaws.exe [C:\Program Files\Java\jre1.8.0_45\bin\javaws.exe] 3 bestand(en) 0 bytes Map van C:\Users\Default 14/07/2009 06:53 Application Data [C:\Users\Default\AppData\Roaming] 14/07/2009 06:53 Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 14/07/2009 06:53 Local Settings [C:\Users\Default\AppData\Local] 14/07/2009 06:53 My Documents [C:\Users\Default\Documents] 14/07/2009 06:53 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 14/07/2009 06:53 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14/07/2009 06:53 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14/07/2009 06:53 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 14/07/2009 06:53 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14/07/2009 06:53 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Local 14/07/2009 06:53 Application Data [C:\Users\Default\AppData\Local] 14/07/2009 06:53 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14/07/2009 06:53 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Default\Documents 14/07/2009 06:53 My Music [C:\Users\Default\Music] 14/07/2009 06:53 My Pictures [C:\Users\Default\Pictures] 14/07/2009 06:53 My Videos [C:\Users\Default\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 14/07/2009 06:53 My Music [C:\Users\Public\Music] 14/07/2009 06:53 My Pictures [C:\Users\Public\Pictures] 14/07/2009 06:53 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Yves 30/03/2015 19:22 Application Data [C:\Users\Yves\AppData\Roaming] 30/03/2015 19:22 Cookies [C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Cookies] 30/03/2015 19:22 Local Settings [C:\Users\Yves\AppData\Local] 30/03/2015 19:22 My Documents [C:\Users\Yves\Documents] 30/03/2015 19:22 NetHood [C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 30/03/2015 19:22 PrintHood [C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 30/03/2015 19:22 Recent [C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Recent] 30/03/2015 19:22 SendTo [C:\Users\Yves\AppData\Roaming\Microsoft\Windows\SendTo] 30/03/2015 19:22 Start Menu [C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu] 30/03/2015 19:22 Templates [C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Yves\AppData\Local 30/03/2015 19:22 Application Data [C:\Users\Yves\AppData\Local] 30/03/2015 19:22 History [C:\Users\Yves\AppData\Local\Microsoft\Windows\History] 30/03/2015 19:22 Temporary Internet Files [C:\Users\Yves\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 6 bestand(en) 0 bytes 47 map(pen) 374.746.087.424 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1173886604-103056793-2151736865-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-1173886604-103056793-2151736865-1003\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully HKEY_USERS\S-1-5-21-1173886604-103056793-2151736865-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-1173886604-103056793-2151736865-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} deleted successfully HKEY_USERS\S-1-5-21-1173886604-103056793-2151736865-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully HKEY_USERS\S-1-5-21-1173886604-103056793-2151736865-1003\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Acrobat 7.0 Professional - English, Fran‡ais, Deutsch Adobe Acrobat 7.1.0 Professional - English, Fran‡ais, Deutsch Adobe Flash Player 17 NPAPI Assets Manager Avast Free Antivirus Belgium e-ID middleware 4.0.7 (build 7466) CameraHelperMsi CinemaPlus-3.2cV27.04 Common Desktop Agent Definition Update for Microsoft Office 2010 (KB2965299) 32-Bit Edition DYMO Label v.8 erLT Evernote v. 5.8.5 Google Chrome Google Update Helper Image Resizer for Windows Internet Speed Checker Java 8 Update 45 Java Auto Updater Logitech-webcamsoftware LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Magical Jelly Bean KeyFinder Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft .NET Framework 4.5.2 (NLD) Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD MozBackup 1.5.1 Mozilla Firefox 37.0.2 (x86 nl) Mozilla Maintenance Service Mozilla Thunderbird 31.6.0 (x86 nl) NVIDIA-configuratiescherm 340.52 NVIDIA Grafisch stuurprogramma 340.52 NVIDIA Install Application NVIDIA Stereoscopic 3D Driver PC Wizard 2013.2.12 Samsung CLP-360 Series Samsung Easy Printer Manager Samsung Easy Wireless Setup Samsung Printer Diagnostics Samsung Printer Live Update Samsung Universal Print Driver 2 Security Update for Microsoft .NET Framework 4.5.2 (KB2972107) Security Update for Microsoft .NET Framework 4.5.2 (KB2972216) Security Update for Microsoft .NET Framework 4.5.2 (KB2978128) Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2) Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2889839) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2956073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553428) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition SkypeT 7.3 Stuurprogrammapakket voor Windows - Fedict SmartCard (04/30/2014 4.0.7.5) Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD Tango Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition Update for Microsoft Office 2010 (KB2920813) 32-Bit Edition Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition Update for Microsoft Office 2010 (KB2956191) 32-Bit Edition Update for Microsoft Office 2010 (KB2965235) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2965295) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2956190) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2881025) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition WinRAR 5.21 (32-bit) Xperience ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bodocifu deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\bodocifu deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rypuvimi deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rypuvimi deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SmdmFService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\f4vdwijy.default user.js not found ---- Lines mystart removed from prefs.js ---- user_pref("browser.search.searchengine.alias", "mystartsearch"); user_pref("browser.search.searchengine.iconURL", "http://www.mystartsearch.com/web/favicon.ico"); user_pref("browser.search.searchengine.name", "mystartsearch"); user_pref("browser.search.searchengine.url", "http://www.mystartsearch.com/web/?type=dspp&ts=1430160430&from=wpc&uid=HitachiXHDT721010SLA360_STF601MR1 user_pref("browser.startup.homepage", "http://www.mystartsearch.com/?type=hppp&ts=1430160430&from=wpc&uid=HitachiXHDT721010SLA360_STF601MR1P6AGP1P6AGP ---- Lines WebSearch removed from prefs.js ---- user_pref("browser.search.hiddenOneOffs", "Bing,bol.com,DuckDuckGo,Marktplaats.nl,Wikipedia (nl),WebSearch,default-search.net,Google (avast)"); ---- Lines quick_start removed from prefs.js ---- user_pref("extensions.quick_start.enable_search1", false); user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); ---- Lines Sweet removed from prefs.js ---- user_pref("extensions.sweetsearch@gmail.com.install-event-fired", true); user_pref("extensions.xpiState", "{\"app-profile\":{\"deskcam@paolo.minasi\":{\"d\":\"C:\\\\Users\\\\Yves\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\ ---- Lines extensions.42l7n0FJk6vOsGXF removed from prefs.js ---- user_pref("extensions.42l7n0FJk6vOsGXF.epoch", "1430248086"); user_pref("extensions.42l7n0FJk6vOsGXF.url", "http://storageinstallbardirectory.in/sync2/?q=hfZ9oemMC7n5hShEAen0rTsFpdkMg708BNmGWj8cmihGheDUojw8rdnGqH ---- Lines extensions.6K3HlDI3tMuUXnRG removed from prefs.js ---- user_pref("extensions.6K3HlDI3tMuUXnRG.epoch", "1430246872"); user_pref("extensions.6K3HlDI3tMuUXnRG.url", "http://transferbox.us/sync2/?q=hfZ9oemMC7n5hShEAen0rTw9qihTB6lKDzt4oktxtNtVh7n0rjkEqds6rjY9qdn9tMFHhd9Fq ---- Lines extensions.TEBXl0yVoY2a7c8A removed from prefs.js ---- user_pref("extensions.TEBXl0yVoY2a7c8A.epoch", "1430246871"); user_pref("extensions.TEBXl0yVoY2a7c8A.url", "http://drinkbill.net/sync2/?q=hfZ9ofV9CShEAen0rTw9qihTB6lKDzt4oktxtNtVh7n0rjkEqds6rjY9qjaEtMFHhd9Fqja9rT ---- FireFox user.js and prefs.js backups ---- prefs_20150105_2339_.backup ProfilePath: C:\Users\Yves\AppData\Roaming\Thunderbird\Profiles\n02ohsly.