Zoek.exe v5.0.0.0 Updated 10-February-2015 Tool run by Koen on do 12/02/2015 at 14:04:24,12. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Koen\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-09-12-190752.log 26168 bytes C:\zoek-results2014-09-15-144028.log 3325 bytes C:\zoek-results2014-09-22-123742.log 6656 bytes ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Users\Koen\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\CCleaner\CCleaner64.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Users\Koen\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== Windows Installer Info ====================== Adobe Reader XI (11.0.10) - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73401B744BA0000000010]C:\Windows\Installer\10966d9b.msi AGEIA PhysX v7.03.21 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\382BBE58FA5635C4E9EBC7A03272267F]C:\Windows\Installer\3dbe3501.msi Apple Application Support [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ED0FAC38B3D873C46A13B2F861CE0313]C:\Windows\Installer\1056535.msi Apple Mobile Device Support [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09699DDB14539164D9A2C3DD3B1EF5E9]C:\Windows\Installer\10566b9.msi Apple Software Update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\46B5A9879DD95AB419A50FCFA0B1B7EF]C:\Windows\Installer\42bd829.msi Belgium e-ID middleware 4.0.6 (build 7416) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ED365428DA576614D90C6B84F2024761]C:\Windows\Installer\9f856.msi Bonjour [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B0163E6D0340BE4183EB2758E9BEDD8]C:\Windows\Installer\42bd81f.msi D3DX10 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BD4C90EC03660F46A13E87A329932FA]C:\Windows\Installer\9c82e.msi Elevated Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\220CEF81EC8DFD845AA701584D5FF8E6]C:\Windows\Installer\3c3a071c.msi Garmin Express [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\110B80699E2066A40ACF23467AF908A8]C:\Windows\Installer\3c3a0712.msi Garmin Express Tray [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A52974BC0F05A3943B0BF3C636F2ECD8]C:\Windows\Installer\3c3a0717.msi Google Drive [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5070466C97475EE4CB6878F9506FE547]C:\Windows\Installer\235f186.msi Google Earth [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F8E4622A94613E11B8DE8BCAF689CC3E]C:\Windows\Installer\9c860.msi Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0]C:\Windows\Installer\3459976.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\9f7437f.msi iCloud [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CC0C690691E75534780F26E75CAA41D6]C:\Windows\Installer\67eee9a.msi iTunes [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\19DBBBA25E197DA429A9EF511DCD5067]C:\Windows\Installer\105772e.msi Junk Mail filter update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\807E9EB00CD53694C9DFA05A9190E097]C:\Windows\Installer\1f150fac.msi Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2FA0BBE92DA4ABA359FE79E7EB1ABC90]C:\Windows\Installer\4deb250.msi Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6414876250E69FF3395387C6C7F05BEB]C:\Windows\Installer\93cd5b8.msi Microsoft Access MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109510031400100000000F01FEC]C:\Windows\Installer\18055aa6.msi Microsoft Application Error Reporting [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400100000000F01FEC]C:\Windows\Installer\9c81a.msi Microsoft DCF MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109090031400100000000F01FEC]C:\Windows\Installer\18055ac4.msi Microsoft Excel MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109610031400100000000F01FEC]C:\Windows\Installer\18055ab5.msi Microsoft Groove MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109AB0031400100000000F01FEC]C:\Windows\Installer\18055ace.msi Microsoft InfoPath MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109440031400100000000F01FEC]C:\Windows\Installer\18055aab.msi Microsoft Lync MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109B21031400100000000F01FEC]C:\Windows\Installer\18055aba.msi Microsoft Office 32-bit Components 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091C0000000100000000F01FEC]C:\Windows\Installer\18055b06.msi Microsoft Office Korrekturhilfen 2013 - Deutsch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F10070400100000000F01FEC]C:\Windows\Installer\18055ad8.msi Microsoft Office OSM MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091E0031400100000000F01FEC]C:\Windows\Installer\18055aec.msi Microsoft Office OSM UX MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051092E0031400100000000F01FEC]C:\Windows\Installer\18055af1.msi Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC]C:\Windows\Installer\18055b17.msi Microsoft Office Proofing (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C20031400100000000F01FEC]C:\Windows\Installer\18055ae7.msi Microsoft Office Proofing Tools 2013 - English [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F10090400100000000F01FEC]C:\Windows\Installer\18055ae2.msi Microsoft Office Proofing Tools 2013 - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F10031400100000000F01FEC]C:\Windows\Installer\18055ad3.msi Microsoft Office Shared 32-bit MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091C0031400100000000F01FEC]C:\Windows\Installer\18055ab0.msi Microsoft Office Shared MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109E60031400100000000F01FEC]C:\Windows\Installer\18055aa1.msi Microsoft OneNote MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091A0031400100000000F01FEC]C:\Windows\Installer\18055ac9.msi Microsoft Outlook MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A10031400100000000F01FEC]C:\Windows\Installer\18055af6.msi Microsoft PowerPoint MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109810031400100000000F01FEC]C:\Windows\Installer\18055afb.msi Microsoft Publisher MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109910031400100000000F01FEC]C:\Windows\Installer\18055abf.msi Microsoft Security Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C87C2F32131E0AC4F8484337BF7782AB]c:\Windows\Installer\3a8e0f2.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\Windows\Installer\f035dcb.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3e43b73803c7c394f8a6b2f0402e19c2]C:\Windows\Installer\2395b40c.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\b25099274a207264182f8181add555d0]C:\Windows\Installer\91321d5.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\9ec4882.msi Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC]c:\Windows\Installer\28a190.msi Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D]c:\Windows\Installer\375fae8.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\Windows\Installer\375faed.msi Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C173E5AD3336A8D3394AF65D2BB0CCE6]c:\Windows\Installer\21a1d7d.msi Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D04BB691875110D32B98EBCF771AA1E1]c:\Windows\Installer\91321da.msi Microsoft Word MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109B10031400100000000F01FEC]C:\Windows\Installer\18055b00.msi MSVCRT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6C64DD86500CEF47BA082BB611A1FF1]C:\Windows\Installer\9c802.msi MSVCRT_amd64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\52744B0D6663D294EB6F85A741DBB99D]C:\Windows\Installer\9c80e.msi MSVCRT110 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8CDD41E806AE81E43B3E917301D4B5AD]C:\Windows\Installer\9c806.msi MSVCRT110_amd64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F187AF9E08E3993428A5DAE3112CC877]C:\Windows\Installer\9c80a.msi Outils de v‚rification linguistique 2013 de Microsoft Office˙- Fran‡ais [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F100C0400100000000F01FEC]C:\Windows\Installer\18055add.msi Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4FB8353CB5373F540BE95C140A704E8E]C:\Windows\Installer\1f151038.msi SkypeT 6.14 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50E7C3A773EE6D74991EE20BA5D33A7F]C:\Windows\Installer\5622a1c.msi swMSM [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C43C21609E58D74B9C5F017D78D7262]C:\Windows\Installer\1e675f.msi System Requirements Lab for Intel [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\34F36C35728B9D24886864899DE13AB3]C:\Windows\Installer\727fd.msi Windows Live Communications Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\80316C14DFC645D4BAA61763DE801AE8]C:\Windows\Installer\1f150f8a.msi Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9A509B147BE07C48BB1F544C6715866]C:\Windows\Installer\1f15101c.msi Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C27625EC9E0A05448857882A125DDC05]C:\Windows\Installer\9c812.msi Windows Live Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C18BC956E45B1FD46B813F757793A345]C:\Windows\Installer\1f150f66.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\730C84D5214D86F41B79500EC34DF604]C:\Windows\Installer\1f151045.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B62C577B8AAE11A4CAFB675ED26F8B50]C:\Windows\Installer\1f150fc6.msi Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\12385052E33CB6949851F66DD463C2FA]C:\Windows\Installer\1f150f6d.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4B2346D1D42EE5044ABA7D6E0D88BC9C]C:\Windows\Installer\1f15100a.msi Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A8F1162B7EFE88E478D5910FFEEA784E]C:\Windows\Installer\1f150f94.msi Windows Live SOXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00BA1CDCFF107CF418A6616CF790320C]C:\Windows\Installer\1f150f7c.msi Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0003981D77AEC394D8DD2E2634E659B9]C:\Windows\Installer\1f150f74.msi Windows Live UX Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C8BD9F007D5674D4BAF56F89EE8385D0]C:\Windows\Installer\1f150fa5.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A0B2C0921EEC55F4BA645417CE10AD69]C:\Windows\Installer\1f151012.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E261E417F4DCB1F43820F7159704C952]C:\Windows\Installer\1f150fed.msi Windows Live Writer Resources [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B219630C148E0F64F9129301503DC9F9]C:\Windows\Installer\1f15102c.msi Windows Resource Kit Tools - SubInAcl.