Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Dany on do 17/09/2015 at 16:41:41,46. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode No Internet Access Detected Launched: D:\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 17/09/2015 16:43:09 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\FreeTime deleted successfully C:\Program Files\Fusion8Design deleted successfully C:\Program Files\GUM471D.tmp deleted successfully C:\Program Files\IGN-NGI deleted successfully C:\Program Files\IObit deleted successfully C:\Program Files\Mythicsoft deleted successfully C:\Program Files\PDF to Text deleted successfully C:\Program Files\Secunia deleted successfully C:\Program Files\Smarty Uninstaller deleted successfully C:\Program Files\Common Files\ActPrint deleted successfully C:\PROGRA~2\CanonEPP deleted successfully C:\PROGRA~2\CanonIJEPPEX2 deleted successfully C:\PROGRA~2\Easy Driver Pro deleted successfully C:\PROGRA~2\GiliSoft deleted successfully C:\PROGRA~2\r2 Studios deleted successfully C:\PROGRA~2\Roxio deleted successfully C:\PROGRA~2\Shared Space deleted successfully C:\PROGRA~2\SiteAdvisor deleted successfully C:\PROGRA~2\soft Xpansion deleted successfully C:\Users\Dany\AppData\Roaming\ieSpell deleted successfully C:\Users\Dany\AppData\Local\iCopy deleted successfully C:\Users\Dany\AppData\Local\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3053347038-3038983606-3769375406-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{162428A8-963C-4F56-B082-85D14FF75D3A} deleted successfully HKEY_USERS\S-1-5-21-3053347038-3038983606-3769375406-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0333C3E-9395-4C02-8B18-B01368CD6305} deleted successfully HKEY_USERS\S-1-5-21-3053347038-3038983606-3769375406-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_USERS\S-1-5-21-3053347038-3038983606-3769375406-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_USERS\S-1-5-21-3053347038-3038983606-3769375406-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully HKEY_USERS\S-1-5-21-3053347038-3038983606-3769375406-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivDogService] ==== Deleting Files \ Folders ====================== C:\Program Files\FreeTime not found C:\Program Files\Fusion8Design not found C:\Program Files\GUM471D.tmp not found C:\Program Files\IGN-NGI not found C:\Program Files\IObit not found C:\Program Files\Mythicsoft not found C:\Program Files\PDF to Text not found C:\Program Files\Secunia not found C:\Program Files\Smarty Uninstaller not found C:\Program Files\AdTrustMedia not found C:\Program Files\System Security Guard deleted C:\Program Files\GUMAEAC.tmp deleted C:\Program Files\Revo Uninstaller deleted C:\Program Files\Your Uninstaller! 7 deleted C:\Program Files\Wondershare deleted C:\PROGRA~2\InstallMate deleted C:\Users\Dany\AppData\Local\APN deleted C:\Users\Dany\AppData\Local\CrashRpt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise JetSearch deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted C:\Windows\system32\GroupPolicy\Machine deleted C:\Windows\system32\GroupPolicy\User deleted C:\Windows\system32\GroupPolicy\gpt.ini deleted C:\Windows\System32\AI_RecycleBin deleted S:\DownloadsAllePC\wpsetup (1).exe deleted "C:\Program Files\SUPERAntiSpyware\SASCore.exe" deleted "C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL" deleted "C:\Program Files\SUPERAntiSpyware" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== T:\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-09-06 18:59:11 -------- d-----w- C:\Program Files\SnipSnipSetup ======= C: ===== ====== C:\Users\Dany\AppData\Roaming ====== 2015-09-11 16:56:26 -------- d-----w- C:\Users\Dany\AppData\Roaming\Sun 2015-09-06 09:11:11 -------- d-----w- C:\Users\Dany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ====== C:\Users\Dany ====== 2015-09-11 16:56:25 -------- d-----w- C:\Users\Dany\.oracle_jre_usage 2015-09-11 16:55:58 -------- d-----w- C:\Windows\system32\config\systemprofile\.oracle_jre_usage 2015-09-09 10:35:13 354660836CB349D2DE2FE22F8F741FA9 23514192 ----a-w- C:\Users\Dany\Downloads\InstallMyDriveConnect_4_0_4_2260.exe ====== C: exe-files == 2015-09-16 08:10:10 FAC17E42199598C0352B9F5DC2EFFC85 88392 ----atw- C:\Program Files\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe 2015-09-16 08:10:10 77352A5A0833B1CA3B771148DA535CB6 88392 ----atw- C:\Program Files\Google\Update\1.3.28.15\GoogleUpdateWebPlugin.exe 2015-09-16 08:10:09 61A77DDEF5E8D85E8B0955C4E5127B39 88392 ----atw- C:\Program Files\Google\Update\1.3.28.15\GoogleUpdateBroker.exe 2015-09-16 08:10:05 D9A15F83CB6E5901A63F24CD7D58DBAF 929872 ----a-w- C:\Program Files\Google\Update\1.3.28.15\GoogleUpdateSetup.exe 2015-09-16 08:09:53 BFDCC0375C492C524E78647CEED3F77D 130888 ----atw- C:\Program Files\Google\Update\1.3.28.15\GoogleUpdateComRegisterShell64.exe 2015-09-16 08:09:52 E337785DA1958E9AB02DDB2369EF46E8 307016 ----atw- C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler64.exe 2015-09-16 08:09:51 A72BB48D9014A7D7C05F02F595F52D60 245576 ----atw- C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe 2015-09-16 08:09:48 053EEEE1ABAE53F044F1E386E22AE525 144200 ----atw- C:\Program Files\Google\Update\1.3.28.15\GoogleUpdate.exe 2015-09-16 08:09:44 D9A15F83CB6E5901A63F24CD7D58DBAF 929872 ----a-w- C:\Program Files\Google\Update\Install\{BB4080E4-6B9D-4449-8B28-1C8277BF5997}\GoogleUpdateSetup.exe 2015-09-16 08:09:44 D9A15F83CB6E5901A63F24CD7D58DBAF 929872 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.15\GoogleUpdateSetup.exe 2015-09-15 07:50:39 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\Dany.exe 2015-09-11 16:55:43 E408E46C5DD2D03A7474AA12BAABEFEE 15968 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\klist.exe 2015-09-11 16:55:43 D94C31E9C9C9A1273CC67DC6FFAF9984 15968 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\policytool.exe 2015-09-11 16:55:43 BDFF5086FC1F20E631A070EEF43A7BEC 16480 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\tnameserv.exe 2015-09-11 16:55:43 BC949C957CEB9FAFDF0F3949CDDF1A72 191584 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\java.exe 2015-09-11 16:55:43 B9DE149653ED8B9C5C6CB68131AB66D2 15968 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\jjs.exe 2015-09-11 16:55:43 B804A4E31F4BAD4D5BA05FE684756BA2 15968 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\servertool.exe 2015-09-11 16:55:43 8C6BDB56CD4DEED1AF2790D37B54CFE9 68192 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\javacpl.exe 2015-09-11 16:55:43 86CC77A8189758834CF83F7F2FEA5162 15968 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\java-rmi.exe 2015-09-11 16:55:43 7A0DE452F677EF2971C7B75B0267B6ED 50784 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\ssvagent.exe 2015-09-11 16:55:43 7080B965215703EA1340C3C4903C7D73 274016 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\javaws.exe 2015-09-11 16:55:43 6A5A2FDB6D09E02A3283C55237DA10F6 159328 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\unpack200.exe 2015-09-11 16:55:43 606A24A64E164B345A79F8F22A5DAC6F 15968 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\pack200.exe 2015-09-11 16:55:43 5DC0128E8A2017E82289191820C736A5 191584 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\javaw.exe 2015-09-11 16:55:43 5A503CFE5B553A9721A469FCC9CE8562 15968 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\rmiregistry.exe 2015-09-11 16:55:43 3292748E640429C2682484BD23D43F6B 15968 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\rmid.exe 2015-09-11 16:55:43 30387BE3E5D04FE969B731441C89D2D8 15968 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\ktab.exe 2015-09-11 