Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by verheyen on do 14/05/2015 at 8:01:33,02. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\verheyen\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-05-13-195344.log 881 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2112388589-1658323544-2423709402-1000\Software\Microsoft\Internet Explorer\SearchScopes\{43CBEAB3-EC0E-4859-955A-73F31BB936E6} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Windows\WebCam\S6000\S6000Mnt.exe C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Windows\SysWOW64\DllHost.exe C:\Users\verheyen\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LPTSystemUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LPTSystemUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\APNMCP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbmntr deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sbmntr deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SysMenu.DLL] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SysMenu.DLL] ==== Deleting Files \ Folders ====================== C:\Users\verheyen\AppData\Roaming\calibre deleted C:\Users\verheyen\SupTab deleted C:\PROGRA~2\GUT12A1.tmp deleted C:\PROGRA~2\GUM12A0.tmp deleted C:\Users\verheyen\AppData\Roaming\WB.CFG deleted C:\Users\verheyen\AppData\Roaming\RHEng deleted C:\Users\verheyen\AppData\Roaming\burnaware.ini deleted C:\Users\verheyen\AppData\Roaming\soundymd.dll deleted C:\Users\verheyen\AppData\Roaming\pcouffin.log deleted C:\Users\verheyen\AppData\Roaming\ReplayMusicLog.log deleted C:\Users\verheyen\AppData\Roaming\aps.uninstall.scan.results deleted C:\Users\verheyen\AppData\Roaming\ProductData deleted C:\PROGRA~3\AskPartnerNetwork deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\ProductData deleted C:\PROGRA~3\PriceMeterLiveUpdate deleted C:\PROGRA~3\Package Cache deleted C:\Users\verheyen\AppData\Local\nsq7F9E.tmp deleted C:\Users\verheyen\AppData\Local\AskPartnerNetwork deleted C:\Users\verheyen\AppData\Local\CrashRpt deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\verheyen\AppData\LocalLow\Company deleted C:\Users\verheyen\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} deleted C:\Users\verheyen\AppData\LocalLow\ADSRemoval deleted C:\Users\verheyen\AppData\LocalLow\IAC deleted C:\windows\SysNative\tasks\YTDownloader deleted C:\windows\SysNative\tasks\YTDownloaderUpd deleted C:\windows\SysNative\tasks\Microsoft\Windows\Maintenance\SMupdate2 deleted C:\windows\SysNative\tasks\Microsoft\Windows\Multimedia\SMupdate3 deleted C:\windows\SysNative\tasks\Smp deleted C:\windows\SysNative\tasks\SMWUpd deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\verheyen\Documents\Optimizer Pro deleted C:\Users\Public\Desktop\Youtube Music Downloader.lnk deleted C:\Users\verheyen\AppData\Local\patchYDG.exe deleted C:\Users\verheyen\AppData\Roaming\Mozilla\Firefox\Profiles\gr7g0d9e.default\extensions\adsremoval@adsremoval.net deleted "C:\Windows\Installer\611f94.msi" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted "C:\PROGRA~2\AskPartnerNetwork" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater" deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4061 MB CPU Info: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz CPU Speed: 2064,8 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: ATI Mobility Radeon HD 4500/5100 Series | ATI Mobility Radeon HD 4500/5100 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC | Realtek PCIe FE Family Controller CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GT20N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 244,0GB | D: 221,6GB Hard Disks - Free: C: 167,1GB | D: 109,3GB Manufacturer *: TOSHIBA BIOS Info: AT/AT COMPATIBLE | 10/28/09 | TOSCPL - 6040000 Time Zone: Romance (standaardtijd) Motherboard *: TOSHIBA KTWAA Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: ESET Smart Security 8.0 disabled (Outdated) Firewall: ESET Persoonlijke firewall disabled Default Browser: Google Chrome 42.0.2311.135 Internet Explorer Version: 11.0.9600.17801 Mozilla Firefox version: 27.0.1 (x86 nl) Google Chrome version: 42.0.2311.135 Adobe Reader version: 11.0.10.32 Sun Java version: 1.8.0_45 (32-bit) Sun Java version: 1.8.0_45 (64-bit) Shockwave Player version: 12.1.8r158 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\verheyen\AppData\Local\Temp ==== ====== Java Cache ===== 2015-04-17 12:29:28 5DBE6405A5B113355CFB5FC5DFB9E4DB 100 ----a-w- C:\Users\verheyen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2015-04-17 12:29:27 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\verheyen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-61de8f9a ====== C:\Windows\SysWOW64 ===== 2015-05-13 20:32:02 858EB73F68B20A2A5C66B6C000D1C0DD 102608 ----a-w- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 08:10:59 D0CA74BE380498A0111A73EB9C76CF8F 342016 ----a-w- C:\Windows\SysWOW64\certcli.dll 2015-05-13 08:10:59 2665A3D34D1C62DF303723422215B001 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-05-13 08:10:47 C3120D99E6DA7878A1DD2D88138AC60A 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-05-13 08:10:47 9025CA7BCD6B7956366FC90B3D6E3933 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-13 08:10:46 CFCB89C0FE8EF502A7934C0D20E5DBD6 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 08:10:46 C1A32612710492D0C3339E46EC15E333 504320 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-05-13 08:10:46 AA2F2D55DEF98007839D0189D721D70B 1310208 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-05-13 08:10:46 8C00AB01B1BC1E2F69765776BBC5A5D1 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-13 08:10:46 746BBC86351D07859D8B40056447F7B2 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-13 08:10:46 6388FC82897DDDA607BBE3580D75AE15 342736 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 08:10:45 D74445161E58644309F858342F5E265C 19691008 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-05-13 08:10:45 C2EB0AA5570CF8BC881B36EE55A59337 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 08:10:45 7B4FA4B41FBDBB12C5038FCB6E6652AA 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 08:10:44 F2DB87F164BC13AB8EF90FBF5D866B65 664576 ----a-w- C:\Windows\SysWOW64\jscript.dll 2015-05-13 08:10:44 E993B5E929F46A52E9F4EB68A7855CDF 