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20150105_2339_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Deleting Files \ Folders ====================== C:\Program Files\Driver Tool not found C:\Program Files\InstallShield Installation Information not found C:\Program Files\LinkSystem not found C:\Program Files\oTweak not found C:\Program Files\ReactorSubs not found C:\Program Files\0b4eeef2-1f41-4072-b2e7-67675dcbcf92 deleted C:\Program Files\51af9030-e4e9-4b9e-a6e1-64e90c874d2e\82baa454-8f33-408c-8682-f11fb8101e47.dll deleted C:\Program Files\ASUS\18cc8597-1f88-4620-94d5-aa57f9d8f7a8.dll deleted C:\Program Files\CinemaPlus-3.2cV27.04 deleted C:\Program Files\Internet Speed Checker deleted C:\PROGRA~2\{10804c11-b38e-137d-1080-04c11b383046} deleted C:\PROGRA~2\{6006cbc1-7e2f-76fd-6006-6cbc17e22f05} deleted C:\PROGRA~2\{bfc01fc9-d567-d6ca-bfc0-01fc9d567f27} deleted C:\PROGRA~2\15120946446389046901 deleted C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml deleted C:\Program Files\SamsungPrinterLiveUpdateInstaller deleted C:\Program Files\XTab deleted C:\Program Files\51af9030-e4e9-4b9e-a6e1-64e90c874d2e deleted C:\found.000 deleted C:\Users\Yves\AppData\Roaming\EZDownloader deleted C:\Users\Yves\AppData\Roaming\OpenCandy deleted C:\PROGRA~2\IHProtectUpDate deleted C:\PROGRA~2\smdmf deleted C:\PROGRA~2\Package Cache deleted C:\Users\Yves\AppData\Local\8B6410A0-1430169351-11DE-A27F-0026182B9149 deleted C:\Users\Yves\AppData\Local\globalUpdate deleted C:\Windows\System32\drivers\{530c39e5-e979-4143-976a-0407dd0fc0a9}Gw.sys deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\f4vdwijy.default\searchplugins\default-search.xml deleted C:\Users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\f4vdwijy.default\searchplugins\mystartsearch.xml deleted C:\Users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\f4vdwijy.default\searchplugins\WebSearch.xml deleted C:\Users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\f4vdwijy.default\jetpack deleted C:\Users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\f4vdwijy.default\extensions\sweetsearch@gmail.com deleted "C:\Users\Yves\AppData\Roaming\8M6pFzqEnLbtlgHcIHPzcwCFp" deleted "C:\Users\Yves\AppData\Roaming\OsrLDp4iz4" deleted "C:\Users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\f4vdwijy.default\websearches.sqlite" deleted "C:\Program Files\Assets Manager\smdmf\Default-Search.dll" not deleted "C:\Program Files\Assets Manager\smdmf\favicon.ico" not deleted "C:\Program Files\Assets Manager\smdmf\smdmfmgrc3.cfg" not deleted "C:\Program Files\Assets Manager\smdmf\SmdmFService.exe" not deleted "C:\Program Files\Assets Manager\smdmf\tbicon.exe" not deleted "C:\Program Files\Assets Manager\smdmf\trz66E3.tmp" not deleted "C:\Program Files\Assets Manager\smdmf\trzB01A.tmp" not deleted "C:\Program Files\Assets Manager\smdmf\Uninstall.exe" not deleted "C:\Program Files\Assets Manager" not deleted "C:\Program Files\globalUpdate" deleted "C:\Program Files\Assets Manager\smdmf" not deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601) Memory (RAM): 2048 MB CPU Info: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz CPU Speed: 2469,1 MHz Sound Card: Speakers (High Definition Audio | Display Adapters: NVIDIA GeForce GT 610 | NVIDIA GeForce GT 610 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; Generic PnP Monitor | Medion MD30999PD S22 | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVD-RAM GH22LP20 Ports: COM1 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 473,8GB | E: 457,7GB | J: 698,5GB | L: 931,5GB Hard Disks - Free: C: 349,0GB | E: 361,3GB | J: 145,4GB | L: 741,4GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 05/07/09 | HPQOEM - 5000907 Time Zone: Romance (standaardtijd) Motherboard *: ASUSTeK Computer INC. P5KPL-AM SE Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Firefox 37.0.2 Internet Explorer Version: 11.0.9600.17728 Mozilla Firefox version: 37.0.2 (x86 nl) Google Chrome version: 42.0.2311.90 Sun Java version: 1.8.0_45 (32-bit) Flash Player version: 17.0.0.169 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-04-27 18:52:55 2169B4B1EFAA3453A4DA732F1F94C1E1 43112 ----a-w- C:\Windows\avastSS.scr 2015-04-04 10:26:18 718FECF22BF4BD4FC05B79AA4BEC75D0 1769 ----a-w- C:\Windows\Language_trs.ini ====== C:\Users\Yves\AppData\Local\Temp ==== 2015-04-27 19:17:15 DA9219442F4916BB9FB04A29CFE45DE8 1793280 ----a-w- C:\Users\Yves\AppData\Local\Temp\default-search.DLL 2015-04-27 19:16:42 3B59515D6422423C08F40792B281FA18 697949 ----a-w- C:\Users\Yves\AppData\Local\Temp\814301619450\Setup_product_8181.exe 2015-04-27 19:16:32 DA387AF299C0A6217FA9D78F58E14815 5798424 ----a-w- C:\Users\Yves\AppData\Local\Temp\supoptsetup.exe 2015-04-27 19:15:00 FEFEF2F226FD6BE184BC4A3378B02AAF 155648 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.162833\psmachine.dll 2015-04-27 19:15:00 FC7A2F466F7A0F3E873077505719C1A1 143360 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.162833\GoogleUpdateHelper.msi 2015-04-27 19:15:00 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.162833\GoogleUpdateBroker.exe 2015-04-27 19:15:00 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.162833\GoogleUpdate.exe 2015-04-27 19:15:00 D1FA6166BD73B04F48E2C9C821AD8226 761856 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.162833\goopdate.dll 2015-04-27 19:15:00 8D90BB3A36521B50D0E512A781E36871 155648 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.162833\psuser.dll 2015-04-27 19:15:00 873FFD78401AFA61CB0EDCC1D142132F 220672 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.162833\npGoogleUpdate4.dll 2015-04-27 19:15:00 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.162833\GoogleUpdateOnDemand.exe 2015-04-27 19:15:00 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.162833\GoogleCrashHandler.exe 2015-04-27 19:14:37 FEFEF2F226FD6BE184BC4A3378B02AAF 155648 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.308843\psmachine.dll 2015-04-27 19:14:37 FC7A2F466F7A0F3E873077505719C1A1 143360 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.308843\GoogleUpdateHelper.msi 2015-04-27 19:14:37 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.308843\GoogleUpdateBroker.exe 2015-04-27 19:14:37 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.308843\GoogleUpdate.exe 2015-04-27 19:14:37 D1FA6166BD73B04F48E2C9C821AD8226 761856 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.308843\goopdate.dll 2015-04-27 19:14:37 8D90BB3A36521B50D0E512A781E36871 155648 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.308843\psuser.dll 2015-04-27 19:14:37 873FFD78401AFA61CB0EDCC1D142132F 220672 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.308843\npGoogleUpdate4.dll 2015-04-27 19:14:37 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.308843\GoogleUpdateOnDemand.exe 2015-04-27 19:14:37 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.308843\GoogleCrashHandler.exe 2015-04-27 19:12:28 10FFABC748D68C40B68F883058C9B932 50225 ----a-w- C:\Users\Yves\AppData\Local\Temp\81430161945\SVJBLkxUSg==10700.exe 