16:55:43 262BBCE84B9C8784CC5A5E1975898022 30304 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\jabswitch.exe 2015-09-11 16:55:43 21B5D297A9191E4D833BB39456CEDAD0 15968 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\kinit.exe 2015-09-11 16:55:43 0FCF9F3D9518B90FB58CC950FA33998C 76896 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\jp2launcher.exe 2015-09-11 16:55:43 0F6E0DD1263ACB2A1AC559BB7742B54D 15968 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\keytool.exe 2015-09-11 16:55:43 08427EADE480F21412696582170B1167 16480 ----a-w- C:\Program Files\Java\jre1.8.0_60\bin\orbd.exe 2015-09-11 09:02:57 E3EC81D634A09EAD6155E9F6F5ABFA18 7846992 ----a-w- C:\Users\Dany\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe 2015-09-11 09:02:57 E3EC81D634A09EAD6155E9F6F5ABFA18 7846992 ----a-w- C:\Users\Dany\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\OneDriveSetup.exe 2015-09-11 09:02:43 F4601CDFF7E3F1100BBB00B2FF76DB56 147632 ----a-w- C:\Users\Dany\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncConfig.exe === C: other files == 2015-09-17 07:33:04 FAA239F73A7BD876BA18CFA08948C521 1556978 ----a-w- C:\Users\Dany\AppData\Roaming\Local\Temp\lptmp447169589\lp_languages.zip 2015-09-16 07:50:28 FAA239F73A7BD876BA18CFA08948C521 1556978 ----a-w- C:\Users\Dany\AppData\Roaming\Local\Temp\lptmp1467256500\lp_languages.zip 2015-09-15 07:39:42 FAA239F73A7BD876BA18CFA08948C521 1556978 ----a-w- C:\Users\Dany\AppData\Roaming\Local\Temp\lptmp1422072737\lp_languages.zip 2015-09-14 07:05:50 FAA239F73A7BD876BA18CFA08948C521 1556978 ----a-w- C:\Users\Dany\AppData\Roaming\Local\Temp\lptmp1504398968\lp_languages.zip 2015-09-13 07:49:33 FAA239F73A7BD876BA18CFA08948C521 1556978 ----a-w- C:\Users\Dany\AppData\Roaming\Local\Temp\lptmp579206191\lp_languages.zip 2015-09-12 08:32:25 FAA239F73A7BD876BA18CFA08948C521 1556978 ----a-w- C:\Users\Dany\AppData\Roaming\Local\Temp\lptmp494956414\lp_languages.zip 2015-09-12 07:33:16 FAA239F73A7BD876BA18CFA08948C521 1556978 ----a-w- C:\Users\Dany\AppData\Roaming\Local\Temp\lptmp503818388\lp_languages.zip 2015-09-11 16:55:44 4E221C69F3B103481534D1B6CB6A90DD 14130 ----a-w- C:\Program Files\Java\jre1.8.0_60\lib\deploy\ffjcext.zip 2015-09-11 09:02:42 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\Dany\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\CollectOneDriveLogs.bat 2015-09-11 07:36:47 FAA239F73A7BD876BA18CFA08948C521 1556978 ----a-w- C:\Users\Dany\AppData\Roaming\Local\Temp\lptmp2123439772\lp_languages.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3053347038-3038983606-3769375406-1000\Software\Microsoft\Windows\CurrentVersion\Run] "QNPlus"="C:\Program Files\QuickNotesPlus\QNPlus.exe" "HomeAlarm"="C:\Program Files\Chameleon Clock\ChamClock.exe" "Xmarks"="C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "OneDrive"="C:\Users\Dany\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "WinPatrol"="C:\Program Files\Ruiware\WinPatrol\winpatrol.exe -expressboot" "Dropbox Update"="C:\Users\Dany\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "StickyPassword"="C:\Program Files\Sticky Password\stpass.exe" [HKEY_USERS\S-1-5-21-3053347038-3038983606-3769375406-1000\Software\Microsoft\Windows\CurrentVersion\Run\Software\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Genie TimeLine Tray"="C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe -auto" "COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cistray.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "QNPlus"="C:\Program Files\QuickNotesPlus\QNPlus.exe" "HomeAlarm"="C:\Program Files\Chameleon Clock\ChamClock.exe" "Xmarks"="C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "OneDrive"="C:\Users\Dany\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "WinPatrol"="C:\Program Files\Ruiware\WinPatrol\winpatrol.exe -expressboot" "Dropbox Update"="C:\Users\Dany\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "StickyPassword"="C:\Program Files\Sticky Password\stpass.