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-05-13 08:10:44 CC4974FCF9387F32A0FF87BCE093A5AD 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-05-13 08:10:44 C525258A00ECFB4CE089F54C163268C3 2278400 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-05-13 08:10:44 63A2E3E9C771B1D4D7D84942D6FCB661 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-05-13 08:10:44 3CE5DE0730C22A54FE783DB8A989E8BD 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 08:10:44 28313FF0DE83EAD8F5EF1B963D9078C3 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 08:10:44 1BBC9CFD29A62D80FB77BB69BFF7513C 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 08:10:44 136687227F11CE928CB05F4FD90319AC 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 08:10:43 BCFA71A878903B5F92A7AFEFCCC5CA97 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-05-13 08:10:43 5AAC24BF6C4A54DA526CC6244DEBE227 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 08:10:43 0E22CD36FC3292CB812CC46CBCFD8444 12828672 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-05-13 08:10:42 1C5C5B5EF9CFDFC897D4549A2385DB3A 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-13 08:10:41 CB5F450D21B9D76B7F01D006E4AEDB40 1882112 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-05-13 08:10:41 6E2B4875B968324E5844F35A37A79260 4305920 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-05-13 08:10:41 37625FC1DAF886F1980E2D8F315B93AC 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-05-13 08:10:41 07E82A31808C8BC053D1DE547082C58F 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2015-05-13 08:10:15 8D50ED3F0FBE3590AB0D43BF7B60E57A 3989440 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-13 08:10:14 D0F574320615303ADECDCB452EBB8930 635392 ----a-w- C:\Windows\SysWOW64\tdh.dll 2015-05-13 08:10:14 0A66C88B087249742381924AB8F9EFCC 3934144 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-13 08:10:13 EB058143B57ED460AC4F2DFBA104BBFF 364544 ----a-w- C:\Windows\SysWOW64\tracerpt.exe 2015-05-13 08:10:13 C6D2D384B6232B0B800234C03C50979F 82944 ----a-w- C:\Windows\SysWOW64\logman.exe 2015-05-13 08:10:13 A44680B810977EA64E280523E96F2EA9 1310744 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2015-05-13 08:10:13 8C45A65ED20B487085B79EEFCC08D160 92160 ----a-w- C:\Windows\SysWOW64\sechost.dll 2015-05-13 08:10:13 850F756363237A2EB069B9B25EF8BEC3 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-05-13 08:10:13 7F99900705E249E9D5C55E490B7D076E 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2015-05-13 08:10:13 7A5824DC9A85FCE4334F57FF0795853E 641536 ----a-w- C:\Windows\SysWOW64\advapi32.dll 2015-05-13 08:10:13 74C0EC1257698176E288DA282F318E1C 40448 ----a-w- C:\Windows\SysWOW64\typeperf.exe 2015-05-13 08:10:13 66D6A06936088E412E29A182679F0D71 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-05-13 08:10:13 54A01CC4BC47B31C5CD082D064AB37BC 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-05-13 08:10:13 1569F20BB9DB9FDC87A6D3C8A3726ABF 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2015-05-13 08:10:13 0B6E937863837BA3383E9CE9200DDF1E 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-05-13 08:10:12 FCB1C8345C794FE89ABA03B4CA3131BB 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-05-13 08:10:12 F43CB86F9536B17E5C7CFCFB48ACBE54 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-05-13 08:10:12 F286528898342F0F1EB402606750C391 17408 ----a-w- C:\Windows\SysWOW64\diskperf.exe 2015-05-13 08:10:12 D9E25B4BD2120CC5183CCCE9421C7AFE 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-05-13 08:10:12 AFFE5747054D03F8CEE18A8518A9AA34 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-05-13 08:10:12 ABA025664F9F42C568B2C022AADCB18F 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-05-13 08:10:12 99A508910BB06DFBE99D9AF7D6B4E950 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-05-13 08:10:12 97B30711DC6CA0EA4EACEDCE8080A3B4 37888 ----a-w- C:\Windows\SysWOW64\relog.exe 2015-05-13 08:10:12 9638DA21E965E23C85C4319F3F66D824 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2015-05-13 08:10:12 79AF005633B7E41B7A194A7E7B9D3D93 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-05-13 08:10:12 741DB93796E7D4F3F804C13537FB40F4 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-05-13 08:10:12 6BB13D5E12C5C4D829C1D640DF269EA0 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2015-05-13 08:10:12 3346701038E55BD366F3D5CE31F55483 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 08:10:11 D9716B488CC27652C12B1B5E0944987E 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-05-13 08:10:11 D079A408CC3E22A09D1260A6F18FC0FD 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-05-13 08:10:11 BF9BB4113E9FCDABD4C703DDD06293F3 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-05-13 08:10:11 86B2AC15999BB4F8B5C84AB6154A1783 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-05-13 08:09:55 418AEC0CE89A13200F2820079B9CDFD9 216064 ----a-w- C:\Windows\SysWOW64\InkEd.dll 2015-05-13 08:09:53 C22AB1781BC6F0BB1C9B352CF66DBFFC 1250816 ----a-w- C:\Windows\SysWOW64\DWrite.dll 2015-05-13 08:09:48 744AB3C1A73A57DEED49D631F1BDEA1D 2311168 ----a-w- C:\Windows\SysWOW64\wpdshext.dll 2015-05-13 08:09:45 C489D8B4D8C64F20CC75A93F541F7D91 123904 ----a-w- C:\Windows\SysWOW64\poqexec.exe 2015-05-13 08:09:18 DCA2C6E7990771209CDD8E9DA90ED0E2 5120 ----a-w- C:\Windows\SysWOW64\shimeng.dll 2015-05-13 08:09:18 D3E8C7FADB758E5D222C639CC65790AD 295936 ----a-w- C:\Windows\SysWOW64\apphelp.dll 2015-05-13 08:09:18 715C060150D969B0DE5DD5B365A712AF 20992 ----a-w- C:\Windows\SysWOW64\sdbinst.exe 2015-04-30 17:37:13 4E498748961C77D626515992B77E7A94 326680 ----a-w- C:\Windows\SysWOW64\SRCOM.dll 2015-04-30 17:36:49 089916C8EF42058932A631CB9D2ED640 539624 ----a-w- C:\Windows\SysWOW64\SECOMN32.DLL 2015-04-30 17:36:46 D978E75B34E60D9BCE62D3A8AB574D0A 2498416 ----a-w- C:\Windows\SysWOW64\RltkAPO.