2015-04-27 19:11:05 A12CEF72FC22EB9CEE03B2B3DDB953ED 722448 ----a-w- C:\Users\Yves\AppData\Local\Temp\Microsoft Toolkit 2 5 3 Official Torrent__10924_i1505669314_il175815.exe 2015-04-27 18:54:13 B18903F14C92F3B9D3D08CA13A39EFDD 1064448 ----a-w- C:\Users\Yves\AppData\Local\Temp\Rar$EXa0.759\Office 2010 Activator.exe 2015-04-27 18:47:48 99914B932BD37A50B983C5E7C90AE93B 2 ----a-w- C:\Users\Yves\AppData\Local\Temp\72E8\temp\inst362.exe 2015-04-27 18:47:43 B0E2EDEC6D45B16F1DCE0F60509CC57F 13 ----a-w- C:\Users\Yves\AppData\Local\Temp\72E8\temp\inst242.exe 2015-04-27 18:47:08 41BE921214A9653B77B80086B4C5A7A5 286208 ------w- C:\Users\Yves\AppData\Local\Temp\~ld85E2\fgrs\tmp\ChromeSync.exe 2015-04-27 18:47:07 A96619564071DF84CC892752DF062A6D 86016 ------w- C:\Users\Yves\AppData\Local\Temp\~ld85E2\fgrs\tmp\RegWrite.exe 2015-04-27 18:47:07 183CE47148C66717FBCD147A41A0CAF6 114688 ------w- C:\Users\Yves\AppData\Local\Temp\~ld85E2\fgrs\tmp\ClearnC.exe 2015-04-27 15:22:20 FE78A05B2F6403A97285B643B25E47DB 74583 ------w- C:\Users\Yves\AppData\Local\Temp\is45637729\143850_stp\product.exe 2015-04-21 06:31:55 DA4A7479C13D4BC32F6F3F34A7D65B42 484960 ---ha-w- C:\Users\Yves\AppData\Local\Temp\72E8\temp\wpc_mystartsearch.exe 2015-04-19 05:37:29 B0E2B7813094940E791B0D6123E782D8 562088 ----a-w- C:\Users\Yves\AppData\Local\Temp\jre-8u45-windows-au.exe ====== Java Cache ===== 2015-04-19 05:39:44 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Yves\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-4c1f63e6 ====== C:\Windows\system32 ===== 2015-04-27 19:19:34 6400EF670A0BD3484A167C58C498A6F6 4 ----a-w- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7 2015-04-27 18:53:20 1D66934D8DB4AEBE53D3F0FE40CA76CE 291312 ----a-w- C:\Windows\System32\aswBoot.exe 2015-04-22 18:34:48 744AB3C1A73A57DEED49D631F1BDEA1D 2311168 ----a-w- C:\Windows\System32\wpdshext.dll 2015-04-22 18:34:32 F7F135F7702E0FB3EFE89283E2BE2EBB 67584 ----a-w- C:\Windows\System32\dwmapi.dll 2015-04-22 18:34:32 B01B8C949EDEC1B8A856E3056BDA7C42 1372160 ----a-w- C:\Windows\System32\dwmcore.dll ====== C:\Windows\system32\drivers ===== 2015-04-15 11:45:07 D800E1EAF33630A1636BB21E8256AA92 137656 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-04-15 11:45:07 746F89CE0C6569C589E6AC4D3DA82D41 67512 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-04-15 11:44:39 487569E5DA56A5A432FF8AF6D3599CF9 514560 ----a-w- C:\Windows\System32\drivers\http.sys 2015-04-04 10:26:52 2B4E66FAC6503494A2C6F32BB6AB3826 12400 ----a-w- C:\Windows\System32\drivers\AsIO.sys ====== C:\Windows\Tasks ====== 2015-04-27 19:35:48 3EEE7439BB37FEFD429F9DACED94B1E6 3128 ----a-w- C:\Windows\system32\Tasks\{166F2B6A-E6E9-4C26-AF01-E1C8672DC32A} 2015-04-27 18:53:47 863FC8B4F0433E5E0F71F4C6C1E29BF6 1040 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-27 18:53:47 45C52A55ACC21ED5E9DF8AE0E47EC054 4036 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2015-04-27 18:53:45 B6550F473AF6F8D32AA9413A5A3DBEA4 3784 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2015-04-27 18:53:45 4FEBAECF11509474B5E3EA36D57D3923 1036 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-27 18:47:28 E364D954852F39CB28CEF04A183EE499 3968 ----a-w- C:\Windows\system32\Tasks\LaunchPreSignup 2015-04-27 18:43:29 D68E79B69786AC0FF7C47838481BBEDD 372 ----a-w- C:\Windows\Tasks\Bidaily Synchronize Task.job 2015-04-15 11:35:43 C9D5BBBBACF0206DEE01DF4EF20BCBD0 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-15 11:35:43 1E652B67F5795F7653FB8ED5C0C0F423 3878 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-05-01 08:02:43 -------- d-----w- C:\Program Files\trend micro 2015-05-01 07:05:25 -------- d-----w- C:\Program Files\Enigma Software Group 2015-04-27 19:17:13 -------- d-----w- C:\Program Files\Assets Manager 2015-04-27 19:16:51 -------- d-----w- C:\Program Files\MiniGet 2015-04-27 19:16:51 -------- d-----w- C:\Program Files\Infonaut_1.10.0.13 2015-04-27 19:16:10 -------- d-----w- C:\Program Files\Opera 2015-04-27 18:53:39 -------- d-----w- C:\Program Files\Google 2015-04-27 17:59:41 -------- d-----w- C:\Program Files\WinRAR 2015-04-27 04:43:05 -------- d-----w- C:\Program Files\Magical Jelly Bean 2015-04-19 05:38:54 -------- d-----w- C:\Program Files\Common Files\Java 2015-04-16 16:05:29 -------- d-----w- C:\Program Files\Tango 2015-04-13 16:59:52 -------- d-----w- C:\Program Files\Evernote 2015-04-06 15:35:23 -------- d-----w- C:\Program Files\Image Resizer for Windows 2015-04-06 13:29:44 -------- d-----w- C:\Program Files\CPUID 2015-04-04 10:26:48 -------- d-----w- C:\Program Files\ASUS 2015-04-04 08:36:58 -------- d-----w- C:\Program Files\DYMO 2015-04-03 17:44:33 -------- d-----w- C:\Program Files\Mozilla Thunderbird 2015-04-03 16:46:24 -------- d-----w- C:\Program Files\MozBackup ======= C: ===== ====== C:\Users\Yves\AppData\Roaming ====== 2015-04-28 14:26:41 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla 2015-04-28 14:26:41 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla 2015-04-27 19:16:52 -------- d-----w- C:\Users\Yves\AppData\Roaming\MiniGet 2015-04-27 19:13:09 -------- d-----w- C:\Users\Yves\AppData\Local\Pro_PC_Cleaner 2015-04-27 18:54:07 -------- d-----w- C:\Users\Yves\AppData\Roaming\WinRAR 2015-04-27 18:53:39 -------- d-----w- C:\Users\Yves\AppData\Local\Google 2015-04-27 17:59:47 -------- d-----w- C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-04-27 04:42:46 -------- d-----w- C:\Users\Yves\AppData\Local\Programs 2015-04-16 16:05:23 -------- d-----w- C:\Users\Yves\AppData\Local\tango 2015-04-13 17:00:31 -------- d-----w- C:\Users\Yves\AppData\Locallow\Evernote 2015-04-13 17:00:31 -------- d-----w- C:\Users\Yves\AppData\Local\Evernote 2015-04-06 15:36:10 -------- d-----w- C:\Users\Yves\AppData\Local\Brice_Lambson 2015-04-04 21:50:43 C617961C8DB1C5219812ED1496B0EACB 5813808 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2015-04-04 08:40:24 -------- d-----w- C:\Users\Yves\AppData\Local\Sanford,_L.P 2015-04-04 08:39:21 -------- d-----w- C:\Users\Yves\AppData\Local\DYMO 2015-04-03 17:01:40 -------- d-----w- C:\Users\Yves\AppData\Roaming\Thunderbird 2015-04-03 17:01:40 -------- d-----w- C:\Users\Yves\AppData\Local\Thunderbird ====== C:\Users\Yves ====== 2015-05-01 08:01:52 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Yves\Downloads\RSIT.exe 2015-05-01 07:04:46 B9FF555660A02DC4D3EAFF58357BE02A 3109248 ----a-w- C:\Users\Yves\Downloads\SpyHunter-Installer.exe 2015-04-29 18:18:19 9A22FED5E73AE31B0D3B7FB6C40D5915 243472 ----a-w- C:\Users\Yves\Downloads\Firefox Setup Stub 37.0.2.exe 2015-04-28 14:26:41 -------- d-----r- C:\Windows\system32\config\systemprofile\Favorites 2015-04-28 14:26:41 -------- d-----r- C:\Windows\system32\config\systemprofile\Desktop 2015-04-27 19:29:08 -------- d-----w- C:\ProgramData\db8ee58e00005b29 2015-04-27 19:16:28 -------- d-----w- C:\ProgramData\{162ce34c-bc2d-16fb-162c-ce34cbc28d32} 2015-04-27 19:10:52 8777DE69357A269D2A3B70D926BCE643 1556496 ----a-w- C:\Users\Yves\Downloads\Microsoft Toolkit 2 5 3 Official Torrent_10924_i3103045_il345.exe 2015-04-27 18:54:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-04-27 18:48:22 EEE6C376BD6CA296F74FCCBD07B680F8 5498080 ----a-w- C:\Users\Yves\Downloads\avast_free_antivirus_setup_online(1).exe 2015-04-27 17:59:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-04-27 17:59:24 7CC13CDC3CE682596E5B69A3569120E3 2141856 ----a-w- C:\Users\Yves\Downloads\wrar521nl.exe 2015-04-27 17:59:12 8BF5D9768CA315EDCEC9CDD27EBC09D1 1760040 ----a-w- C:\Users\Yves\Downloads\wrar521.exe 2015-04-27 04:43:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder 2015-04-27 