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\System32\\guard32.dll" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2 Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acronis Scheduler2 Service" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AcronisTimounterMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AcronisTimounterMonitor" "hkey"="HKLM" "command"="C:\\Program Files\\Acronis\\TrueImageHome\\TimounterMonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATICustomerCare] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ATICustomerCare" "hkey"="HKLM" "command"="\"C:\\Program Files\\ATI\\ATICustomerCare\\ATICustomerCare.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonMyPrinter" "hkey"="HKLM" "command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenuEx] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonSolutionMenuEx" "hkey"="HKLM" "command"="C:\\Program Files\\Canon\\Solution Menu EX\\CNSEMAIN.EXE /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DellSystemDetect] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DellSystemDetect" "hkey"="HKCU" "command"="C:\\Users\\Dany\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Dell\\Dell System Detect.appref-ms" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ehTray.exe" "hkey"="HKCU" "command"="C:\\Windows\\ehome\\ehTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FlashPlayerUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="FlashPlayerUpdate" "hkey"="HKCU" "command"="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe -update activex" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Folder Size] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Folder Size" "hkey"="HKCU" "command"="C:\\Program Files\\FolderSize\\FolderSize.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliPoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IntelliPoint" "hkey"="HKLM" "command"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesAirMessage] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesAirMessage" "hkey"="HKCU" "command"="C:\\Program Files\\Samsung\\Kies\\KiesAirMessage.exe -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPreload" "hkey"="HKCU" "command"="C:\\Program Files\\Samsung\\Kies\\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="RtHDVCpl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartupDelayer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartupDelayer" "hkey"="HKLM" "command"="\"C:\\Program Files\\r2 Studios\\Startup Delayer\\Startup Delayer.exe\" /LaunchType=Auto /LaunchApps=Common" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StickyPassword] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StickyPassword" "hkey"="HKCU" "command"="C:\\Program Files\\Sticky Password\\stpass.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrueImageMonitor.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TrueImageMonitor.exe" "hkey"="HKLM" "command"="C:\\Program Files\\Acronis\\TrueImageHome\\TrueImageMonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvncontrol] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tvncontrol" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\COMODO\\GeekBuddyRSP.exe\" -controlservice -slave" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile-based device management] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Mobile-based device management" "hkey"="HKLM" "command"="%windir%\\WindowsMobile\\wmdSync.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WMPNSCFG" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk] "item"="Install LastPass IE RunOnce" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Install LastPass IE RunOnce.lnk" "backup"="C:\\Windows\\pss\\Install LastPass IE RunOnce.