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-05-13 20:32:02 189FB45D7442083AE8A2E4E612233EF7 124112 ----a-w- C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 08:11:00 8AD8D17425C75D2621B2CDFE0DEABD21 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-05-13 08:10:59 ED4B980701D081AC42F7B121C1E42149 460800 ----a-w- C:\Windows\Sysnative\certcli.dll 2015-05-13 08:10:50 71C85477DF9347FE8E7BC55768473FCA 328704 ----a-w- C:\Windows\Sysnative\services.exe 2015-05-13 08:10:47 9DCD15027A13195ABA68B40A5EB26691 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-05-13 08:10:46 E802824B9B4A16355A5233A7B8215ECE 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-05-13 08:10:46 70EDB996FE1BCB699232A15CB0D0FA32 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-05-13 08:10:46 5EDC6AF7589B65C89CB1154B3377D0C4 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-05-13 08:10:46 1122DD841CCB7E07EF41039CBD66A29E 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-05-13 08:10:45 6D2787CD32595A91969502A399E7BA48 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-05-13 08:10:44 ED4EB5A0CDD251A17B946C515CB94D70 1547264 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-05-13 08:10:44 D7B9EEF960F68DC18724BB5F89A464DD 389840 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-05-13 08:10:44 010F562B961AB8CAEC7A0C72F8FDD690 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-05-13 08:10:43 F28577138120BA7E5423820D4B4C4727 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-05-13 08:10:43 EB9FCD39D65E23380CB2C2F0E6F2ED53 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-05-13 08:10:43 E20B5098C8707B2CF0858024568234FF 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-05-13 08:10:43 49B1935F131A44CD29857D6900CB643F 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-05-13 08:10:43 2A2CDE78F9E9019AD0E4D804A02688A3 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-05-13 08:10:42 F918BE3C5ACA0B6485D725CC1A5348DC 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-05-13 08:10:42 B85ECB91C88F6E74045061B7F7DDEFA2 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-05-13 08:10:42 843D063E75B19188759CBEC82828BCB1 2885120 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-05-13 08:10:41 CA0369799519F33DDE8FD26F5D87D014 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-05-13 08:10:41 29BBA65402DD568F49C837533F269482 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-05-13 08:10:41 0B4E78E6E65D1FD2CE55C93CF1EFD623 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-05-13 08:10:40 FFC30231459FC44FD73E07532C707791 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-05-13 08:10:40 E061B5A1D0F9BBACA41149201ADF4A3B 14401536 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-05-13 08:10:40 1D610F215769E4FF56C7B1847DE4B86D 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-05-13 08:10:40 1921A72BF1273BED72E569EF1F1A0611 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-05-13 08:10:39 F0289B3A341429117696F0279DA977B6 2352128 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-05-13 08:10:39 DC1200D3C3AC1E69A4DAD053BC26BF0D 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-05-13 08:10:39 C1D6BD834E69E8F77C8B4DDFCEE073F6 417792 ----a-w- C:\Windows\Sysnative\html.iec 2015-05-13 08:10:39 79A4C71CD8B610DE9F66B72B5654C450 6025728 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-05-13 08:10:39 63061A0826839DE8F5B4713976C99F1B 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2015-05-13 08:10:38 F2A1718334172C0F4E231E998F6CB8AB 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-05-13 08:10:38 C31D57F7A58FACDA2671075CEBA75199 24971776 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-05-13 08:10:38 5A18ACE782C215300BE1C82D9EDC565B 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-05-13 08:10:16 EA8A3E8C674B03CB4AFA1D344DBD7BC1 1254400 ----a-w- C:\Windows\Sysnative\diagtrack.dll 2015-05-13 08:10:16 D449C36379EBEFD3CCDAEC328002BB5B 36864 ----a-w- C:\Windows\Sysnative\UtcResources.dll 2015-05-13 08:10:16 A985325F4FE72FB003749A2FBBA9952E 5569984 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-05-13 08:10:15 8453010B6512DAEAFC61CC0836FA137E 1728960 ----a-w- C:\Windows\Sysnative\ntdll.dll 2015-05-13 08:10:14 B01B21E15671ACD3F0AD131DC4CABFC7 879104 ----a-w- C:\Windows\Sysnative\advapi32.dll 2015-05-13 08:10:14 10D39E74B0D5011A8C199B9646579C3F 879104 ----a-w- C:\Windows\Sysnative\tdh.dll 2015-05-13 08:10:13 FE60A67032A5C94F6ACE483C8FE84105 47104 ----a-w- C:\Windows\Sysnative\typeperf.exe 2015-05-13 08:10:13 FDF1E0FD74DED0034BA6FFB665E0641E 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2015-05-13 08:10:13 EE27E1D639E3807229C15AF94320CF0A 404992 ----a-w- C:\Windows\Sysnative\tracerpt.exe 2015-05-13 08:10:13 E55A72876BC5E244D0A8F7F07862A939 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2015-05-13 08:10:13 DA8B541825991F6699790E617FF0FF60 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-05-13 08:10:13 DA5EF2CC0764BE7097BAFA9CAF903FE8 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2015-05-13 08:10:13 D17DD01601460F5899E5C154B3FD0BFA 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2015-05-13 08:10:13 CD3770C78AFFC223A3B9D38F27B7A309 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-05-13 08:10:13 CCAB9BE9C9100C5F54A5A8F355730841 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-05-13 08:10:13 A0BCD6A64281492EFAE02AC144A335F1 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2015-05-13 08:10:13 9C5DBA74D0C641C2A4ABDC79969B7BEF 104448 ----a-w- C:\Windows\Sysnative\logman.exe 2015-05-13 08:10:13 52935C072F8D5A92508AA3A3CC9133C7 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-05-13 08:10:13 52146DBFE253B83FAB1980AA704C7974 113664 ----a-w- C:\Windows\Sysnative\sechost.dll 2015-05-13 08:10:13 408A8232E84515E4AA819E0C95E65257 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-05-13 08:10:13 2292CD8500725B94B7D2E3C0C84F2D19 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-05-13 08:10:13 1C9F2F4A2C603739BD8CC8C64310AFD7 1162752 ----a-w- C:\Windows\Sysnative\kernel32.dll 2015-05-13 08:10:13 0CD609B1143961F5C3BA691729A6A5DA 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-05-13 08:10:12 E1B0C7042BA7B8903D60DF3885F2DFE7 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2015-05-13 08:10:12 D2602AC48B38FA10956E32D18E7143B0 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2015-05-13 08:10:12 D205305FB0E352A9D4CF922D6A016BF4 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2015-05-13 08:10:12 BB7BAF9532DBA5AB4009E981687D1EA6 19456 ----a-w- C:\Windows\Sysnative\diskperf.exe 2015-05-13 08:10:12 ADC2D7B5BFF277E5A9FACE6A21A24ABC 