04:41:46 79F5C665AC1CFE9C545A84352F0E9376 1178272 ----a-w- C:\Users\Yves\Downloads\KeyFinderInstaller.exe 2015-04-16 16:05:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tango 2015-04-13 17:00:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2015-04-08 20:47:20 -------- d-----w- C:\Users\Yves\dwhelper 2015-04-06 16:20:23 -------- d-----w- C:\Users\Public\Documenten 2015-04-06 15:35:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows 2015-04-06 13:34:54 -------- d-----w- C:\Users\Yves\Tracing 2015-04-06 13:29:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2015-04-04 08:38:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO 2015-04-04 08:38:33 -------- d-----w- C:\ProgramData\Apple 2015-04-04 08:36:55 -------- d-----w- C:\ProgramData\DYMO 2015-04-03 16:46:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup ====== C: exe-files == 2015-05-01 08:02:44 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Yves.exe 2015-05-01 08:01:52 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Yves\Downloads\RSIT.exe 2015-05-01 07:05:37 17426389724648E011FDC17D5DE1ECED 21888 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\native.exe 2015-05-01 07:05:28 FD947F1CBB022C1DC138013049F5E33A 7125376 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe 2015-05-01 07:05:27 B785670E201B2CA20E91BF8D7B0D4D2A 771456 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe 2015-05-01 07:04:46 B9FF555660A02DC4D3EAFF58357BE02A 3109248 ----a-w- C:\Users\Yves\Downloads\SpyHunter-Installer.exe 2015-04-29 18:18:19 9A22FED5E73AE31B0D3B7FB6C40D5915 243472 ----a-w- C:\Users\Yves\Downloads\Firefox Setup Stub 37.0.2.exe 2015-04-28 14:40:25 EC9FF7088D0BE1371707363695739B9B 1169 ----a-w- C:\Users\Yves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXQH4P56\Setup[1].exe 2015-04-27 19:17:16 D10339E7F5DA968FC5ECB1C359CD1FB3 79104 ----a-w- C:\Program Files\Assets Manager\smdmf\tbicon.exe 2015-04-27 19:17:14 9E79A30A913BE202C6A707785B92F0F1 3203840 ----a-w- C:\Program Files\Assets Manager\smdmf\SmdmFService.exe 2015-04-27 19:16:42 3B59515D6422423C08F40792B281FA18 697949 ----a-w- C:\Users\Yves\AppData\Local\Temp\814301619450\Setup_product_8181.exe 2015-04-27 19:16:32 DA387AF299C0A6217FA9D78F58E14815 5798424 ----a-w- C:\Users\Yves\AppData\Local\Temp\supoptsetup.exe 2015-04-27 19:15:00 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.162833\GoogleUpdateBroker.exe 2015-04-27 19:15:00 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.162833\GoogleUpdate.exe 2015-04-27 19:15:00 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.162833\GoogleUpdateOnDemand.exe 2015-04-27 19:15:00 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.162833\GoogleCrashHandler.exe 2015-04-27 19:14:37 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.308843\GoogleUpdateBroker.exe 2015-04-27 19:14:37 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.308843\GoogleUpdate.exe 2015-04-27 19:14:37 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.308843\GoogleUpdateOnDemand.exe 2015-04-27 19:14:37 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\Users\Yves\AppData\Local\Temp\comh.308843\GoogleCrashHandler.exe 2015-04-27 19:12:28 10FFABC748D68C40B68F883058C9B932 50225 ----a-w- C:\Users\Yves\AppData\Local\Temp\81430161945\SVJBLkxUSg==10700.exe 2015-04-27 19:11:05 A12CEF72FC22EB9CEE03B2B3DDB953ED 722448 ----a-w- C:\Users\Yves\AppData\Local\Temp\Microsoft Toolkit 2 5 3 Official Torrent__10924_i1505669314_il175815.exe 2015-04-27 19:10:52 8777DE69357A269D2A3B70D926BCE643 1556496 ----a-w- C:\Users\Yves\Downloads\Microsoft Toolkit 2 5 3 Official Torrent_10924_i3103045_il345.exe 2015-04-27 18:54:13 B18903F14C92F3B9D3D08CA13A39EFDD 1064448 ----a-w- C:\Users\Yves\AppData\Local\Temp\Rar$EXa0.759\Office 2010 Activator.exe 2015-04-27 18:53:56 3F41E4BC551B4C913BAD2F4340D79B60 41815632 ----a-w- C:\Program Files\Google\Update\Install\{691C80A8-DF3A-4817-8AC9-97BA22D06CAB}\42.0.2311.90_chrome_installer.exe 2015-04-27 18:53:56 3F41E4BC551B4C913BAD2F4340D79B60 41815632 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\42.0.2311.90\42.0.2311.90_chrome_installer.exe 2015-04-27 18:53:40 DE7550069052DF5D2B1F6960D0243C79 59784 ----atw- C:\Program Files\Google\Update\1.3.21.169\GoogleUpdateOnDemand.exe 2015-04-27 18:53:40 7ABAD5635830CB8AF3EA5B88E76F728D 818968 ----a-w- C:\Program Files\Google\Update\1.3.21.169\GoogleUpdateSetup.exe 2015-04-27 18:53:40 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe 2015-04-27 18:53:40 3B32333DC232CCF0EA0A3CF5EB450D2E 59784 ----atw- C:\Program Files\Google\Update\1.3.21.169\GoogleUpdateBroker.exe 2015-04-27 18:53:39 DB102830BAB3ABC1DD1C50638FAF2EE5 237960 ----atw- C:\Program Files\Google\Update\1.3.21.169\GoogleCrashHandler.exe 2015-04-27 18:53:39 A9BA658987B67FFC7139F95A2CFE1228 319880 ----atw- C:\Program Files\Google\Update\1.3.21.169\GoogleCrashHandler64.exe 2015-04-27 18:53:39 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.21.169\GoogleUpdate.exe 2015-04-27 18:53:20 1D66934D8DB4AEBE53D3F0FE40CA76CE 291312 ----a-w- C:\Windows\System32\aswBoot.exe 2015-04-27 18:48:22 EEE6C376BD6CA296F74FCCBD07B680F8 5498080 ----a-w- C:\Users\Yves\Downloads\avast_free_antivirus_setup_online(1).exe 2015-04-27 18:47:48 99914B932BD37A50B983C5E7C90AE93B 2 ----a-w- C:\Users\Yves\AppData\Local\Temp\72E8\temp\inst362.exe 2015-04-27 18:47:43 B0E2EDEC6D45B16F1DCE0F60509CC57F 13 ----a-w- C:\Users\Yves\AppData\Local\Temp\72E8\temp\inst242.exe 2015-04-27 18:47:08 41BE921214A9653B77B80086B4C5A7A5 286208 ------w- C:\Users\Yves\AppData\Local\Temp\~ld85E2\fgrs\tmp\ChromeSync.exe 2015-04-27 18:47:07 A96619564071DF84CC892752DF062A6D 86016 ------w- C:\Users\Yves\AppData\Local\Temp\~ld85E2\fgrs\tmp\RegWrite.exe 2015-04-27 18:47:07 183CE47148C66717FBCD147A41A0CAF6 114688 ------w- C:\Users\Yves\AppData\Local\Temp\~ld85E2\fgrs\tmp\ClearnC.exe 2015-04-27 17:59:42 70704AB7F16E72BC17CDD6D59A1DD719 1408088 ----a-w- C:\Program Files\WinRAR\WinRAR.exe 2015-04-27 17:59:41 D344343660FBF3A40A94CA8F824C3443 311384 ----a-w- C:\Program Files\WinRAR\UnRAR.exe 2015-04-27 17:59:41 BE9DF7AD22B00A151E79622D0F9A62B9 499288 ----a-w- C:\Program Files\WinRAR\Rar.exe 2015-04-27 17:59:41 16976B62C2CA7FDE0C5AD37390A39E98 166488 ----a-w- C:\Program Files\WinRAR\Uninstall.exe 2015-04-27 17:59:24 7CC13CDC3CE682596E5B69A3569120E3 2141856 ----a-w- C:\Users\Yves\Downloads\wrar521nl.exe 2015-04-27 17:59:12 8BF5D9768CA315EDCEC9CDD27EBC09D1 1760040 ----a-w- C:\Users\Yves\Downloads\wrar521.exe 2015-04-27 15:22:20 FE78A05B2F6403A97285B643B25E47DB 74583 ------w- C:\Users\Yves\AppData\Local\Temp\is45637729\143850_stp\product.exe 2015-04-27 04:43:05 E60DD5873C53F5A39C73D0EAEEBCD916 811968 ----a-w- C:\Program Files\Magical Jelly Bean\keyfinder.exe 2015-04-27 04:43:05 06CA2EE4050CFE832ED526DA3DA0E85C 1195024 ----a-w- C:\Program Files\Magical Jelly Bean\unins000.exe 2015-04-27 04:41:46 79F5C665AC1CFE9C545A84352F0E9376 1178272 ----a-w- C:\Users\Yves\Downloads\KeyFinderInstaller.exe === C: other files == 2015-05-01 07:05:36 FD947F1CBB022C1DC138013049F5E33A 7125376 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com 2015-05-01 07:05:33 9264DD96883E5769EE79CB43E712BE9E 16432 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 2015-05-01 07:05:31 01CE484FF6D70A39479BC6D619DE7ED6 19984 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.sys 2015-04-28 14:25:30 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Users\Yves\AppData\Local\Temp\avastBCLTMP\{3593c8b9-8e18-4b4b-b7d3-cb8beb1aa42c}.zip 2015-04-28 14:25:30 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Users\Yves\AppData\Local\Temp\avastBCLTMP\{1b23a50f-3bcb-47da-b465-4d72d579fd23}.zip 