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D430EE3D29B555A4AA20E2D6A0A669EE]C:\Windows\Installer\52bf2.msi ==== Empty Folders Check ====================== C:\PROGRA~2\Freemake deleted successfully C:\PROGRA~2\FreeTime deleted successfully C:\PROGRA~3\Freemake deleted successfully C:\PROGRA~3\Guitar Pro 6 deleted successfully C:\PROGRA~3\Turbine deleted successfully C:\Users\Koen\AppData\Roaming\Lite deleted successfully C:\Users\Koen\AppData\Roaming\Systweak deleted successfully C:\Users\Seppe\AppData\Roaming\DAEMON Tools Lite deleted successfully C:\Users\Koen\AppData\Local\StormFall deleted successfully C:\Users\Koen\AppData\Local\VirtualStore deleted successfully C:\Users\Leonie\AppData\Local\VirtualStore deleted successfully C:\Users\Seppe\AppData\Local\node-webkit deleted successfully C:\Users\Seppe\AppData\Local\VirtualStore deleted successfully ==== Checking Systemdrive for Symlinks ====================== Het volume in station C heeft geen naam. Het volumenummer is F09A-CCB3 Map van C:\ 14/07/2009 06:08 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\Program Files\Windows NT 25/09/2013 15:46 Bureau-accessoires [C:\Program Files\Windows NT\Accessories] 0 bestand(en) 0 bytes Map van C:\ProgramData 14/07/2009 06:08 Application Data [C:\ProgramData] 25/09/2013 15:46 Bureaublad [C:\Users\Public\Desktop] 14/07/2009 06:08 Desktop [C:\Users\Public\Desktop] 25/09/2013 15:46 Documenten [C:\Users\Public\Documents] 14/07/2009 06:08 Documents [C:\Users\Public\Documents] 25/09/2013 15:46 Favorieten [C:\Users\Public\Favorites] 14/07/2009 06:08 Favorites [C:\Users\Public\Favorites] 25/09/2013 15:46 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 25/09/2013 15:46 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14/07/2009 06:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 06:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\ProgramData\Microsoft\Windows\Start Menu 25/09/2013 15:46 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users 14/07/2009 06:08 All Users [C:\ProgramData] 14/07/2009 06:08 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 14/07/2009 06:08 Application Data [C:\ProgramData] 25/09/2013 15:46 Bureaublad [C:\Users\Public\Desktop] 14/07/2009 06:08 Desktop [C:\Users\Public\Desktop] 25/09/2013 15:46 Documenten [C:\Users\Public\Documents] 14/07/2009 06:08 Documents [C:\Users\Public\Documents] 25/09/2013 15:46 Favorieten [C:\Users\Public\Favorites] 14/07/2009 06:08 Favorites [C:\Users\Public\Favorites] 25/09/2013 15:46 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 25/09/2013 15:46 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14/07/2009 06:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 06:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Microsoft\Windows\Start Menu 25/09/2013 15:46 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default 14/07/2009 06:08 Application Data [C:\Users\Default\AppData\Roaming] 14/07/2009 06:08 Local Settings [C:\Users\Default\AppData\Local] 25/09/2013 15:46 Menu Start [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 25/09/2013 15:46 Mijn documenten [C:\Users\Default\Documents] 14/07/2009 06:08 My Documents [C:\Users\Default\Documents] 14/07/2009 06:08 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 25/09/2013 15:46 Netwerkprinteromgeving [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14/07/2009 06:08 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14/07/2009 06:08 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14/07/2009 06:08 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 25/09/2013 15:46 Sjablonen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 14/07/2009 06:08 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14/07/2009 06:08 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Local 14/07/2009 06:08 Application Data [C:\Users\Default\AppData\Local] 25/09/2013 15:46 Geschiedenis [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14/07/2009 06:08 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14/07/2009 06:08 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 25/09/2013 15:46 Programma's [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default\Documents 25/09/2013 15:46 Mijn afbeeldingen [C:\Users\Default\Pictures] 25/09/2013 15:46 Mijn muziek [C:\Users\Default\Music] 25/09/2013 15:46 Mijn video's [C:\Users\Default\Videos] 14/07/2009 06:08 My Music [C:\Users\Default\Music] 14/07/2009 06:08 My Pictures [C:\Users\Default\Pictures] 14/07/2009 06:08 My Videos [C:\Users\Default\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Koen 25/09/2013 15:46 Application Data [C:\Users\Koen\AppData\Roaming] 25/09/2013 15:46 Cookies [C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Cookies] 25/09/2013 15:46 Local Settings [C:\Users\Koen\AppData\Local] 25/09/2013 15:46 Menu Start [C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu] 25/09/2013 15:46 Mijn documenten [C:\Users\Koen\Documents] 25/09/2013 15:46 NetHood [C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 25/09/2013 15:46 Netwerkprinteromgeving [C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 25/09/2013 15:46 Recent [C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Recent] 25/09/2013 15:46 SendTo [C:\Users\Koen\AppData\Roaming\Microsoft\Windows\SendTo] 25/09/2013 15:46 Sjablonen [C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Koen\AppData\Local 25/09/2013 15:46 Application Data [C:\Users\Koen\AppData\Local] 25/09/2013 15:46 Geschiedenis [C:\Users\Koen\AppData\Local\Microsoft\Windows\History] 25/09/2013 15:46 Temporary Internet Files [C:\Users\Koen\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Koen\AppData\LocalLow 23/12/2014 07:48 PlayReady [C:\ProgramData\Microsoft\PlayReady] 0 bestand(en) 0 bytes Map van C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu 25/09/2013 15:46 Programma's [C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Koen\Documents 25/09/2013 15:46 Mijn afbeeldingen [C:\Users\Koen\Pictures] 25/09/2013 15:46 Mijn muziek [C:\Users\Koen\Music] 25/09/2013 15:46 Mijn video's [C:\Users\Koen\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Leonie 19/12/2014 19:30 Application Data [C:\Users\Leonie\AppData\Roaming] 19/12/2014 19:30 Cookies [C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Cookies] 19/12/2014 19:30 Local Settings [C:\Users\Leonie\AppData\Local] 19/12/2014 19:30 Menu Start [C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Start Menu] 19/12/2014 19:30 Mijn documenten [C:\Users\Leonie\Documents] 19/12/2014 19:30 NetHood [C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 19/12/2014 19:30 Netwerkprinteromgeving [C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 19/12/2014 19:30 Recent [C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Recent] 19/12/2014 19:30 SendTo [C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\SendTo] 19/12/2014 19:30 Sjablonen [C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Leonie\AppData\Local 19/12/2014 19:30 Application Data [C:\Users\Leonie\AppData\Local] 19/12/2014 19:30 Geschiedenis [C:\Users\Leonie\AppData\Local\Microsoft\Windows\History] 19/12/2014 19:30 Temporary Internet Files [C:\Users\Leonie\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Start Menu 19/12/2014 19:30 Programma's [C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Leonie\Documents 19/12/2014 19:30 Mijn afbeeldingen [C:\Users\Leonie\Pictures] 19/12/2014 19:30 Mijn muziek [C:\Users\Leonie\Music] 19/12/2014 19:30 Mijn video's [C:\Users\Leonie\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 25/09/2013 15:46 Mijn afbeeldingen [C:\Users\Public\Pictures] 25/09/2013 15:46 Mijn muziek [C:\Users\Public\Music] 25/09/2013 15:46 Mijn video's [C:\Users\Public\Videos] 14/07/2009 06:08 My Music [C:\Users\Public\Music] 14/07/2009 06:08 My Pictures [C:\Users\Public\Pictures] 14/07/2009 06:08 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Seppe 01/10/2013 17:29 Application Data [C:\Users\Seppe\AppData\Roaming] 01/10/2013 17:29 Cookies [C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Cookies] 01/10/2013 17:29 Local Settings [C:\Users\Seppe\AppData\Local] 01/10/2013 17:29 Menu Start [C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Start Menu] 01/10/2013 17:29 Mijn documenten [C:\Users\Seppe\Documents] 01/10/2013 17:29 NetHood [C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 01/10/2013 17:29 Netwerkprinteromgeving [C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 01/10/2013 17:29 Recent [C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Recent] 01/10/2013 17:29 SendTo [C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\SendTo] 01/10/2013 17:29 Sjablonen [C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Seppe\AppData\Local 01/10/2013 17:29 Application Data [C:\Users\Seppe\AppData\Local] 01/10/2013 17:29 Geschiedenis [C:\Users\Seppe\AppData\Local\Microsoft\Windows\History] 01/10/2013 17:29 Temporary Internet Files [C:\Users\Seppe\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Start Menu 01/10/2013 17:29 Programma's [C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Seppe\Documents 01/10/2013 17:29 Mijn afbeeldingen [C:\Users\Seppe\Pictures] 01/10/2013 17:29 Mijn muziek [C:\Users\Seppe\Music] 01/10/2013 17:29 Mijn video's [C:\Users\Seppe\Videos] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 0 bestand(en) 0 bytes 110 map(pen) 79.834.726.400 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ęTorrent Adobe Flash Player 16 ActiveX Adobe Reader XI (11.0.10) - Nederlands AGEIA PhysX v7.03.21 Akamai NetSession Interface Apple Application Support Apple Mobile Device Support Apple Software Update Barbie's Paardenavonturen - Het Paardrijkamp Belgium e-ID middleware 4.0.6 (build 7416) Bonjour CCleaner D3DX10 Definition Update for Microsoft Office 2013 (KB2910926) 64-Bit Edition Dropbox Elevated Installer Facebook Video Calling 2.0.0.447 Garmin Express Garmin Express Tray Google Chrome Google Drive Google Earth Google Toolbar for Internet Explorer Google Update Helper Guitar Pro 6 iCloud Intel(R) Graphics Media Accelerator Driver iTunes Junk Mail filter update Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft .NET Framework 4.5.2 Microsoft Access MUI (Dutch) 2013 Microsoft Application Error Reporting Microsoft DCF MUI (Dutch) 2013 Microsoft Excel MUI (Dutch) 2013 Microsoft Groove MUI (Dutch) 2013 Microsoft InfoPath MUI (Dutch) 2013 Microsoft Lync MUI (Dutch) 2013 Microsoft Office 32-bit Components 2013 Microsoft Office Korrekturhilfen 2013 - Deutsch Microsoft Office