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-05-13 08:10:12 ACE24D86D2714FCC1639F890DF54951B 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-05-13 08:10:12 A3DCC3D8BB57E31EA07949313CC3A3CF 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2015-05-13 08:10:12 9262D6E2C239EDD6D87B080F2BCCEC9F 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-05-13 08:10:12 90293AAC2AB0908BFF98ADB89CEBC931 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2015-05-13 08:10:12 8C711AF30BE3991050D0D011D92CFBE0 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-05-13 08:10:12 79F036EB691ABBA84E8EB1715E5F2B17 43008 ----a-w- C:\Windows\Sysnative\relog.exe 2015-05-13 08:10:12 50EBA6640805F6D5EF4A0DCEF2D180AB 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-05-13 08:10:12 4DD0098FFAB4664DB979537C48AE055F 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-05-13 08:10:12 40C5EA47D4AEC96249B09BF0C076A60C 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-05-13 08:10:12 0D9BDBE780DD81757AC5AF87E8B1EBEC 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-05-13 08:10:11 AF278DB00C43E925E58C8CA2C0CF4C71 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-05-13 08:10:11 90DC7B112F946B412C9CDC6F459F4053 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-05-13 08:10:11 7A448B8CED7F7348C36159D5CC8E19ED 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-05-13 08:09:55 6B0F962B1EE486FFE7BCABBC9C736976 24576 ----a-w- C:\Windows\Sysnative\jnwmon.dll 2015-05-13 08:09:55 2B36E0C5C262437E1B098344DEFA55F8 275456 ----a-w- C:\Windows\Sysnative\InkEd.dll 2015-05-13 08:09:53 E612E86FA15EA1EF9A52433A2743C447 1179136 ----a-w- C:\Windows\Sysnative\FntCache.dll 2015-05-13 08:09:53 490505F6E53EF046EC70A353BC9CD615 1647104 ----a-w- C:\Windows\Sysnative\DWrite.dll 2015-05-13 08:09:52 D858C33B133740D5F1F1CF71C33F6355 3204608 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-05-13 08:09:48 E5404072A5A9E0B452ADDF1D1339176C 2543104 ----a-w- C:\Windows\Sysnative\wpdshext.dll 2015-05-13 08:09:45 C7E50B04623FC6FF54EAF88938A8936E 142336 ----a-w- C:\Windows\Sysnative\poqexec.exe 2015-05-13 08:09:18 F55F287810AAF708618793764AF7D1BB 23552 ----a-w- C:\Windows\Sysnative\sdbinst.exe 2015-05-13 08:09:18 83BFCCAC53795E8A5055A93672D0C46C 72192 ----a-w- C:\Windows\Sysnative\aelupsvc.dll 2015-05-13 08:09:18 7E21D3072EB20D5400919D435D549A9B 6656 ----a-w- C:\Windows\Sysnative\shimeng.dll 2015-05-13 08:09:18 31D260ADAF1CCFEFC49DB9FBCE9986DA 342016 ----a-w- C:\Windows\Sysnative\apphelp.dll 2015-04-30 17:40:23 8A9268F2536ABDEE5C6C9868DB69BA49 110080 ----a-w- C:\Windows\Sysnative\DelayAPO.dll 2015-04-30 17:39:32 0D2106264D437A031DD64A9DA514357F 73800 ----a-w- C:\Windows\Sysnative\RtNicProp64.dll 2015-04-30 17:37:14 DD279FF823A21C586A047EE2C1227FCB 2421480 ----a-w- C:\Windows\Sysnative\YamahaAE2.dll 2015-04-30 17:37:14 BDA340F6BC694D6BC94F7EFA35F3BC68 213432 ----a-w- C:\Windows\Sysnative\tossaemaxapo64.dll 2015-04-30 17:37:13 EC05C33DF2CF20D839FE3650505ED6ED 734376 ----a-w- C:\Windows\Sysnative\sltech64.dll 2015-04-30 17:37:13 A7BF7ABF7F7060650C304A39AA3DB471 451608 ----a-w- C:\Windows\Sysnative\SRAPO64.dll 2015-04-30 17:37:13 6F8B108E8B57AC88F90D6EA13B2A1755 1104040 ----a-w- C:\Windows\Sysnative\slcnt64.dll 2015-04-30 17:37:13 6237222E779D1A47B762FCC442843382 1411096 ----a-w- C:\Windows\Sysnative\SRRPTR64.dll 2015-04-30 17:37:13 5300D47CC8A1A097B59597074BF63DDA 366616 ----a-w- C:\Windows\Sysnative\SRCOM64.dll 2015-04-30 17:37:13 4E498748961C77D626515992B77E7A94 326680 ----a-w- C:\Windows\Sysnative\SRCOM.dll 2015-04-30 17:37:13 2E4C258CB2FF3D249FD0ABBCABC664A1 250536 ----a-w- C:\Windows\Sysnative\slprp64.dll 2015-04-30 17:37:02 DBB99601D716F92CDD97CE4E60865319 943784 ----a-w- C:\Windows\Sysnative\sl3apo64.dll 2015-04-30 17:36:50 FD605BE17B815187F6F67BF451BD4C15 833512 ----a-w- C:\Windows\Sysnative\SEHDRA64.dll 2015-04-30 17:36:50 E5A87390F195E465D6D694DEABF20098 647656 ----a-w- C:\Windows\Sysnative\SECOMN64.dll 2015-04-30 17:36:49 F7648065C4A5436C4C279C2F9EBE2EE6 432104 ----a-w- C:\Windows\Sysnative\SEAPO64.dll 2015-04-30 17:36:49 B97ACFAECF23FE4A508673C59CB48597 2888920 ----a-w- C:\Windows\Sysnative\RtPgEx64.dll 2015-04-30 17:36:49 1C7274FAC9FDCF30BAB41CAE54689951 2702040 ----a-w- C:\Windows\Sysnative\RTSnMg64.cpl 2015-04-30 17:36:47 AF70978706F94E1453E68F81C123CA80 3218800 ----a-w- C:\Windows\Sysnative\RtkApi64.dll 2015-04-30 17:36:46 6C521BAB97D0AA88CFFF62A10C868AD9 1298136 ----a-w- C:\Windows\Sysnative\RTCOM64.dll 2015-04-30 17:36:46 5F30AA753679BA446DA71E69113861C9 2808176 ----a-w- C:\Windows\Sysnative\RltkAPO64.dll 2015-04-30 17:36:46 4A1CA878196886743FE0E84F02C2C1DA 631000 ----a-w- C:\Windows\Sysnative\RtDataProc64.dll 2015-04-30 17:36:45 FC6397E8B9551A4822A75944A95D4185 1708248 ----a-w- C:\Windows\Sysnative\RCoInstII64.dll 2015-04-30 17:36:45 CD3F906FFA6CC16B27DADB0B913C83A7 72113152 ----a-w- C:\Windows\Sysnative\RCoRes64.dat 2015-04-30 17:36:44 0DFE807693F6BAC18DDE6F86478D0156 5486344 ----a-w- C:\Windows\Sysnative\NAHIMICV2apo.dll 2015-04-30 17:36:42 CF5C73F640839D19EDA9D14046531163 12975360 ----a-w- C:\Windows\Sysnative\MaxxVoiceAPO3064.dll 2015-04-30 17:36:41 A2735EF4F7D5FA18B539A4CFD3471356 1360640 ----a-w- C:\Windows\Sysnative\MaxxAudioAPO6064.dll 2015-04-30 17:36:40 E6B2E3CE34C6269E8EF9A0F2A7068412 306288 ----a-w- C:\Windows\Sysnative\ICEsoundAPO64.dll 2015-04-30 17:36:38 755C864DF958752C11145FB36C248EB3 2902040 ----a-w- C:\Windows\Sysnative\FMAPO64.dll 2015-04-30 17:36:38 03B3FDBF4E7336EA01EB1F80B8A06820 6242576 ----a-w- C:\Windows\Sysnative\DDPP64AF3.dll 2015-04-30 17:36:37 DE67ADEAC731C1ED3BD76527AB530BA5 315736 ----a-w- C:\Windows\Sysnative\DDPO64A.dll 2015-04-30 17:36:37 CAC823DDBB6E785DB76906BFCCFE55AF 261464 ----a-w- C:\Windows\Sysnative\DDPA64.dll 2015-04-30 17:36:37 C71D1DAFA22B5D3B71853783E5AA09D2 7087448 ----a-w- C:\Windows\Sysnative\DDPP64A.dll 2015-04-30 17:36:37 52B5ADE064EC99FD5FF740CF35BB4907 336144 ----a-w- C:\Windows\Sysnative\DDPO64AF3.dll 2015-04-30 17:36:37 1EA86BB2AA1717F105544F9DCD7DD590 284944 ----a-w- C:\Windows\Sysnative\DDPA64F3.dll 2015-04-30 17:36:37 01E7B306CBBEAEFB32118FB229CE200F 1933584 ----a-w- C:\Windows\Sysnative\DDPD64AF3.dll 2015-04-30 17:36:37 018EFD4A9BF6FDA0F1AA3A6DE5712CD9 1939800 ----a-w- C:\Windows\Sysnative\DDPD64A.dll ====== C:\Windows\Sysnative\drivers ===== 2015-05-13 08:10:13 F7DFAE6040AC910B7C64EE208A34157D 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-05-13 08:10:13 8FE94F2EF9BF444E93E35D87E210D02F 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-04-30 17:40:23 ED38B8924DE8C806A2A1C12C4F61E9CF 94720 ----a-w- C:\Windows\Sysnative\drivers\AtihdW76.sys 2015-04-30 17:39:32 DCF7221D6588EDA8CD77CB27AE9B1844 977624 ----a-w- C:\Windows\Sysnative\drivers\Rt64win7.sys 2015-04-30 17:36:48 F63A8126646CDAE214143738BDAB4267 4408792 ----a-w- C:\Windows\Sysnative\drivers\RTKVHD64.sys 2015-04-30 17:36:46 8EEC019618787A1B941EE6E35CB3A3C4 1709083 ----a-w- C:\Windows\Sysnative\drivers\RTAIODAT.DAT 2015-04-17 13:11:02 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf 2015-04-15 06:16:38 F61634BEC53F73702A10DE69F6DCAF57 754688 ----a-w- C:\Windows\Sysnative\drivers\http.sys ====== C:\Windows\Tasks ====== 2015-04-19 10:02:12 A84CB1F26DB7CC2A0A0F8F5101167E86 2730 ----a-w- C:\Windows\Sysnative\Tasks\WinUtilities_Disk_Cleaner_D81CDF27E9284401 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-04-17 12:30:45 -------- d-----w- C:\Program Files\ACR38_100_122 PCSC Driver ======= C:\PROGRA~2 ===== 2015-05-07 10:19:10 -------- d-----w- C:\PROGRA~2\Caricature Software 2015-04-19 10:00:41 -------- d-----w- C:\PROGRA~2\WinUtilities 2015-04-17 13:15:23 -------- d-----w- C:\PROGRA~2\Belgium Identity Card 2015-04-17 12:19:41 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\verheyen\AppData\Roaming ====== 2015-05-14 05:49:00 -------- d-----w- C:\Users\verheyen\AppData\Local\CrashDumps 2015-05-11 22:01:18 -------- d-----w- C:\Users\verheyen\AppData\Local\qb25CAB96.B2 2015-05-08 09:57:23 -------- d-----w- C:\Users\verheyen\AppData\Local\SquirrelTemp 2015-05-04 10:18:56 -------- d-----w- C:\Users\verheyen\AppData\Local\qb5C8B0D5.67 2015-05-04 10:08:03 -------- d-----w- C:\Users\verheyen\AppData\Local\qb5BEB8D1.39 2015-05-04 09:48:11 -------- d-----w- C:\Users\verheyen\AppData\Local\qb5AC888D.5F 2015-04-30 14:04:02 -------- d-----w- C:\Users\verheyen\AppData\Local\qb1A7F658.D1 2015-04-28 13:25:43 -------- d-----w- C:\Users\verheyen\AppData\Local\qb184C0A7.BF 2015-04-23 14:04:45 -------- d-----w- C:\Users\verheyen\AppData\Local\qb208C26E.16 2015-04-23 10:17:46 -------- d-----w- C:\Users\verheyen\AppData\Local\qb138F09B.90 2015-04-23 10:15:44 -------- d-----w- C:\Users\verheyen\AppData\Local\qb13714FC.50 2015-04-23 09:55:54 -------- d-----w- C:\Users\verheyen\AppData\Local\qb124EB8C.C3 2015-04-23 09:39:09 -------- d-----w- C:\Users\verheyen\AppData\Local\qb11596F6.8C 2015-04-23 09:35:14 -------- d-----w- C:\Users\verheyen\AppData\Local\qb112011E.45 2015-04-23 08:52:50 -------- d-----w- C:\Users\verheyen\AppData\Local\qbEB2E16.3B 2015-04-23 08:21:38 -------- d-----w- C:\Users\verheyen\AppData\Local\qbCE9EB2.62 2015-04-23 08:16:16 -------- d-----w- C:\Users\verheyen\AppData\Local\qbC9B667.A2 2015-04-23 08:14:30 -------- d-----w- C:\Users\verheyen\AppData\Local\qbC81854.E1 2015-04-23 07:55:31 -------- d-----w- C:\Users\verheyen\AppData\Local\qbB6B483.BE 2015-04-23 07:50:32 -------- d-----w- C:\Users\verheyen\AppData\Local\qbB22677.DF 2015-04-23 06:31:05 -------- d-----w- C:\Users\verheyen\AppData\Local\qb6967E8.B7 2015-04-23 05:59:03 -------- d-----w- C:\Users\verheyen\AppData\Local\qb4C16DB.46 2015-04-23 05:55:00 -------- d-----w- C:\Users\verheyen\AppData\Local\qb4860E5.03 2015-04-23 05:44:33 -------- d-----w- C:\Users\verheyen\AppData\Local\qb3ECCB1.50 2015-04-22 21:19:12 -------- d-----w- C:\Users\verheyen\AppData\Local\qb3673035.91 2015-04-22 20:00:52 -------- d-----w- C:\Users\verheyen\AppData\Local\qb31F7992.B3 2015-04-22 20:00:02 -------- d-----w- C:\Users\verheyen\AppData\Local\qb31EB5A8.74 2015-04-22 19:11:10 -------- d-----w- C:\Users\verheyen\AppData\Local\qb2F1F69D.9A 2015-04-22 18:44:44 -------- d-----w- C:\Users\verheyen\AppData\Local\qb2D9C688.2E 2015-04-21 16:53:53 -------- d-----w- C:\Users\verheyen\AppData\Local\qb2656E48.F5 2015-04-21 16:49:55 -------- d-----w- C:\Users\verheyen\AppData\Local\qb261CD49.39 2015-04-21 14:17:27 -------- d-----w- C:\Users\verheyen\AppData\Local\qb1D63951.DF 2015-04-21 10:22:16 -------- d-----w- C:\Users\verheyen\AppData\Local\qbFEE506.F1 2015-04-21 10:21:36 -------- d-----w- C:\Users\verheyen\AppData\Local\qbFE4BF2.C3 2015-04-21 09:38:07 -------- d-----w- C:\Users\verheyen\AppData\Roaming\TomTom 2015-04-20 19:45:57 -------- d-----w- C:\Users\verheyen\AppData\Local\qb2FB029E.62 2015-04-20 17:38:55 -------- d-----w- C:\Users\verheyen\AppData\Local\qb286B566.22 2015-04-20 17:38:10 -------- d-----w- C:\Users\verheyen\AppData\Local\qb2860902.37 ====== C:\Users\verheyen ====== 2015-04-21 09:38:10 -------- d-----w- C:\ProgramData\TomTom 2015-04-19 10:00:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities 2015-04-17 13:16:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID ====== C: exe-files == 2015-05-13 08:10:50 71C85477DF9347FE8E7BC55768473FCA 328704 ----a-w- C:\Windows\System32\services.exe 2015-05-13 08:10:47 9DCD15027A13195ABA68B40A5EB26691 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2015-05-13 08:10:46 5EDC6AF7589B65C89CB1154B3377D0C4 720384 ----a-w- C:\Windows\System32\ie4uinit.exe 2015-05-13 08:10:46 4B3D652AACEE4FE636F74CB8015BF00E 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2015-05-13 08:10:44 EC75F14CC85659C780A0DC575F7B1242 815304 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2015-05-13 08:10:44 A2A98DBD9E13B81AB68FB6A699A157CB 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2015-05-13 08:10:44 2AA6685FC67CDD231BA0345112DFEE89 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2015-05-13 08:10:44 1BBC9CFD29A62D80FB77BB69BFF7513C 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 08:10:43 2A2CDE78F9E9019AD0E4D804A02688A3 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2015-05-13 08:10:42 CDBB6EFC96D0567951A13A6ABDCA1FDE 484864 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2015-05-13 08:10:42 ABE6FDB01D22FD63BB190BF95F5BC9B6 813776 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2015-05-13 08:10:41 29BBA65402DD568F49C837533F269482 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-05-13 08:10:16 A985325F4FE72FB003749A2FBBA9952E 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-05-13 08:10:15 