2015-04-27 19:12:16 D2F6A1B11344D9AC7BCFB75900D4ADE1 23668 ----a-w- C:\Users\Yves\AppData\Local\Temp\scoped_dir_5048_10306\youtube.crx 2015-04-27 19:12:16 8AD223868AB9974F7746D0227730A0CC 26392 ----a-w- C:\Users\Yves\AppData\Local\Temp\scoped_dir_5048_1653\search.crx 2015-04-27 19:12:16 71E1283B8440F6264CEC99DF9AD81F5B 25561 ----a-w- C:\Users\Yves\AppData\Local\Temp\scoped_dir_5048_7513\drive.crx 2015-04-27 19:12:16 2E2E328E5BF6BE61203164B3E9EA8094 24040 ----a-w- C:\Users\Yves\AppData\Local\Temp\scoped_dir_5048_30631\gmail.crx 2015-04-27 18:54:01 1D842CD38467BC6BA34FE18FA31169DE 1047807 ----a-w- C:\Users\Yves\AppData\Local\Temp\Office 2010 Activator.zip ======== System Restore Points ======== RP16: 30/03/2015 20:06:54 - Windows Update RP18: 30/03/2015 21:31:18 - Installed Ulead Photo Express SE RP19: 30/03/2015 21:33:57 - Windows Update RP20: 30/03/2015 21:56:32 - Windows Update RP21: 30/03/2015 23:06:29 - Windows Update RP23: 30/03/2015 23:22:30 - Removed Ulead Photo Express SE RP24: 30/03/2015 23:44:53 - Windows Update RP25: 31/03/2015 3:00:11 - Windows Update RP26: 31/03/2015 7:00:06 - Windows Update RP27: 31/03/2015 8:05:53 - Windows Update RP28: 31/03/2015 22:17:14 - Installatie van apparaatstuurprogramma: Fedict Smartcards RP29: 3/04/2015 16:55:08 - Windows Update RP31: 4/04/2015 10:04:22 - avast! antivirus system restore point RP32: 4/04/2015 11:42:22 - Windows Update RP34: 4/04/2015 12:26:27 - Installed Cool & Quiet RP36: 4/04/2015 12:35:07 - Removed Cool & Quiet RP37: 4/04/2015 12:38:51 - Removed Bonjour RP38: 4/04/2015 13:31:45 - Windows Back-up RP39: 6/04/2015 7:36:50 - Windows Back-up RP40: 6/04/2015 17:34:35 - Image Resizer for Windows RP41: 8/04/2015 6:59:19 - Windows Update RP42: 12/04/2015 19:00:23 - Windows Back-up RP43: 13/04/2015 7:05:48 - Windows Back-up RP44: 13/04/2015 7:09:19 - Windows Back-up RP45: 13/04/2015 18:58:52 - Installed Evernote v. 5.8.5 RP46: 14/04/2015 14:20:35 - Windows Update RP47: 15/04/2015 14:25:20 - Windows Update RP48: 19/04/2015 19:00:43 - Windows Back-up RP49: 22/04/2015 6:35:28 - Windows Update RP50: 22/04/2015 20:34:57 - Windows Update RP51: 27/04/2015 6:15:18 - Windows Back-up RP52: 27/04/2015 19:36:08 - Installed Windows Genuine Advantage Validation v1.9.40.0 Cracked V3 RP54: 27/04/2015 20:46:04 - Windows Defender Checkpoint RP56: 27/04/2015 20:49:54 - avast! antivirus system restore point RP57: 27/04/2015 21:21:56 - Removed Windows Genuine Advantage Validation v1.9.40.0 Cracked V3 RP58: 28/04/2015 16:23:08 - WinZip 19.0 is verwijderd RP59: 28/04/2015 16:27:48 - Windows Update RP60: 1/05/2015 23:11:20 - zoek.exe restore point ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1173886604-103056793-2151736865-1003\Software\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1" "DriverUpdaterPro"="C:\Program Files\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss" "DymoQuickPrint"="C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe /startup" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "CDAServer"="C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe" "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" "LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide" "DLSService"="C:\Program Files\DYMO\DYMO Label Software\DLSService.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1" "DriverUpdaterPro"="C:\Program Files\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss" "DymoQuickPrint"="C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe /startup" ==== Startup Folders ====================== 2015-04-13 17:04:54 1097 ----a-w- C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk 2015-03-30 19:48:11 2453 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [15/04/2015 13:35] C:\Windows\tasks\Bidaily Synchronize Task.job --a------ C:\ProgramData\bfc01fc9-d567-d6ca-bfc0-01fc9d567f27\Office 2010 Activator KMS .exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [27/04/2015 20:53] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:0C:\ProgramC:Files\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\LaunchPreSignup" [C:\Program Files\OLBPre\OLBPre.exe] "C:\Windows\system32\tasks\ProPCCleaner_Start" [C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\f4vdwijy.default user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006"); user_pref("browser.search.defaultengine", "Google (avast)"); user_pref("browser.search.defaultenginename", "Google (avast)"); user_pref("browser.search.selectedEngine", "Google (avast)"); user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "sweetsearch@gmail.com"="C:\Users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\f4vdwijy.default\extensions\sweetsearch@gmail.com" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\f4vdwijy.default - Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be - Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF - DeskCam - %ProfilePath%\extensions\deskcam@paolo.minasi.xpi - Quick Translator - %ProfilePath%\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi - Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\Yves\AppData\Roaming\Thunderbird\Profiles\n02ohsly.default - Woordenboek Nederlands - %ProfilePath%\extensions\nl-NL@dictionaries.addons.mozilla.org - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} - Extra Folder Columns - %ProfilePath%\extensions\extra-cols@jminta_gmail.com.xpi AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\f4vdwijy.default 8EF356DA145F60C3F11DF7EF03B97449 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll - Adobe Acrobat DB922CC2399AA33D93FC930F2B5B95BD - C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll - Google Update E3F807ECC0EF5DEA04D67676672841E4 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION 59FADC9EB6550247497C68D4BA498CC0 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision 893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In D31C4608FDCD9CEB756F45E91DCF64F8 - C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U45 66F9ADD8A2335EF9870AFDA4F35F492B - C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.450.14 298FC57D00411E0B377A2591758C1C6B - C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll - DYMO Label Framework 9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash 8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== Google Chrome Version: 42.0.2311.90 (Possible outdated, latest Stable version: , Mac and Linux. A list of changes is available in the log.
) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fpmeembnagmagppkgghhfjfdfajdfcah - No path found[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[30/03/2015 17:33] iomphmdalfmaifjccmagmllnicjoghhk - No path found[] Docs - Yves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Yves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Google Sheets - Yves\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Linkey - Yves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah Avast Online Security - Yves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Default-Search - Yves\AppData\Local\Google\Chrome\User Data\Default\Extensions\iomphmdalfmaifjccmagmllnicjoghhk Gmail - Yves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Yves\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.mystartsearch.com/?type=hppp&ts=1430160430&from=wpc&uid=HitachiXHDT721010SLA360_STF601MR1P6AGP1P6AGPX", "startup_urls": [ "http://www.mystartsearch.com/?type=hppp&ts=1430160430&from=wpc&uid=HitachiXHDT721010SLA360_STF601MR1P6AGP1P6AGPX" ], ==== Chromium Fix ====================== C:\Users\Yves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah deleted successfully C:\Users\Yves\AppData\Local\Google\Chrome\User Data\Default\Extensions\iomphmdalfmaifjccmagmllnicjoghhk deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?trackid=sp-006" "Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?trackid=sp-006" "Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="https://www.google.com/?trackid=sp-006" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google Url="https://www.google.com/search?trackid=sp-006&q={searchTerms}" ==== Reset Google Chrome ====================== C:\Users\Yves\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Yves\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Yves\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\quick_searchff@gmail.com deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\sweetsearch@gmail.com deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Yves\Desktop\Evernote.lnk - C:\Program Files\Evernote\Evernote\Evernote.exe C:\Users\Yves\Desktop\PC Wizard 2013.lnk - C:\Program Files\CPUID\PC Wizard 2013\PC Wizard.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Public\Desktop\DYMO Label v.8.lnk - C:\Program Files\DYMO\DYMO Label Software\DLS.exe C:\Users\Public\Desktop\eID Viewer.lnk - C:\Program Files\Belgium Identity Card\EidViewer\eID Viewer.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Logitech Webcam Software .lnk - C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe C:\Users\Public\Desktop\MozBackup.lnk - C:\Program Files\MozBackup\MozBackup.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Users\Public\Desktop\Samsung Printer Diagnostics.lnk - C:\Program Files\Samsung\Samsung Printer Diagnostics\SEInstall\SPD\ESM.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\Tango.lnk - C:\Program Files\Tango\Tango.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1430160380&from=wpc&uid=HitachiXHDT721010SLA360_STF601MR1P6AGP1P6AGPX C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1430160380&from=wpc&uid=HitachiXHDT721010SLA360_STF601MR1P6AGP1P6AGPX C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR-handleiding.lnk - C:\Program Files\WinRAR\Rar.txt C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Wat is nieuw in de meest recente versie.lnk - C:\Program Files\WinRAR\WhatsNew.txt C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\winrar.chm C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Distiller.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\PM_Designer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\Program Files\DVD Maker\DVDMaker.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\Windows\system32\mblctr.exe /open C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\Windows\system32\NetProj.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\Program Files\Windows Journal\Journal.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\Windows\system32\secpol.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\eID Viewer.lnk - C:\Program Files\Belgium Identity Card\EidViewer\eID Viewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Office 2010 XAdES XL signature configuration.lnk - C:\Program Files\Belgium Identity Card\beidoffice2010_XAdES_XL.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Outlook registry configuration.lnk - C:\Program Files\Belgium Identity Card\beidoutlooksnc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\PC Wizard 2013\PC Wizard 2013 Instellingen.lnk - C:\Program Files\CPUID\PC Wizard 2013\Data\settings.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\PC Wizard 2013\PC Wizard 2013.lnk - C:\Program Files\CPUID\PC Wizard 2013\PC Wizard.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\PC Wizard 2013\ReadMe.lnk - C:\Program Files\CPUID\PC Wizard 2013\readme.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\PC Wizard 2013\Release Notes.lnk - C:\Program Files\CPUID\PC Wizard 2013\release.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\PC Wizard 2013\Verwijder PC Wizard 2013.lnk - C:\Program Files\CPUID\PC Wizard 2013\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\PC Wizard 2013\Web Update Applicatie.lnk - C:\Program Files\CPUID\PC Wizard 2013\Web\webupdt.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO\DYMO Add Printer Utility.lnk - C:\Program Files\DYMO\DYMO Label Software\DymoPrinterWizard.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO\DYMO Label v.8.lnk - C:\Program Files\DYMO\DYMO Label Software\DLS.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO\DYMO QuickPrint.lnk - C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Evernote.lnk - C:\Windows\Installer\{5EDC25EC-D966-11E4-9E5C-00163E98E7D6}\Evernote.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows\License.lnk - C:\Program Files\Image Resizer for Windows\Ms-PL.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder\KeyFinder.lnk - C:\Program Files\Magical Jelly Bean\keyfinder.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder\Uninstall KeyFinder.lnk - C:\Program Files\Magical Jelly Bean\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Logitech Webcam Software.lnk - C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe /design C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Digitaal certificaat voor VBA-projecten.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Microsoft Mediagalerie.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Microsoft Office 2010 Upload Center.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-hulpprogramma's\Taalvoorkeuren voor Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup\MozBackup.lnk - C:\Program Files\MozBackup\MozBackup.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup\Uninstall.lnk - C:\Program Files\MozBackup\Uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Order Supplies.lnk - C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Easy Printer Manager.lnk - C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Easy Wireless Setup.lnk - C:\Program Files\Samsung\Samsung Easy Wireless Setup\SEInstall\Setup\bin\SSWSPExe.exe /MSamsung /P"Easy Wireless Setup" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Printer Diagnostics.lnk - C:\Program Files\Samsung\Samsung Printer Diagnostics\SEInstall\SPD\ESM.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Uninstall Samsung Printer Software.lnk - C:\Windows\TotalUninstaller.exe /REMOVE_ALL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tango\Tango.lnk - C:\Program Files\Tango\Tango.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tango\Uninstall.lnk - C:\Program Files\Tango\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR-handleiding.lnk - C:\Program Files\WinRAR\Rar.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Wat is nieuw in de meest recente versie.lnk - C:\Program Files\WinRAR\WhatsNew.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\winrar.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1430160380&from=wpc&uid=HitachiXHDT721010SLA360_STF601MR1P6AGP1P6AGPX C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Uninstall List x86 ====================== Adobe Acrobat 7.0 Professional - English, Fran‡ais, Deutsch [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-1033-F400-7760-000000000002}] Adobe Acrobat 7.1.0 Professional - English, Fran‡ais, Deutsch [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 7.0 Professional - EFG] Adobe Flash Player 17 NPAPI [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] Assets Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Assets Manager] Avast Free Antivirus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Avast] Belgium e-ID middleware 4.0.7 (build 7466) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{824563DE-75AD-4166-9DC0-B6482F207466}] CameraHelperMsi [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15634701-BACE-4449-8B25-1567DA8C9FD3}] CinemaPlus-3.2cV27.04 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus-3.2cV27.04] Common Desktop Agent [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{031A0E14-0413-4C97-9772-2639B782F46F}] DYMO Label v.8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DYMO Label v.8] erLT [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}] Evernote v. 5.8.