OSM MUI (Dutch) 2013 Microsoft Office OSM UX MUI (Dutch) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (Dutch) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Nederlands Microsoft Office Shared 32-bit MUI (Dutch) 2013 Microsoft Office Shared MUI (Dutch) 2013 Microsoft OneNote MUI (Dutch) 2013 Microsoft Outlook MUI (Dutch) 2013 Microsoft PowerPoint MUI (Dutch) 2013 Microsoft Publisher MUI (Dutch) 2013 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Word MUI (Dutch) 2013 Mozilla Firefox 35.0.1 (x86 nl) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 Outils de v‚rification linguistique 2013 de Microsoft Office˙- Fran‡ais Photo Common Picasa 3 PIXresizer Rome - Total War - Gold Edition Security Update for Microsoft Excel 2013 (KB2910929) 64-Bit Edition Security Update for Microsoft Office 2013 (KB2726958) 64-Bit Edition Security Update for Microsoft Word 2013 (KB2910916) 64-Bit Edition Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition SkypeT 6.14 Spotify Stuurprogrammapakket voor Windows - Fedict SmartCard (09/23/2013 4.0.6.0) swMSM System Requirements Lab for Intel Update for Microsoft Access 2013 (KB2863859) 64-Bit Edition Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition Update for Microsoft Lync 2013 (KB2910927) 64-Bit Edition Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition Update for Microsoft Office 2013 (KB2881008) 64-Bit Edition Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition Update for Microsoft Office 2013 (KB2889858) 64-Bit Edition Update for Microsoft Office 2013 (KB2889938) 64-Bit Edition Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition Update for Microsoft Office 2013 (KB2899501) 64-Bit Edition Update for Microsoft Office 2013 (KB2899505) 64-Bit Edition Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition Update for Microsoft Office 2013 (KB2910922) 64-Bit Edition Update for Microsoft Office 2013 (KB2910931) 64-Bit Edition Update for Microsoft Office 2013 (KB2920734) 64-Bit Edition Update for Microsoft OneDrive for Business (KB2910935) 64-Bit Edition Update for Microsoft OneNote 2013 (KB2899502) 64-Bit Edition Update for Microsoft Outlook 2013 (KB2899504) 64-Bit Edition Update for Microsoft PowerPoint 2013 (KB2910907) 64-Bit Edition Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition VirtualDJ 8 VLC media player Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Resource Kit Tools - SubInAcl.exe WinRAR 5.10 (32-bit) ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\892cc6a3 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\892cc6a3 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\j2e1i7p0.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20151202_1453_.backup ProfilePath: C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\ys8nsm14.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20151202_1453_.backup ProfilePath: C:\Users\Seppe\AppData\Roaming\Mozilla\Firefox\Profiles\wob0ufa0.default user.js not found ---- Lines spigot removed from prefs.js ---- user_pref("startpage.ntsearch_url", "https://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=994519&p={searchTerms}"); ---- Lines WebSearch removed from prefs.js ---- user_pref("extensions.mywebsearch.prevKwdEnabled", true); user_pref("extensions.mywebsearch.prevKwdURL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p="); ---- Lines mindspark removed from prefs.js ---- user_pref("extensions.toolbar.mindspark._agMembers_.browser.search.defaultenginename.prev", "Google"); user_pref("extensions.toolbar.mindspark._agMembers_.browser.search.defaultenginename.savedPrev", "true"); user_pref("extensions.toolbar.mindspark._agMembers_.browser.search.defaultenginename.tb", "Ask Web Search"); user_pref("extensions.toolbar.mindspark._agMembers_.browser.search.selectedEngine.prev", "Yahoo"); user_pref("extensions.toolbar.mindspark._agMembers_.browser.search.selectedEngine.savedPrev", "true"); user_pref("extensions.toolbar.mindspark._agMembers_.browser.search.selectedEngine.tb", "Ask Web Search"); user_pref("extensions.toolbar.mindspark._agMembers_.browser.startup.homepage.savedPrev", "true"); user_pref("extensions.toolbar.mindspark._agMembers_.browser.startup.homepage.tb", "http://home.tb.ask.com/index.jhtml?ptb=9D9F6683-082C-4042-802D-8C7E user_pref("extensions.toolbar.mindspark._agMembers_.browser.startup.page.savedPrev", 1); user_pref("extensions.toolbar.mindspark._agMembers_.browser.startup.page.tb", 1); user_pref("extensions.toolbar.mindspark._agMembers_.browser.version.last", "35.0"); user_pref("extensions.toolbar.mindspark._agMembers_.BUTTON_STRUCTURE", "[{\"b\":221600304,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221600305, user_pref("extensions.toolbar.mindspark._agMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":6048000 user_pref("extensions.toolbar.mindspark._agMembers_.firstKnownVersion", "6.76.5.36760"); user_pref("extensions.toolbar.mindspark._agMembers_.homepage", "http://home.tb.ask.com/index.jhtml?ptb=9D9F6683-082C-4042-802D-8C7E02C022F0&n=780cecec user_pref("extensions.toolbar.mindspark._agMembers_.hp.enabled", false); user_pref("extensions.toolbar.mindspark._agMembers_.hp.guardType", "HPR"); user_pref("extensions.toolbar.mindspark._agMembers_.hp.user.defined", true); user_pref("extensions.toolbar.mindspark._agMembers_.initialized", true); user_pref("extensions.toolbar.mindspark._agMembers_.installation.contextKey", ""); user_pref("extensions.toolbar.mindspark._agMembers_.installation.installDate", "2014113004"); user_pref("extensions.toolbar.mindspark._agMembers_.installation.partnerId", "^BE4^xdm248^S09306^be"); user_pref("extensions.toolbar.mindspark._agMembers_.installation.partnerSubId", "awbedownloadassistant178066"); user_pref("extensions.toolbar.mindspark._agMembers_.installation.pixelUrl", "http://free.premierdownloadmanager.com/install_pixels.jhtml?partner=^BE4^ user_pref("extensions.toolbar.mindspark._agMembers_.installation.success", true); user_pref("extensions.toolbar.mindspark._agMembers_.installation.toolbarId", "9D9F6683-082C-4042-802D-8C7E02C022F0"); user_pref("extensions.toolbar.mindspark._agMembers_.installKeysSource", "LocalStorage"); user_pref("extensions.toolbar.mindspark._agMembers_.installType", "XPI"); user_pref("extensions.toolbar.mindspark._agMembers_.isCompliantUninstallImplementation", true); user_pref("extensions.toolbar.mindspark._agMembers_.lastActivePing", "1422999194788"); user_pref("extensions.toolbar.mindspark._agMembers_.lastKnownVersion", "6.85.5.59186"); user_pref("extensions.toolbar.mindspark._agMembers_.lostEngine", true); user_pref("extensions.toolbar.mindspark._agMembers_.options.defaultSearch", true); user_pref("extensions.toolbar.mindspark._agMembers_.options.homePageEnabled", true); user_pref("extensions.toolbar.mindspark._agMembers_.options.keywordEnabled", true); user_pref("extensions.toolbar.mindspark._agMembers_.options.tabEnabled", true); user_pref("extensions.toolbar.mindspark._agMembers_.partnerPixelFired", true); user_pref("extensions.toolbar.mindspark._agMembers_.successUrl", "http://free.premierdownloadmanager.com/installComplete.jhtml"); user_pref("extensions.toolbar.mindspark._agMembers_.toolbar.ownSearch", true); user_pref("extensions.toolbar.mindspark._agMembers_.toolbar.versionChanged", true); user_pref("extensions.toolbar.mindspark._agMembers_.toolbarCollapsed", true); user_pref("extensions.toolbar.mindspark._agMembers_.weather.location", "10001"); user_pref("extensions.toolbar.mindspark.hp.enabled", false); user_pref("extensions.toolbar.mindspark.hp.enabled.guid", ""); user_pref("extensions.toolbar.mindspark.lastInstalled", "premierdownloadmanager@mindspark.com"); ---- Lines ask.com removed from prefs.js ---- user_pref("keyword.URL", "http://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=9D9F6683-082C-4042-802D-8C7E02C022F0&n=780cecec&ind=2014113004&p2=^B ---- Lines Web Search removed from prefs.js ---- user_pref("browser.search.defaultenginename", "Ask Web Search"); user_pref("browser.search.selectedEngine", "Ask Web Search"); ---- Lines ffxtbr removed from prefs.js ---- user_pref("extensions.xpiState", "{\"app-profile\":{\"agffxtbr@PremierDownloadManager_ag.com\":{\"d\":\"C:\\\\Users\\\\Seppe\\\\AppData\\\\Roaming\\\\ ---- Lines ffxtbr modified from prefs.js ---- user_pref("extensions.enabledAddons", "%7BDE1C78C1-2762-47f6-A1D9-1B7866FE7EB4%7D:2.0,agffxtbr%40PremierDownloadManager_ag.com:6.85.5.59186,%7B54FBE89 ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 0); ---- FireFox user.js and prefs.js backups ---- prefs_20151202_1453_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\globalUpdate deleted C:\Users\Koen\AppData\Roaming\sparta111 deleted C:\Users\Koen\AppData\Roaming\RHEng deleted C:\Users\Koen\AppData\Roaming\GoldenGate deleted C:\Users\Koen\AppData\Roaming\AdvancedSystemProtector deleted C:\Users\Seppe\AppData\Roaming\Gameo deleted C:\Users\Seppe\AppData\Roaming\GoldenGate deleted C:\Users\Seppe\AppData\Roaming\Browser Extensions deleted C:\Users\Koen\AppData\Local\Gameo deleted C:\Users\Koen\AppData\Local\globalUpdate deleted C:\Users\Seppe\AppData\Local\Gameo deleted C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url deleted C:\Windows\SysNative\roboot64.exe deleted C:\windows\SysNative\tasks\ASP deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Seppe\AppData\Roaming\Mozilla\Firefox\Profiles\wob0ufa0.default\searchplugins\ask-web-search.xml deleted C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\j2e1i7p0.default\extensions\OIBMBKA115048682@HYKFIU97176590.com deleted C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\j2e1i7p0.default\extensions\sepherdwilbur@aol.com deleted C:\Users\Seppe\AppData\Roaming\Mozilla\Firefox\Profiles\wob0ufa0.default\extensions\agffxtbr@PremierDownloadManager_ag.com deleted C:\Users\Seppe\AppData\Roaming\Mozilla\Firefox\Profiles\wob0ufa0.default\extensions\OIBMBKA115048682@HYKFIU97176590.com deleted "C:\Users\Koen\AppData\Roaming\LQ" deleted "C:\Users\Koen\AppData\Roaming\XAII" deleted "C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\j2e1i7p0.default\searchplugins\trovi.xml" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 2937 MB CPU Info: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz CPU Speed: 671,1 MHz Sound Card: Luidsprekers (High Definition A | Display Adapters: Mobile Intel(R) 4 Series Express Chipset Family | Mobile Intel(R) 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC | Realtek