8D50ED3F0FBE3590AB0D43BF7B60E57A 3989440 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-13 08:10:14 0A66C88B087249742381924AB8F9EFCC 3934144 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-13 08:10:13 FE60A67032A5C94F6ACE483C8FE84105 47104 ----a-w- C:\Windows\System32\typeperf.exe 2015-05-13 08:10:13 EE27E1D639E3807229C15AF94320CF0A 404992 ----a-w- C:\Windows\System32\tracerpt.exe 2015-05-13 08:10:13 EB058143B57ED460AC4F2DFBA104BBFF 364544 ----a-w- C:\Windows\SysWOW64\tracerpt.exe 2015-05-13 08:10:13 E55A72876BC5E244D0A8F7F07862A939 338432 ----a-w- C:\Windows\System32\conhost.exe 2015-05-13 08:10:13 DA5EF2CC0764BE7097BAFA9CAF903FE8 112640 ----a-w- C:\Windows\System32\smss.exe 2015-05-13 08:10:13 C6D2D384B6232B0B800234C03C50979F 82944 ----a-w- C:\Windows\SysWOW64\logman.exe 2015-05-13 08:10:13 9C5DBA74D0C641C2A4ABDC79969B7BEF 104448 ----a-w- C:\Windows\System32\logman.exe 2015-05-13 08:10:13 74C0EC1257698176E288DA282F318E1C 40448 ----a-w- C:\Windows\SysWOW64\typeperf.exe 2015-05-13 08:10:13 52935C072F8D5A92508AA3A3CC9133C7 296960 ----a-w- C:\Windows\System32\rstrui.exe 2015-05-13 08:10:12 F43CB86F9536B17E5C7CFCFB48ACBE54 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-05-13 08:10:12 F286528898342F0F1EB402606750C391 17408 ----a-w- C:\Windows\SysWOW64\diskperf.exe 2015-05-13 08:10:12 D9E25B4BD2120CC5183CCCE9421C7AFE 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-05-13 08:10:12 BB7BAF9532DBA5AB4009E981687D1EA6 19456 ----a-w- C:\Windows\System32\diskperf.exe 2015-05-13 08:10:12 AFFE5747054D03F8CEE18A8518A9AA34 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-05-13 08:10:12 97B30711DC6CA0EA4EACEDCE8080A3B4 37888 ----a-w- C:\Windows\SysWOW64\relog.exe 2015-05-13 08:10:12 9262D6E2C239EDD6D87B080F2BCCEC9F 31232 ----a-w- C:\Windows\System32\lsass.exe 2015-05-13 08:10:12 79F036EB691ABBA84E8EB1715E5F2B17 43008 ----a-w- C:\Windows\System32\relog.exe 2015-05-13 08:10:12 4DD0098FFAB4664DB979537C48AE055F 64000 ----a-w- C:\Windows\System32\auditpol.exe 2015-05-13 08:10:11 D9716B488CC27652C12B1B5E0944987E 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-05-13 08:09:56 D5E35700566B225CBF8ECD7F92C460C8 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe 2015-05-13 08:09:55 0DBC9BB05703CA0D8792E2075D62B3C3 51200 ----a-w- C:\Program Files\Windows Journal\PDIALOG.exe 2015-05-13 08:09:45 C7E50B04623FC6FF54EAF88938A8936E 142336 ----a-w- C:\Windows\System32\poqexec.exe 2015-05-13 08:09:45 C489D8B4D8C64F20CC75A93F541F7D91 123904 ----a-w- C:\Windows\SysWOW64\poqexec.exe 2015-05-13 08:09:18 F55F287810AAF708618793764AF7D1BB 23552 ----a-w- C:\Windows\System32\sdbinst.exe 2015-05-13 08:09:18 715C060150D969B0DE5DD5B365A712AF 20992 ----a-w- C:\Windows\SysWOW64\sdbinst.exe 2015-05-11 20:31:00 D77325C2D61018136BA2E2216437811C 855040 ----a-w- C:\TomTom\BackUp\PACOMP.EXE 2015-05-11 20:31:00 661E39B33E270FA1ABE1638715082E0A 149966 ----a-w- C:\TomTom\BackUp\BackUp-TT.exe 2015-05-11 20:30:11 C0E7820475A32CB431A95216BA11EFEF 348160 ------w- C:\TomTom\BackUp\InstallTomTomHOME.exe 2015-05-07 10:19:12 F6AD02A8EFB2A3B3487CD78259E58096 97878 ----a-r- C:\Users\verheyen\AppData\Roaming\Microsoft\Installer\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}\_853F67D554F05449430E7E.exe 2015-05-07 10:19:12 C6641995FEB2607517B087E86B283CF5 3134 ----a-r- C:\Users\verheyen\AppData\Roaming\Microsoft\Installer\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}\_CFAB5842CE4CA8EE43C154.exe 2015-05-07 10:19:12 8EFBEE68B1F87BA008D3A9065E0A728E 64790 ----a-r- C:\Users\verheyen\AppData\Roaming\Microsoft\Installer\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}\_FE06834DA7988E6849D002.exe 2015-05-07 10:19:12 8EFBEE68B1F87BA008D3A9065E0A728E 64790 ----a-r- C:\Users\verheyen\AppData\Roaming\Microsoft\Installer\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}\_112D608FD02CD87FDC7735.exe === C: other files == 2015-05-13 08:10:13 F7DFAE6040AC910B7C64EE208A34157D 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-05-13 08:10:13 8FE94F2EF9BF444E93E35D87E210D02F 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-05-13 08:09:52 D858C33B133740D5F1F1CF71C33F6355 3204608 ----a-w- C:\Windows\System32\win32k.sys 2015-05-11 18:19:35 5DC9CB0D04859B6430E2BDF0C2586459 890280203 ----a-w- C:\TomTom\BackUp\20150511_TT-BackUp_Device.zip 2015-05-11 15:38:18 B06E410EFB36FFAAC6A427463ECE8BBC 27202 ----a-w- C:\Users\verheyen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AQ3VSGUR\jw-cozy[1].zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2112388589-1658323544-2423709402-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\verheyen\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "AlcoholAutomount"="C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-2112388589-1658323544-2423709402-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\verheyen\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\verheyen\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "S6000Mnt"="C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt" "ApnTBMon"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" "TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" "AcronisTibMounterMonitor"="C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\verheyen\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "AlcoholAutomount"="C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\verheyen\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\verheyen\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~2\\settin~1\\systemk\\syskldr.dll c:\\progra~3\\wincert\\win32c~1.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" "SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe " "TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" "HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe " "00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe " "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdcBase.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~2\\settin~1\\systemk\\x64\\syskldr.dll c:\\progra~3\\wincert\\win64c~1.dll c:\\progra~2\\linkey\\ieexte~1\\iedll64.dll" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSC" "hkey"="HKLM" "command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Optimizer Pro" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Optimizer Pro\\OptProLauncher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\verheyen\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\verheyen\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^verheyen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk] "item"="MyPC Backup" "path"="C:\\Users\\verheyen\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MyPC Backup.lnk" "backup"="C:\\Windows\\pss\\MyPC Backup.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\MYPCBA~1\\MYPCBA~1.EXE" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15/04/2015 14:25] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2112388589-1658323544-2423709402-1000Core.job --a------ C:6CC:\Users\verheyen\AppData\Local\Facebook\Update\FacebookUpdate.exe [] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2112388589-1658323544-2423709402-1000UA.job --a------ C:CC:\Users\verheyen\AppData\Local\Facebook\Update\FacebookUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/03/2014 23:35] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:D6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Driver Booster SkipUAC (verheyen)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2112388589-1658323544-2423709402-1000Core" [C:\Users\verheyen\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2112388589-1658323544-2423709402-1000UA" [C:\Users\verheyen\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\WinUtilities_Disk_Cleaner_D81CDF27E9284401" [C:\Program Files (x86)\WinUtilities\ToolDiskCleaner.exe] "C:\Windows\SysNative\tasks\Nero\Nero Info" [C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe] ==== Firefox Extensions ====================== ProfilePath: C:\Users\verheyen\AppData\Roaming\TomTom\HOME\Profiles\w5ltk5xs.default - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Carminat TomTom - %ProfilePath%\extensions\RenaultTheme@tomtom.com ProfilePath: C:\Users\verheyen\AppData\Roaming\Mozilla\Firefox\Profiles\gr7g0d9e.default - Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\iobitascsurfingprotection@iobit.com - Snap.Do - %ProfilePath%\extensions\{17ef9813-2cff-430c-4ea8-161bac28cbbf} AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\verheyen\AppData\Roaming\Mozilla\Firefox\Profiles\gr7g0d9e.default F4C5E12008B713FE1B2F2A5990F00A43 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll - Shockwave for Director / Shockwave for Director 3CD19649B2C3023D65E67C056457A2BC - C:\Users\verheyen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Deleted Firefox Extensions ====================== C:\Users\verheyen\AppData\Roaming\Mozilla\Firefox\Profiles\gr7g0d9e.default\extensions\{17ef9813-2cff-430c-4ea8-161bac28cbbf} deleted ==== Chromium Look ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions fkkcgfbgohboipdhliafmacjnhjbhmim - No path found[] Google Docs - verheyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake MSN Homepage - verheyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim Google Wallet - verheyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Use Search Asst"="yes" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com" "SearchAssistant"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="no" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} e Url="Not_Found" {ACFCED41-E815-4D92-94AC-92056FEB9649} Google Url="Not_Found" {E733165D-CBCF-4FDA-883E-ADEF965B476C} Google Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2112388589-1658323544-2423709402-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully HKEY_USERS\S-1-5-21-2112388589-1658323544-2423709402-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ACFCED41-E815-4D92-94AC-92056FEB9649} deleted successfully HKEY_USERS\S-1-5-21-2112388589-1658323544-2423709402-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\verheyen\Desktop\AVS Video Converter.lnk - C:\Program Files (x86)\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe C:\Users\verheyen\Desktop\ConvertXToDVD 5.lnk - C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe C:\Users\verheyen\Desktop\Download Grait - Snelkoppeling.lnk - D:\Download Grait C:\Users\verheyen\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\verheyen\Desktop\OziExplorer.lnk - C:\OziExplorer\OziExp.exe C:\Users\verheyen\Desktop\Paint.lnk - C:\Windows\system32\mspaint.exe C:\Users\verheyen\Desktop\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Users\verheyen\Desktop\Fietsen en Wandelen\Fietsen\RecentPlaces.lnk - C:\Users\verheyen\Desktop\NZB\Newzbin.lnk - C:\Program Files (x86)\Newzbin\Newzbin.exe C:\Users\verheyen\Desktop\NZB\Spotnet.lnk - C:\Program Files (x86)\Spotnet\Spotnet.exe C:\Users\verheyen\Desktop\Smart\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe C:\Users\verheyen\Desktop\Verkleinde Foto's\AJCompressCopy (Compress & copy pictures).lnk - C:\Program Files\Anne Jan\AJCompressCopy.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Ashampoo Photo Card 2.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Photo Card 2\ASHCARD.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\Nero 2014.lnk - C:\Windows\Installer\{D5115C78-2D22-4668-A5E2-6C87DED3ED1B}\NeroLauncher.ex_06255901E67449719980557FAA5EC1C6.exe C:\Users\Public\Desktop\Replay Music 5.lnk - C:\Program Files (x86)\Replay Music 5\ReplayMusic.exe C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{1845470B-EB14-4ABC-835B-E36C693DC07D}\SkypeIcon.exe C:\Users\Public\Desktop\WinUtilities.lnk - C:\Program Files (x86)\WinUtilities\WinUtil.exe ==== shortcuts in Users Start Menu ====================== C:\Users\verheyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.luckysearches.com/?type=sc&ts=1428157291&from=exp&uid=FUJITSUXMJA2500BHXG2_K937T9B2AUFGT9B2AUFGX C:\Users\verheyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo to Cartoon.lnk - C:\Users\verheyen\AppData\Roaming\Microsoft\Installer\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}\_CFAB5842CE4CA8EE43C154.exe C:\Users\verheyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.luckysearches.com/?type=sc&ts=1428157291&from=exp&uid=FUJITSUXMJA2500BHXG2_K937T9B2AUFGT9B2AUFGX ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.luckysearches.com/?type=sc&ts=1428157291&from=exp&uid=FUJITSUXMJA2500BHXG2_K937T9B2AUFGT9B2AUFGX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk - C:\Windows\Installer\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}\wmdc.exe /show C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Acronis True Image 2014.