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\COMMON~1\\LPUNIN~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RVS 2010.lnk] "backup"="C:\\Windows\\pss\\RVS 2010.lnk.CommonStartup" "backupExtension"=".CommonStartup" "item"="RVS 2010" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk] "backup"="C:\\Windows\\pss\\WDDMStatus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "item"="WDDMStatus" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Dany^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Keyndicate.lnk] "item"="Keyndicate" "path"="C:\\Users\\Dany\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Keyndicate.lnk" "backup"="C:\\Windows\\pss\\Keyndicate.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\KEYNDI~1\\KEYNDI~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Dany^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Portfolio2000.exe.lnk] "path"="C:\\Users\\Dany\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Portfolio2000.exe.lnk" "backup"="C:\\Windows\\pss\\Portfolio2000.exe.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\Portfolio2000 - KBC\\Portfolio2000.exe " "item"="Portfolio2000.exe" ==== Startup Folders ====================== 2014-12-20 17:49:51 894 ----a-w- C:\Users\Dany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk 2015-02-20 09:04:05 919 ----a-w- C:\Users\Dany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk 2015-06-19 17:43:05 1857 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk 2015-06-19 17:43:03 1857 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06/09/2015 11:55] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3053347038-3038983606-3769375406-1000Core.job --a------ C:\Users\Dany\AppData\Local\Dropbox\Update\DropboxUpdate.exe [14/06/2015 18:00] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3053347038-3038983606-3769375406-1000UA.job --a------ C:\Users\Dany\AppData\Local\Dropbox\Update\DropboxUpdate.exe [14/06/2015 18:00] C:\Windows\tasks\G2MUpdateTask-S-1-5-21-3053347038-3038983606-3769375406-1000.job --a------ C:\Users\Dany\AppData\Local\Citrix\GoToMeeting\3356\g2mupdate.exe [08/09/2015 18:40] C:\Windows\tasks\G2MUploadTask-S-1-5-21-3053347038-3038983606-3769375406-1000.job --a------ C:\Users\Dany\AppData\Local\Citrix\GoToMeeting\3356\g2mupload.exe [08/09/2015 18:40] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/09/2015 11:01] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\Windows\tasks\SyncBack Dag BU Doc naar S.job --a------ C:\Program Files\SyncBack\SyncBack.exe [08/11/2010 16:42] C:\Windows\tasks\SyncBack Dag BU Doc naar T (verwijderde weg uit doel).job --a------ C:\Program Files\SyncBack\SyncBack.exe [08/11/2010 16:42] C:\Windows\tasks\SyncBack Dag BU Favorieten naar T.job --a------ C:\Program Files\SyncBack\SyncBack.exe [08/11/2010 16:42] C:\Windows\tasks\SyncBack Dag BU Outlook naar Dropbox Folder bij opstart.job --a------ C:\Program Files\SyncBack\SyncBack.exe [08/11/2010 16:42] C:\Windows\tasks\SyncBack Dag BU Outlook naar S.job --a------ C:\Program Files\SynC:BaC:k\SynC:BaC:k.exe [] C:\Windows\tasks\SyncBack Dag BU Outlook naar T (verwijder uit doel als uit bron weg).job --a------ C:\Program Files\SyncBack\SyncBack.exe [08/11/2010 16:42] C:\Windows\tasks\SyncBack Dag BU Recepten naar Dropbox(P).job --a------ C:\Program Files\SyncBack\SyncBack.exe [08/11/2010 16:42] C:\Windows\tasks\SyncBack Maand BU P naar S.job --a------ [Undetermined Task] C:\Windows\tasks\SyncBack Maand BU P naar WD.job --a------ [Undetermined Task] C:\Windows\tasks\SyncBack Wek BU D naar S.job --a------ C:\Program Files\SyncBack\SyncBack.exe [08/11/2010 16:42] C:\Windows\tasks\SyncBack Wek BU D naar WD.job --a------ C:\Program Files\SyncBack\SyncBack.exe [08/11/2010 16:42] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\Alert Backups" [D:\Documents\Belangrijk\AlertBackups.doc] "C:\Windows\system32\tasks\Alert maandelijkse defragmentatie" ["D:\Documents\Belangrijk\Alert 1e dag van de maand.doc"] "C:\Windows\system32\tasks\Alert maandelijkse schijfcontrole" ["D:\Documents\Belangrijk\Alert laatste dag van de maand.doc"] "C:\Windows\system32\tasks\Alert Wekelijkse Backup" [D:\Documents\Belangrijk\AlertBackups.doc] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}" [T:\Temp\cisDFF2.