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5EDC25EC-D966-11E4-9E5C-00163E98E7D6}] Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] Image Resizer for Windows [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6285B71F-660A-478B-A876-C7E66A678E6A}] Image Resizer for Windows [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{69d72156-6582-4556-8637-06f40aa7f85b}] Internet Speed Checker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Speed Checker] Java 8 Update 45 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218045F0}] Logitech-webcamsoftware [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D40EB009-0499-459c-A8AF-C9C110766215}] LWS Facebook [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}] LWS Gallery [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}] LWS Help_main [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1651216E-E7AD-4250-92A1-FB8ED61391C9}] LWS Launcher [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}] LWS Motion Detection [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{71E66D3F-A009-44AB-8784-75E2819BA4BA}] LWS Pictures And Video [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{08610298-29AE-445B-B37D-EFBE05802967}] LWS Twitter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{174A3B31-4C43-43DD-866F-73C9DB887B48}] LWS Webcam Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8937D274-C281-42E4-8CDB-A0B2DF979189}] LWS WLM Plugin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9DAEA76B-E50F-4272-A595-0124E826553D}] LWS YouTube Plugin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}] Magical Jelly Bean KeyFinder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KeyFinder_is1] Microsoft .NET Framework 4.5.2 (Nederlands) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043] Microsoft .NET Framework 4.5.2 (NLD) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F9062696-5B87-39CC-90CE-DA256689262D}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3911CF56-9EF2-39BA-846A-C27BD3CD0685}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft Office Professional Plus 2010 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}] Microsoft Visual Studio 2010 Tools for Office Runtime (x86) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}] Microsoft Visual Studio 2010 Tools for Office Runtime (x86) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)] Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D4EE62A5-B4BC-3C6C-9CF9-083AFC45F201}] MozBackup 1.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozBackup] Mozilla Firefox 37.0.2 (x86 nl) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 37.0.2 (x86 nl)] Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService] Mozilla Thunderbird 31.6.0 (x86 nl) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 31.6.0 (x86 nl)] NVIDIA-configuratiescherm 340.52 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] NVIDIA Grafisch stuurprogramma 340.52 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] NVIDIA Install Application [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] NVIDIA Stereoscopic 3D Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIAStereo] PC Wizard 2013.2.12 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC Wizard 2013_is1] Samsung CLP-360 Series [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Samsung CLP-360 Series] Samsung Easy Printer Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Easy Printer Manager] Samsung Easy Wireless Setup [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Easy Wireless Setup] Samsung Printer Diagnostics [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Printer Diagnostics] Samsung Printer Live Update [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Printer Live Update] Samsung Universal Print Driver 2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Universal Print Driver 2] SkypeT 7.3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] Stuurprogrammapakket voor Windows - Fedict SmartCard (04/30/2014 4.0.7.5) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\C5357B4AD7C02B3F6EF45765A07E5B725E50BBF7] Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD] Tango [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Tango] WinRAR 5.21 (32-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver] Xperience [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{50ebd1b7}] ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{50ebd1b7} deleted successfully HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iomphmdalfmaifjccmagmllnicjoghhk deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Assets Manager deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus-3.2cV27.04 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Speed Checker deleted successfully ==== HijackThis Entries ====================== O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bestadblocker - {1b23a50f-3bcb-47da-b465-4d72d579fd23} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [DLSService] "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1 O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Afbeelding knippen - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Kopieer selectie - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 O8 - Extra context menu item: Kopieer URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 O8 - Extra context menu item: Nieuwe notitie - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html O8 - Extra context menu item: Pagina opemen - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Samsung UPD Utility Service (SamsungUPDUtilSvc) - Unknown owner - C:\Windows\system32\SecUPDUtilSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SmdmF Service (SmdmFService) - Aztec Media Inc - C:\Program Files\Assets Manager\smdmf\SmdmFService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1 [Adobe Systems Incorporated] DriverUpdaterPro = C:\Program Files\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss [file not found] DymoQuickPrint = "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [Sanford, L.P.