PCIe FE Family Controller CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW TS-L633C Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 298,0GB Hard Disks - Free: C: 74,2GB Manufacturer *: TOSHIBA BIOS Info: AT/AT COMPATIBLE | 02/16/11 | TOSCPL - 6040000 Time Zone: Romance (standaardtijd) Motherboard *: TOSHIBA PWWAM Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Internet Explorer Version: 11.0.9600.17501 Mozilla Firefox version: 35.0.1 (x86 nl) Google Chrome version: 37.0.2062.103 Adobe Reader version: 11.0.10.32 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-02-11 18:39:39 0405A8BE748BBDAB16CC569CBD768B7D 357128410 ----a-w- C:\Windows\MEMORY.DMP 2015-02-11 17:16:05 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe 2015-02-11 17:16:05 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe 2015-02-11 17:16:05 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe 2015-02-11 17:16:05 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe 2015-02-11 17:16:05 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe ====== C:\Users\Koen\AppData\Local\Temp ==== 2015-02-11 20:25:35 A14C75BACF84B6F2AE7741FBB7377192 43008 ----a-w- C:\Users\Koen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpihvhbw.dll ====== Java Cache ===== 2015-01-22 11:04:17 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Koen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-4388451c 2015-01-22 11:02:32 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Koen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-12ffda64 2015-01-22 11:02:32 70E169E889724A9DA1696A4A5DE4912E 99 ----a-w- C:\Users\Koen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2015-01-22 11:02:25 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Koen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-38626420 2015-01-22 11:02:33 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Koen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-7db1df6f ====== C:\Windows\SysWOW64 ===== 2015-02-02 12:51:35 73E055AF78A64F9B2779D44407CA2AB6 267272 ----a-w- C:\Windows\SysWOW64\xactengine2_10.dll 2015-02-02 12:51:27 FB4299688A0D3A37687C015AC2B9922D 1374232 ----a-w- C:\Windows\SysWOW64\D3DCompiler_36.dll 2015-02-02 12:51:27 D9158E78A368B08D9133043EB3058C12 444776 ----a-w- C:\Windows\SysWOW64\d3dx10_36.dll 2015-02-02 12:51:22 44BFEC5C9C82A2EE9871D88FD3B9A0E2 3734536 ----a-w- C:\Windows\SysWOW64\d3dx9_36.dll 2015-02-02 12:51:16 46EE68F04A75A1CCF40235EA6F1CBA05 267112 ----a-w- C:\Windows\SysWOW64\xactengine2_9.dll 2015-02-02 12:51:12 F3764552E45880DC49B82F38699AA87C 444776 ----a-w- C:\Windows\SysWOW64\d3dx10_35.dll 2015-02-02 12:51:11 5B441670A4F5F8BCCE76741902B8AF56 1358192 ----a-w- C:\Windows\SysWOW64\D3DCompiler_35.dll 2015-02-02 12:51:09 3EF18B78D17C962F2B71AC1CB7757684 3727720 ----a-w- C:\Windows\SysWOW64\d3dx9_35.dll 2015-02-02 12:51:06 F6A9FC2AD2F9111372B5AB3BBA3707EC 17928 ----a-w- C:\Windows\SysWOW64\X3DAudio1_2.dll 2015-02-02 12:51:06 499210C45AFEAADEE8CF4DCF7D5E570B 266088 ----a-w- C:\Windows\SysWOW64\xactengine2_8.dll 2015-02-02 12:51:04 75F206C195BBACA6EF28565B1C0CD75C 1124720 ----a-w- C:\Windows\SysWOW64\D3DCompiler_34.dll 2015-02-02 12:51:04 5AA9987F2E62B56D7661B6901901F927 443752 ----a-w- C:\Windows\SysWOW64\d3dx10_34.dll 2015-02-02 12:51:00 1CA939918ED1B930059B3A882DE6F648 3497832 ----a-w- C:\Windows\SysWOW64\d3dx9_34.dll 2015-02-02 12:50:57 77F595DEE5FFACEA72B135B1FCE1312E 81768 ----a-w- C:\Windows\SysWOW64\xinput1_3.dll 2015-02-02 12:50:50 7FEBB8CE2233CBAE738B16D42ED29674 261480 ----a-w- C:\Windows\SysWOW64\xactengine2_7.dll 2015-02-02 12:50:45 FAE7E1D578C42A7C3D9D61A99D178BD5 1123696 ----a-w- C:\Windows\SysWOW64\D3DCompiler_33.dll 2015-02-02 12:50:45 37A8171ACCF46A9C196054066C28827F 443752 ----a-w- C:\Windows\SysWOW64\d3dx10_33.dll 2015-02-02 12:50:35 39000E033D39D19CCCE21AEAFCCE2476 255848 ----a-w- C:\Windows\SysWOW64\xactengine2_6.dll 2015-02-02 12:50:31 86C93789E9006F1AC47ED9DD47D4C8A1 251672 ----a-w- C:\Windows\SysWOW64\xactengine2_5.dll 2015-02-02 12:50:25 6F34F7405807DCBF0B9BF6811C94C6D9 440080 ----a-w- C:\Windows\SysWOW64\d3dx10.dll 2015-02-02 12:50:20 26AF232140C88B42D92A88F2198EDF6A 3426072 ----a-w- C:\Windows\SysWOW64\d3dx9_32.dll 2015-02-02 12:50:14 6550E1A0A7BE611592C31222FCB981FB 237848 ----a-w- C:\Windows\SysWOW64\xactengine2_4.dll 2015-02-02 12:50:14 121B131EAA369D8F58DACC5C39A77D80 15128 ----a-w- C:\Windows\SysWOW64\x3daudio1_1.dll 2015-02-02 12:50:11 797E24743937D67D69F28F2CF5052EE8 2414360 ----a-w- C:\Windows\SysWOW64\d3dx9_31.dll 2015-02-02 12:50:06 69D841744B2BAE38FBB2D40A230A549C 236824 ----a-w- C:\Windows\SysWOW64\xactengine2_3.dll 2015-02-02 12:50:04 33B62BE226934E1B01F5043870C70427 62744 ----a-w- C:\Windows\SysWOW64\xinput1_2.dll 2015-02-02 12:50:01 5C4D3843B491C047B7A619901FBD2EC1 230168 ----a-w- C:\Windows\SysWOW64\xactengine2_2.dll 2015-02-02 12:49:59 F1726346E583442541FE73429F8E9C10 62672 ----a-w- C:\Windows\SysWOW64\xinput1_1.dll 2015-02-02 12:49:54 7C9952111F4C743B9F0D8B68B6ED93C9 229584 ----a-w- C:\Windows\SysWOW64\xactengine2_1.dll 2015-02-02 12:49:18 E415862612E65F10D7D888443ECD7594 2388176 ----a-w- C:\Windows\SysWOW64\d3dx9_30.dll 2015-02-02 12:49:10 4E961525CC7FF0E5D7DA19E170B7C14C 14032 ----a-w- C:\Windows\SysWOW64\x3daudio1_0.dll 2015-02-02 12:49:10 2112FE0C46662D429347A7D7B49E3ECE 230096 ----a-w- C:\Windows\SysWOW64\xactengine2_0.dll 2015-02-02 12:49:07 99F4FC172A5ACE36CF00AA7038D23F2C 2332368 ----a-w- C:\Windows\SysWOW64\d3dx9_29.dll 2015-02-02 12:49:04 BE19B603DFBAA829EE5B7749B3BA97DB 2323664 ----a-w- C:\Windows\SysWOW64\d3dx9_28.dll 2015-02-02 12:49:01 852EDC778A7A50077694F84D8E601234 2319568 ----a-w- C:\Windows\SysWOW64\d3dx9_27.dll 2015-02-02 12:48:58 523AB607EEF81CC4D909E7FEBD8A788E 2297552 ----a-w- C:\Windows\SysWOW64\d3dx9_26.dll 2015-02-02 12:48:54 5B48FE9D6686F0D54B26A005ACE24D1D 2337488 ----a-w- C:\Windows\SysWOW64\d3dx9_25.dll 2015-02-02 12:48:47 BC831661963763AC4D504C5CABB1FDD9 2222800 ----a-w- C:\Windows\SysWOW64\d3dx9_24.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-02-11 18:39:42 EC231F13983E56904295C6D1A61FC7F4 433680 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT 2015-02-02 12:51:35 E8932AF24786765859558CB79E385AC2 411656 ----a-w- C:\Windows\Sysnative\xactengine2_10.dll 2015-02-02 12:51:27 7299DF5CF81135934740211D9A946737 2006552 ----a-w- C:\Windows\Sysnative\D3DCompiler_36.dll 2015-02-02 12:51:27 570FDAE7041775DE0C67747BB7081939 508264 ----a-w- C:\Windows\Sysnative\d3dx10_36.dll 2015-02-02 12:51:22 BBB6C6833C30E323B41860D6DF61972D 5081608 ----a-w- C:\Windows\Sysnative\d3dx9_36.dll 2015-02-02 12:51:16 A69C32C2BD01522A088D254342826866 411496 ----a-w- C:\Windows\Sysnative\xactengine2_9.dll 2015-02-02 12:51:12 84116AA94672D623B95217648AE5B5B9 508264 ----a-w- C:\Windows\Sysnative\d3dx10_35.dll 2015-02-02 12:51:11 B21427EDF0449E92000FF497DAAF89C9 1985904 ----a-w- C:\Windows\Sysnative\D3DCompiler_35.dll 2015-02-02 12:51:09 1B3AF16A27D390096925576202A64037 5073256 ----a-w- C:\Windows\Sysnative\d3dx9_35.dll 2015-02-02 12:51:06 FA485E76F94B7457767E372F47757733 409960 ----a-w- C:\Windows\Sysnative\xactengine2_8.dll 2015-02-02 12:51:06 BC78D5328541410510DDE06B9FA92024 21000 ----a-w- C:\Windows\Sysnative\X3DAudio1_2.dll 2015-02-02 12:51:04 9D9407F52B8E24E99358D9944B0D5FA3 1401200 ----a-w- C:\Windows\Sysnative\D3DCompiler_34.dll 2015-02-02 12:51:04 1ED4E7A82BD5C7DEED082F00E63BB7A0 506728 ----a-w- C:\Windows\Sysnative\d3dx10_34.dll 2015-02-02 12:51:00 AE5D5439525B4A4CBF206058D493685D 4496232 ----a-w- C:\Windows\Sysnative\d3dx9_34.dll 2015-02-02 12:50:57 BFB3091B167550EC6E6454813D3DB244 107368 ----a-w- C:\Windows\Sysnative\xinput1_3.dll 2015-02-02 12:50:50 8C970509E0AE10061E3ED6D51E34FEB9 403304 ----a-w- C:\Windows\Sysnative\xactengine2_7.dll 2015-02-02 12:50:45 839C3921005BB41D441E3752C74F2292 506728 ----a-w- C:\Windows\Sysnative\d3dx10_33.dll 2015-02-02 12:50:45 3EBF620536A13CA343E52ECA4F0DE7F8 1400176 ----a-w- C:\Windows\Sysnative\D3DCompiler_33.dll 2015-02-02 12:50:41 3172C3CAC8EA7CA1B5D5AF6699C037D6 4494184 ----a-w- C:\Windows\Sysnative\d3dx9_33.dll 2015-02-02 12:50:35 4837A54574A6105D404A8560984B93DD 393576 ----a-w- C:\Windows\Sysnative\xactengine2_6.dll 2015-02-02 12:50:31 398FF46FF7354FED2F0F1AECDB546866 390424 ----a-w- C:\Windows\Sysnative\xactengine2_5.dll 2015-02-02 12:50:25 8251826F04BA0822D08AD9B92C65A3D5 469264 ----a-w- C:\Windows\Sysnative\d3dx10.dll 2015-02-02 12:50:20 A4DDFE5DC4E73D1FED9B1B3A3D885612 4398360 ----a-w- C:\Windows\Sysnative\d3dx9_32.dll 2015-02-02 12:50:14 58BB51253427A834A8807B9245CC5965 364824 ----a-w- C:\Windows\Sysnative\xactengine2_4.dll 2015-02-02 12:50:14 489E5B8BB1BD1028FF1C798EAAEC65E4 17688 ----a-w- C:\Windows\Sysnative\x3daudio1_1.dll 2015-02-02 12:50:11 FAAA0BB9CD2905B25334132E5BA093EB 3977496 ----a-w- C:\Windows\Sysnative\d3dx9_31.dll 2015-02-02 12:50:06 0396D2A98B0CCD4419B572EBF618E81E 363288 ----a-w- C:\Windows\Sysnative\xactengine2_3.dll 2015-02-02 12:50:04 06F15D3CB1AE0EAFA50F595B3FF8D9F5 83736 ----a-w- C:\Windows\Sysnative\xinput1_2.dll 2015-02-02 12:50:01 DC5A914C34EB12056531777D4DD0F44E 354072 ----a-w- C:\Windows\Sysnative\xactengine2_2.dll 2015-02-02 12:49:59 6F9D3289D8B166E478AFFF9EFA92C42C 83664 ----a-w- C:\Windows\Sysnative\xinput1_1.dll 2015-02-02 12:49:54 0CC809422AB40974DFF8078392E4D507 352464 ----a-w- C:\Windows\Sysnative\xactengine2_1.dll 2015-02-02 12:49:18 E09A9CF383ACF4A28038561E62277377 3927248 ----a-w- C:\Windows\Sysnative\d3dx9_30.dll 2015-02-02 12:49:10 F77D5AB654881E683CFF6650916C424E 16592 ----a-w- C:\Windows\Sysnative\x3daudio1_0.dll 2015-02-02 12:49:10 CE5753F9A27837259EB52F3F47F39593 355536 ----a-w- C:\Windows\Sysnative\xactengine2_0.dll 2015-02-02 12:49:07 68B35CBDB4A8CC424718BBCC894FEEEA 3830992 ----a-w- C:\Windows\Sysnative\d3dx9_29.dll 2015-02-02 12:49:04 88BAC8306D4EC79A82B1FFA17DC8CF4A 3815120 ----a-w- C:\Windows\Sysnative\d3dx9_28.dll 2015-02-02 12:49:01 914C3237E4D145A18DCD1D0D4C8659E1 3807440 ----a-w- C:\Windows\Sysnative\d3dx9_27.dll 2015-02-02 12:48:58 44F5C5E27D6825E4E62420BC29B8B533 3767504 ----a-w- C:\Windows\Sysnative\d3dx9_26.dll 2015-02-02 12:48:54 4C56E7C5B2A61353E534C7D15D05856D 3823312 ----a-w- C:\Windows\Sysnative\d3dx9_25.dll 2015-02-02 12:48:47 B165DF72E13E6AF74D47013504319921 3544272 ----a-w- C:\Windows\Sysnative\d3dx9_24.dll ====== C:\Windows\Sysnative\drivers ===== 2015-01-14 12:04:25 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== 2015-01-30 19:13:29 F45F185A61EF96CEB7124613B1F0F5FB 3950 ----a-w- C:\Windows\Sysnative\Tasks\User_Feed_Synchronization-{205BB91B-AC44-40A7-AA53-C8FBCF9F2FA5} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-28 13:36:17 -------- d-----w- C:\Program Files\iPod 2015-01-28 13:36:14 -------- d-----w- C:\Program Files\iTunes ======= C:\PROGRA~2 ===== 2015-02-10 06:46:26 -------- d-----w- C:\PROGRA~2\Internet Speed Checker 2015-02-09 22:29:56 -------- d-----w- C:\PROGRA~2\CinemaP-1.8cV09.02 2015-02-02 12:43:31 -------- d-----w- C:\PROGRA~2\Activision 2015-01-14 17:55:48 -------- d-----w- C:\PROGRA~2\Adobe 2015-01-14 17:55:47 -------- d-----w- C:\PROGRA~2\COMMON~1\Adobe ======= C: ===== 2015-02-10 21:50:58 44B43467D996BB1F90C34C881F94010A 6608 ------w- C:\bootsqm.dat ====== C:\Users\Koen\AppData\Roaming ====== 2015-02-11 18:40:57 F8CF9023D59A988A2DBD67039D4F40C6 111520 ----a-w- C:\Users\Koen\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-11 17:45:30 -------- d-----w- C:\Users\Seppe\AppData\Local\temp 2015-02-11 17:45:30 -------- d-----w- C:\Users\Public\AppData\Local\temp 2015-02-11 17:45:30 -------- d-----w- C:\Users\Leonie\AppData\Local\temp 2015-02-11 17:45:30 -------- d-----w- C:\Users\Default\AppData\Local\temp 2015-02-11 17:45:30 -------- d-----w- C:\Users\Default User\AppData\Local\temp 2015-02-11 17:45:30 -------- d-----w- C:\Users\Administrator\AppData\Local\temp 2015-02-09 22:36:14 -------- d-----w- C:\Users\Koen\AppData\Roaming\MiniGet 2015-02-02 12:52:14 -------- d-----w- C:\Users\Koen\AppData\Local\Barbie's Paardenavonturen - Het Paardrijkamp ====== C:\Users\Koen ====== 2015-02-11 18:43:25 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Koen\Downloads\RSITx64.exe 2015-02-11 17:45:30 -------- d-----w- C:\Users\Public\AppData 2015-02-02 12:43:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barbie's Paardenavonturen - Het Paardrijkamp 2015-01-28 13:37:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-27 20:51:38 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-22 10:53:18 -------- d-----w- C:\ProgramData\Oracle ====== C: exe-files == 2015-02-12 13:08:01 FC31B16CA313BE4FA25F113966E0998A 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2043100165-3502898724-762426204-1000\$I3WA665.exe 2015-02-12 13:08:01 F4FD8B017E9FB106EAB671A29DAF0291 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2043100165-3502898724-762426204-1000\$IVIRPWK.exe 2015-02-12 13:08:01 AF4158DDA7FD248E02D03F46DB9E4AC3 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2043100165-3502898724-762426204-1000\$IHEDY81.exe 2015-02-12 13:08:01 678A86CA012EAE1E2AD3EFF4FC4D8A32 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2043100165-3502898724-762426204-1000\$IJEP740.exe 2015-02-12 13:08:01 311188588E71503A1FBC7EC57E8FD1CB 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2043100165-3502898724-762426204-1000\$IVY17UJ.exe 2015-02-12 13:08:01 25779113F49A504F014037265041D714 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2043100165-3502898724-762426204-1000\$IB98EQK.exe 2015-02-12 13:08:01 1B2698E1AB21DA3A38688E229A9F4A97 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2043100165-3502898724-762426204-1000\$I5O8TWC.exe 2015-02-12 13:07:14 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2043100165-3502898724-762426204-1000\$RJEP740.exe 2015-02-12 13:06:23 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2043100165-3502898724-762426204-1000\$RVIRPWK.exe 2015-02-12 13:04:57 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2043100165-3502898724-762426204-1000\$R5O8TWC.exe 2015-02-12 13:04:42 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2043100165-3502898724-762426204-1000\$RHEDY81.exe 2015-02-12 13:04:41 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2043100165-3502898724-762426204-1000\$R3WA665.exe 2015-02-12 13:04:09 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2043100165-3502898724-762426204-1000\$RB98EQK.exe 2015-02-11 18:43:25 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Koen\Downloads\RSITx64.exe 2015-02-11 17:16:05 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe 2015-02-11 17:16:05 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe 2015-02-11 17:16:05 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe 2015-02-11 17:16:05 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe 2015-02-11 17:16:05 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe 2015-02-09 22:32:16 02D4D23F578D9C208E8398F6F076FAA2 1413080 ----a-w- C:\Program Files (x86)\CinemaP-1.8cV09.02\b5206dea-45cc-49c0-8794-a74836358aa4-1-6.exe === C: other files == 2015-02-11 17:59:04 1DFB62B336E6A41B6BCD01468D57B7E9 456923 ----a-w- C:\Users\Koen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPGNWLM2\silverlightmediaelement[1].zip 2015-02-11 17:57:31 0AACD2FC5E718ACA8DFFF13ABE5699D3 172426 ----a-w- C:\Users\Koen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBC6O3O2\RegisterDevice[1].zip 2015-02-10 06:47:22 CB30EEBFD2A687D516BF293AE69F3B76 428051 ----a-w- C:\Program Files (x86)\Internet Speed Checker\07d36f0e-fdf9-4bef-b3b3-9b3f7b7c16e5.xpi 2015-02-09 22:31:28 F73E9539F039F32D084C97DFD998337A 446899 ----a-w- C:\Program Files (x86)\CinemaP-1.8cV09.02\b5206dea-45cc-49c0-8794-a74836358aa4.xpi ======== System Restore Points ======== RP287: 12/02/2015 13:57:28 - Installatieprogramma voor Windows-modules ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2043100165-3502898724-762426204-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\Koen\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GarminExpressTrayApp" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Koen\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Koen\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="C:\\Users\\Seppe\\AppData\\Roaming\\uTorrent\\uTorrent.exe /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Koen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "item"="Dropbox" "path"="C:\\Users\\Koen\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Koen\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Koen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Verzenden naar OneNote.lnk] "item"="Verzenden naar OneNote" "path"="C:\\Users\\Koen\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Verzenden naar OneNote.lnk" "backup"="C:\\Windows\\pss\\Verzenden naar OneNote.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\MICROS~3\\Office15\\ONENOTEM.EXE" ==== Startup Folders ====================== 2015-02-05 17:54:33 1131 ----a-w- C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2043100165-3502898724-762426204-1000Core.job --a------ C:\Users\Koen\AppData\Local\Facebook\Update\FacebookUpdate.exe [09/11/2013 18:58] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2043100165-3502898724-762426204-1000UA.job --a------ C:\Users\Koen\AppData\Local\Facebook\Update\FacebookUpdate.exe [09/11/2013 18:58] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/10/2013 17:40] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/10/2013 17:40] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2043100165-3502898724-762426204-1000Core" [C:\Users\Koen\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2043100165-3502898724-762426204-1000UA" [C:\Users\Koen\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{205BB91B-AC44-40A7-AA53-C8FBCF9F2FA5}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{36E4DDD6-E47E-4E89-AE7F-199EA841721B}" [C:\Users\Seppe\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe] "C:\Windows\SysNative\tasks\{4F6DD7C6-45BB-4E54-9557-BFFD5ABA75A3}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\{BB3F6BA6-17B4-445D-9CA9-5014F434D7A5}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\{D96032A5-2DED-40F1-88F3-6813F634075B}" [C:\Users\Seppe\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Seppe\AppData\Roaming\Mozilla\Firefox\Profiles\wob0ufa0.default user_pref("browser.startup.homepage", "about:home"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Seppe\AppData\Roaming\Mozilla\Firefox\Profiles\wob0ufa0.default - Undetermined - {DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} - Undetermined - agffxtbr@PremierDownloadManager_ag.com - Undetermined - {54FBE89E-C878-46bb-A064-AB327EE26EBC} - Undetermined - {62DD0A97-FDD4-421b-94A5-D1A9434450C7} - Undetermined - {CA8C84C6-3918-41b1-BE77-049B2BDD887C} - Slick Savings - %ProfilePath%\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} - Start Page - %ProfilePath%\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} - Ebay Shopping Assistant by Spigot - %ProfilePath%\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C} - Amazon Shopping Assistant by Spigot - %ProfilePath%\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\j2e1i7p0.default FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Koen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Deleted Firefox Extensions ====================== C:\Users\Seppe\AppData\Roaming\Mozilla\Firefox\Profiles\wob0ufa0.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} deleted C:\Users\Seppe\AppData\Roaming\Mozilla\Firefox\Profiles\wob0ufa0.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} deleted ==== Chromium Look ====================== Google Chrome Version: 37.0.2062.103 (Possible outdated, latest Stable version: 40.0.2214.111) Google Wallet - Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Docs - Leonie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/?gws_rd=ssl" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/?gws_rd=ssl" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="https://www.google.com/search?q={searchTerms}" ==== Reset Google Chrome ====================== C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Leonie\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Seppe\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Leonie\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Seppe\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Koen\Desktop\Documenten - Snelkoppeling.lnk - C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms C:\Users\Koen\Desktop\Downloads - Snelkoppeling.lnk - C:\Users\Koen\Downloads C:\Users\Koen\Desktop\Dropbox.lnk - C:\Users\Koen\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Koen\Desktop\In en uitgaven 2015.xls - Snelkoppeling.lnk - C:\Users\Koen\Documents\Financies\In en uitgaven najaar 2014.xls C:\Users\Koen\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Koen\Desktop\marte 11.jpg - Snelkoppeling.lnk - C:\Users\Koen\Desktop\Fotos Marte\marte 11.jpg C:\Users\Koen\Desktop\MEDIWE - Snelkoppeling.lnk - C:\Users\Koen\Documents\MEDIWE C:\Users\Koen\Desktop\Meterstanden.ods - Snelkoppeling.lnk - C:\Users\Koen\Documents\Meterstanden.ods C:\Users\Koen\Desktop\Microsoft Office 2013 - Snelkoppeling.