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\CrystalDiskInfo" ["C:\Program Files\CrystalDiskInfo\DiskInfo.exe"] "C:\Windows\system32\tasks\Dagelijks beleggen" ["D:\Documents\Beleggen\2014_Dagelijks Beleggen.doc"] "C:\Windows\system32\tasks\Dagelijks doen" [D:\Documents\Skydrive\Excellfiles\Dagelijks.xls] "C:\Windows\system32\tasks\Defragmenteren" ["C:\Program Files\Puran Defrag\PuranDefragGUI.exe"] "C:\Windows\system32\tasks\Dropbox synchronisatie" [C:\Users\Dany\AppData\Roaming\Dropbox\bin\dropbox.exe] "C:\Windows\system32\tasks\DropboxUpdateTaskUserS-1-5-21-3053347038-3038983606-3769375406-1000Core" [C:\Users\Dany\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\system32\tasks\DropboxUpdateTaskUserS-1-5-21-3053347038-3038983606-3769375406-1000UA" [C:\Users\Dany\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\system32\tasks\G2MUpdateTask-S-1-5-21-3053347038-3038983606-3769375406-1000" [C:\Users\Dany\AppData\Local\Citrix\GoToMeeting\3356\g2mupdate.exe] "C:\Windows\system32\tasks\G2MUploadTask-S-1-5-21-3053347038-3038983606-3769375406-1000" [C:\Users\Dany\AppData\Local\Citrix\GoToMeeting\3356\g2mupload.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\klcp_update" ["C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe"] "C:\Windows\system32\tasks\SyncBack Dag BU Doc naar S" [C:\Program Files\SyncBack\SyncBack.exe] "C:\Windows\system32\tasks\SyncBack Dag BU Doc naar T (verwijderde weg uit doel)" [C:\Program Files\SyncBack\SyncBack.exe] "C:\Windows\system32\tasks\SyncBack Dag BU Favorieten naar T" [C:\Program Files\SyncBack\SyncBack.exe] "C:\Windows\system32\tasks\SyncBack Dag BU Outlook naar Dropbox Folder bij opstart" [C:\Program Files\SyncBack\SyncBack.exe] "C:\Windows\system32\tasks\SyncBack Dag BU Outlook naar S" [C:\Program Files\SyncBack\SyncBack.exe] "C:\Windows\system32\tasks\SyncBack Dag BU Outlook naar T (verwijder uit doel als uit bron weg)" [C:\Program Files\SyncBack\SyncBack.exe] "C:\Windows\system32\tasks\SyncBack Dag BU Recepten naar Dropbox(P)" [C:\Program Files\SyncBack\SyncBack.exe] "C:\Windows\system32\tasks\SyncBack Maand BU P naar S" [C:\Program Files\SyncBack\SyncBack.exe] "C:\Windows\system32\tasks\SyncBack Maand BU P naar WD" [C:\Program Files\SyncBack\SyncBack.exe] "C:\Windows\system32\tasks\SyncBack Wek BU D naar S" [C:\Program Files\SyncBack\SyncBack.exe] "C:\Windows\system32\tasks\SyncBack Wek BU D naar WD" [C:\Program Files\SyncBack\SyncBack.exe] "C:\Windows\system32\tasks\Update Checker Filehippo" ["C:\Program Files\filehippo.com\UpdateChecker.exe"] "C:\Windows\system32\tasks\User_Feed_Synchronization-{AC5A29F2-ACD4-4EC5-BF83-3E3C40F5D1E1}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" ["C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"] "C:\Windows\system32\tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\Windows\system32\tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\Windows\system32\tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\Windows\system32\tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] ==== Firefox Extensions Registry ====================== [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{54affe52-8223-453b-be1e-2fe2e250045c}"="C:\Users\Dany\AppData\Roaming\Lamantine\Sticky Password\spAutofill" [03/06/2015 12:14]