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [Avast Software s.r.o.] BCSSync = "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [MS] CDAServer = C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [null data] Acrobat Assistant 7.0 = "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [Adobe Systems Inc.] (Default) = (empty string) [file not found] LWS = C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [Logitech Inc.] DLSService = "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = AcroIEHlprObj Class \InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [Oracle Corporation] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = avast! Online Security -> {HKLM...CLSID} = avast! Online Security \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [Avast Software s.r.o.] {92EF2EAD-A7CE-4424-B0DB-499CF856608E}\(Default) = (no title provided) -> {HKLM...CLSID} = Evernote extension \InProcServer32\(Default) = C:\Program Files\Evernote\Evernote\EvernoteIE.dll [Evernote Corp., 305 Walnut Street, Redwood City, CA 94063] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = Adobe PDF Conversion Toolbar Helper \InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {472083B0-C522-11CF-8763-00608CC02F24} = avast -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...CLSID} = Werkruimten \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler -> {HKLM...CLSID} = Microsoft Outlook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS] {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = Adobe.Acrobat.ContextMenu -> {HKLM...CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} -> {HKLM...CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] Image Resizer\(Default) = {51B4D7E5-7568-4234-B4BB-47FB3C016A69} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [Brice Lambson] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ Image Resizer\(Default) = {51B4D7E5-7568-4234-B4BB-47FB3C016A69} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [Brice Lambson] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ SoftwareSASGeneration = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ WIA_{A2F9CBEF-C569-475E-98F1-473184BE28B3}\ Provider = WinZip CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\WinZip\WINZIP32.EXE /wia; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Startup items in "Yves" & "All Users" startup folders: ------------------------------------------------------ C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} EvernoteClipper -> shortcut to: C:\Program Files\Evernote\Evernote\EvernoteClipper.exe [Evernote Corp., 305 Walnut Street, Redwood City, CA 94063] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++} Adobe Acrobat Speed Launcher -> shortcut to: C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [null data] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\Yves\AppData\Local\Microsoft\Windows Sidebar\Settings.ini "C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget" Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] avast! Emergency Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [Avast Software s.r.o.] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] LaunchPreSignup -> launches: C:\Program Files\OLBPre\OLBPre.exe signup [file not found] ProPCCleaner_Start -> launches: C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe true [file not found] {166F2B6A-E6E9-4C26-AF01-E1C8672DC32A} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files\Assets Manager\smdmf\Uninstall.exe" -c /browser=all [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx launchtrayprocess -> launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS] refreshgwxconfig -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS] refreshgwxcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [MS] runappraiser -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RunAppraiser [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup AutomaticBackup -> launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS] Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Defender MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-1173886604-103056793-2151736865-1003 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 16 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {47833539-D0C5-4125-9FA8-0819E2EAAC93} -> {HKLM...CLSID} = Adobe PDF \InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {47833539-D0C5-4125-9FA8-0819E2EAAC93} = (no title provided) -> {HKLM...CLSID} = Adobe PDF \InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = Adobe PDF \InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated] HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = Adobe PDF \InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated] HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\CLSID\{F37C7F06-0B23-4AD1-9160-1CC285A5E9EC}\(Default) = Easy Capture Manager Print Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\Program Files\Samsung\Easy Printer Manager\SmartScreenPrint\W2PDeskband.dll [Samsung Electronics Co., Ltd.] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] {A95FE080-8F5D-11D2-A20B-00AA003C157A}\ ButtonText = @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 MenuText = @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 Script = C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html [null data] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] <> Tabs = about:newtab [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Avast Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [Avast Software s.r.o.] DYMO PnP Service, DymoPnpService, "C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe" [null data] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] NVIDIA Stereoscopic 3D Driver Service, Stereo Service, "C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [NVIDIA Corporation] Office Software Protection Platform, osppsvc, "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [MS] Samsung UPD Utility Service, SamsungUPDUtilSvc, C:\Windows\system32\SecUPDUtilSvc.exe [null data] SmdmF Service, SmdmFService, C:\Program Files\Assets Manager\smdmf\SmdmFService.exe [Aztec Media Inc] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = C:\Windows\system32\AdobePDF.dll [Adobe Systems Incorporated.] DYMO LabelManager Wireless PnP Monitor\Driver = LMPNPW_MON.DLL [Sanford L.P.] sst6c Langmon\Driver = sst6clm.dll [empty string] usp02 Langmon\Driver = usp02l.dll [empty string] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Users\Yves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Yves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Yves\AppData\Local\Mozilla\Firefox\Profiles\f4vdwijy.default\cache2 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\b4irm71n.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Yves\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=170 folders=77 60229856 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Yves\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Yves\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\Assets Manager\smdmf\Default-Search.dll" not found "C:\Program Files\Assets Manager\smdmf\favicon.ico" not found "C:\Program Files\Assets Manager\smdmf\smdmfmgrc3.cfg" not found "C:\Program Files\Assets Manager\smdmf\SmdmFService.exe" not found "C:\Program Files\Assets Manager\smdmf\tbicon.exe" not found "C:\Program Files\Assets Manager\smdmf\trz66E3.tmp" not found "C:\Program Files\Assets Manager\smdmf\trzB01A.tmp" not found "C:\Program Files\Assets Manager\smdmf\Uninstall.exe" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found "C:\Program Files\Assets Manager" not found "C:\Users\Yves\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R62UG63R\admin.brightcove.com" not found "C:\Users\Yves\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R62UG63R\bin.snmmd.nl" not found "C:\Users\Yves\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R62UG63R\cdnbakmi.kaltura.com" not found "C:\Users\Yves\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R62UG63R\fbstatic-a.akamaihd.net" not found "C:\Users\Yves\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R62UG63R\files.muzu.tv" not found "C:\Users\Yves\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R62UG63R\static1.syndication.vmma.be" not found "C:\Users\Yves\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R62UG63R\static1.vtm.vmmacdn.be" not found ==== EOF on vr 01/05/2015 at 23:57:00,27 ======================