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 C:\Users\Koen\Desktop\Outlook 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\outicon.exe C:\Users\Koen\Desktop\Spotify.lnk - C:\Users\Koen\AppData\Roaming\Spotify\spotify.exe C:\Users\Koen\Desktop\µTorrent.lnk - C:\Users\Koen\Desktop\Foto's werk Wendy\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2249 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2249.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2250 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2250.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2251 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2251.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2252 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2252.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2253 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2253.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2254 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2254.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2255 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2255.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2256 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2256.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2257 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2257.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2258 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2258.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2259 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2259.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2260 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2260.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2261 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2261.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2262 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2262.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2263 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2263.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2266 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2266.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2267 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2267.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2268 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2268.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2269 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2269.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2274 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2274.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2275 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2275.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2276 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2276.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2277 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2277.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2278 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2278.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2279 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2279.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2280 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2280.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2281 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2281.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2282 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2282.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2283 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2283.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2284 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2284.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2285 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2285.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2286 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2286.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2287 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2287.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2288 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2288.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2289 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2289.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2290 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2290.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2291 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2291.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2292 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2292.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2293 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2293.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2294 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2294.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2295 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2295.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2296 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2296.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2297 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2297.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2298 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2298.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2299 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2299.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2300 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2300.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2301 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2301.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2302 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2302.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2303 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2303.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2304 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2304.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2305 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2305.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2306 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2306.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2307 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2307.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2308 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2308.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2309 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2309.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2310 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2310.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2311 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2311.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2312 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2312.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2313 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2313.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2314 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2314.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2315 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2315.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2316 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2316.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2317 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2317.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2318 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2318.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2319 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2319.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2320 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2320.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2321 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2321.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2322 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2322.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2323 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2323.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2324 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2324.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2326 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2326.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2327 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2327.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2328 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2328.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2329 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2329.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2330 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2330.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2331 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2331.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2332 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2332.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2333 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2333.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2334 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2334.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2335 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2335.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2336 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2336.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2337 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2337.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2338 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2338.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2339 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2339.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2340 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2340.