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Acronis WinPE ISO Builder.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\winpe_iso.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Controleren op updates.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe /check_updates C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools & Utilities\Acronis-back-up converteren.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe /convert_tib_to_vhd C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools & Utilities\Acronis-systeemrapport.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools & Utilities\Bestanden vernietigen.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe /file_shredder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools & Utilities\DriveCleanser.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe /drive_cleanser C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools & Utilities\Image koppelen.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe /mount_image C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools & Utilities\Opstartmedia maken.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools & Utilities\Schijf klonen.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe /clone_disk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools & Utilities\Systeem opschonen.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe /system_cleanup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools & Utilities\Try&Decide.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe /tnd_tool C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools & Utilities\Windows-back-up converteren.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe /convert_vhd_to_tib C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Office 2010 XAdES XL signature configuration.lnk - C:\Program Files (x86)\Belgium Identity Card\beidoffice2010_XAdES_XL.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Outlook registry configuration.lnk - C:\Program Files (x86)\Belgium Identity Card\beidoutlooksnc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\MapInstall.lnk - C:\Program Files (x86)\Garmin\MapInstall\MapInstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.luckysearches.com/?type=sc&ts=1428157291&from=exp&uid=FUJITSUXMJA2500BHXG2_K937T9B2AUFGT9B2AUFGX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in DirectX-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setDX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in OpenGL-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setOGL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth verwijderen.lnk - C:\Windows\SysWOW64\msiexec.exe /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Verwijder Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\TomTom HOME 2.lnk - C:\Windows\Installer\{0E09BE17-EDEA-42CA-8974-42A587F51510}\NewShortcut1_BB5D96B1D05B428EBAD4A437B7244768.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\TomTom MyDrive Connect.lnk - C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe "-startda" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\Verwijder TomTom HOME 2.lnk - C:\Windows\SysWOW64\msiexec.exe /x {0E09BE17-EDEA-42CA-8974-42A587F51510} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\Verwijder TomTom MyDrive Connect.lnk - C:\Program Files (x86)\MyDrive Connect\Uninstall TomTom MyDrive Connect.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities\Verwijder WinUtilities.lnk - C:\Program Files (x86)\WinUtilities\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities\WinUtilities.lnk - C:\Program Files (x86)\WinUtilities\WinUtil.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.luckysearches.com/?type=sc&ts=1428157291&from=exp&uid=FUJITSUXMJA2500BHXG2_K937T9B2AUFGT9B2AUFGX C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GrabIt.lnk - C:\Program Files (x86)\GrabIt\GrabIt.exe C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.luckysearches.com/?type=sc&ts=1428157291&from=exp&uid=FUJITSUXMJA2500BHXG2_K937T9B2AUFGT9B2AUFGX C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Nero 2014.lnk - C:\Windows\Installer\{D5115C78-2D22-4668-A5E2-6C87DED3ED1B}\NeroLauncher.ex_06255901E67449719980557FAA5EC1C6.exe C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.luckysearches.com/?type=sc&ts=1428157291&from=exp&uid=FUJITSUXMJA2500BHXG2_K937T9B2AUFGT9B2AUFGX C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Users\verheyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\verheyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\verheyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0C110 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1C01} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{e1a9f67c-f098-40cd-a7d6-36fb94e9426c} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\363FB0CBBA367FF4E81FEAD0F717B142 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC0C110 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\229583BF23E226447ACD725169416A06 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\verheyen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [MyDriveConnect.exe] "C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe" O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\RunOnce: [Uninstall C:\Users\verheyen\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\verheyen\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~2\settin~1\systemk\syskldr.dll c:\progra~3\wincert\win32c~1.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe O23 - Service: TomTomHOMEService - Unknown owner - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\verheyen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\verheyen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\verheyen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=549 folders=207 80711111 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\verheyen\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\verheyen\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 14/05/2015 at 8:31:42,56 ======================