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2342 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2342.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2343 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2343.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2351 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2351.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2352 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2352.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2353 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2353.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2354 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2354.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2355 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2355.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2356 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2356.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2357 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2357.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2358 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2358.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2359 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2359.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2360 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2360.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2361 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2361.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2362 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2362.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2363 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2363.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2364 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2364.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2365 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2365.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2366 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2366.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2367 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2367.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2368 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2368.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2369 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2369.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2370 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2370.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2371 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2371.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2372 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2372.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2373 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2373.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2374 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2374.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2375 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2375.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2376 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2376.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2377 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2377.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2378 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2378.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2379 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2379.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2380 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2380.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2381 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2381.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2382 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2382.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2383 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2383.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2384 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2384.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2385 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2385.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2386 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2386.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2387 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2387.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2388 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2388.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2389 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2389.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2390 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2390.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2391 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2391.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2392 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2392.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2393 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2393.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2394 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2394.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2395 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2395.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2396 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2396.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2397 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2397.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2398 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2398.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2399 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2399.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2400 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2400.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2401 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2401.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2402 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2402.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2403 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2403.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2404 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2404.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2405 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2405.JPG C:\Users\Koen\Desktop\Foto's werk Wendy\nieuwbouw\DSCN2406 - Snelkoppeling.lnk - F:\DCIM\102NIKON\DSCN2406.JPG C:\Users\Leonie\Desktop\Calculator.lnk - C:\Windows\system32\calc.exe C:\Users\Leonie\Desktop\Paint.lnk - C:\Windows\system32\mspaint.exe C:\Users\Leonie\Desktop\PowerPoint 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\pptico.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Guitar Pro 6.lnk - C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Koen\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Rome - Total War™.lnk - C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Koen\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe . C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Koen\AppData\Local\Popcorn Time\Uninstall.exe C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Koen\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Rome Total War Barbarian Invasion™.lnk - C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Rome - Total War™.lnk - C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud\The Happy Cloud.lnk - C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud\Uninstall.lnk - C:\ProgramData\HappyCloud\Application\uninstaller.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barbie's Paardenavonturen - Het Paardrijkamp\Barbie's Paardenavonturen - Het Paardrijkamp verwijderen.lnk - C:\Program Files (x86)\InstallShield Installation Information\{40C4952C-D505-477A-AA90-224C2A011FC2}\setup.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barbie's Paardenavonturen - Het Paardrijkamp\Barbie's Paardenavonturen - Het Paardrijkamp.lnk - C:\Program Files (x86)\Activision\Barbie's Paardenavonturen - Het Paardrijkamp\PXLobby.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\accicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\outicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Verzenden naar OneNote 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Hulpprogramma's van Office 2013\Lync opnamebeheer.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War\Rome - Total War - Gold Edition\Barbarian Invasion.lnk - C:\Program Files (x86)\The Creative Assembly\Rome - Total War\RomeTW-BI.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Koen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Koen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk - C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe C:\Users\Koen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Koen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE /recycle C:\Users\Koen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Koen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Koen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\Koen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sticky Notes.lnk - C:\Users\Koen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Koen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Koen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Leonie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Leonie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Leonie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Leonie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Leonie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Leonie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Leonie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Leonie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Seppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Seppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Seppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Seppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Seppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Play Big Farm.lnk - C:\Users\Seppe\AppData\Roaming\gameo\gameo.exe gameo.dat game:891 gameMode:standalone C:\Users\Seppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Seppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Seppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Seppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Seppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe ==== Uninstall List x64 ====================== ęTorrent [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] Adobe Flash Player 16 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Adobe Reader XI (11.0.10) - Nederlands [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1043-7B44-AB0000000001}] AGEIA PhysX v7.03.21 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{85EBB283-65AF-4C53-9EBE-7C0A232762F7}] Akamai NetSession Interface [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Akamai] Apple Application Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}] Apple Mobile Device Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}] Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}] Barbie's Paardenavonturen - Het Paardrijkamp [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40C4952C-D505-477A-AA90-224C2A011FC2}] Belgium e-ID middleware 4.0.6 (build 7416) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{824563DE-75AD-4166-9DC0-B6482F207416}] Bonjour [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}] CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner] D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}] Dropbox [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dropbox] Elevated Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18FEC022-D8CE-48DF-A57A-1085D4F58F6E}] Facebook Video Calling 2.0.0.447 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}] Garmin Express [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0904cc72-1b29-426a-b0f0-228d2744a4f6}] Garmin Express [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9608B011-02E9-4A66-A0FC-3264A79F808A}] Garmin Express Tray [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB47925A-50F0-493A-B3B0-3F6C632FCE8D}] Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Drive [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C6640705-7479-4EE5-BC86-879F05F65E74}] Google Earth [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}] Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] Guitar Pro 6 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1] iCloud [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6096C0CC-7E19-4355-87F0-627EC5AA146D}] Intel(R) Graphics Media Accelerator Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] iTunes [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}] Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}] Microsoft .NET Framework 4.5.1 (Nederlands) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043] Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9EBB0AF2-4AD2-3ABA-95EF-977EBEA1CB09}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26784146-6E05-3FF9-9335-786C7C0FB5BE}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR] Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{23F2C78C-E131-4CA0-8F84-3473FB7728BA}] Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{196BB40D-1578-3D01-B289-BEFC77A11A1E}] Mozilla Firefox 35.0.1 (x86 nl) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 35.0.1 (x86 nl)] Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService] MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}] MSVCRT_amd64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}] MSVCRT110 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}] MSVCRT110_amd64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9FA781F-3E80-4399-825A-AD3E11C28C77}] Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3538BF4-735B-45F3-B09E-C541A007E4E8}] Picasa 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Picasa 3] PIXresizer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PIXresizer_is1] Rome - Total War - Gold Edition [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}] SkypeT 6.14 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}] Spotify [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spotify] Stuurprogrammapakket voor Windows - Fedict SmartCard (09/23/2013 4.0.6.0) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\E05133A29ECEFEA49458B2C4CC3377FE49ED72B4] swMSM [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] System Requirements Lab for Intel [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{53C63F43-B827-42D9-8886-4698D91EA33B}] VirtualDJ 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}] VLC media player [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player] Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1B905A9B-EB74-4C70-B81B-5F446C178566}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite] Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE52672C-A0E9-4450-8875-88A221D5CD50}] Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{659CB81C-B54E-4DF1-B618-F35777393A54}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5D48C037-D412-4F68-B197-05E03CD46F40}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}] Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{25058321-C33E-496B-8915-6FD64D362CAF}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}] Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}] Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}] Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D1893000-EA77-493C-8DDD-E262436E959B}] Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{290C2B0A-CEE1-4F55-AB46-4571EC01DA96}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{714E162E-CD4F-4F1B-8302-7F5179409C25}] Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C036912B-E841-46F0-9F21-391005D39C9F}] Windows Resource Kit Tools - SubInAcl.exe [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}] WinRAR 5.10 (32-bit) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver] ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - Startup: Dropbox.lnk = Koen\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Akamai NetSession Interface = "C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe" [Akamai Technologies, Inc.] iCloudServices = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [Apple Inc.] CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [Piriform Ltd] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation] HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation] Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation] MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Lync Click to Call BHO -> {HKLM...CLSID} = Lync Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS] -> {HKLM...Wow...CLSID} = Lync Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [MS] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Aanmeldhulp voor Microsoft-account \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] -> {HKLM...Wow...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\URLREDIR.DLL [MS] -> {HKLM...Wow...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Lync Click to Call BHO -> {HKLM...CLSID} = Lync Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS] -> {HKLM...Wow...CLSID} = Lync Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [MS] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Aanmeldhulp voor Microsoft-account \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] -> {HKLM...Wow...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\URLREDIR.DLL [MS] -> {HKLM...Wow...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS] SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS] SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS] DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] GDriveBlacklistedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSharedEditOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSharedViewOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSyncedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSyncingOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [MS] SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [MS] SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [MS] DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OLKFSTUB.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\msohevi.dll [MS] {B28AA736-876B-46DA-B3A8-84C5E30BA492} = Websites -> {HKLM...CLSID} = Websites \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\WXPNSE.DLL [MS] {8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS] {CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS] {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\VISSHE.DLL [MS] {09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MI8079~1\shellext.dll [MS] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM...CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [MS] {CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [MS] {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [MS] {DB19096C-5365-4164-A246-59FEFF9D8062} = Nameext -> {HKLM...Wow...CLSID} = Ondernemingsprojecten \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\NAMEEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OLKFSTUB.DLL [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <> SetupExecute = C:\Windows\System32\poqexec.exe /display_progress \SystemRoot\WinSxS\pending.xml HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807583E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <> osf\CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1} -> {HKLM...CLSID} = Protocol Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [MS] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MI8079~1\shellext.dll [MS] GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6} -> {HKLM...CLSID} = GDContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google] PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE} -> {HKLM...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [Apple Inc.] -> {HKLM...Wow...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll [Apple Inc.] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MI8079~1\shellext.dll [MS] GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6} -> {HKLM...CLSID} = GDContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Koen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM...CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] Picasa2ImportPicturesOnArrival\ Provider = Picasa3 InvokeProgID = picasa2.autoplay InvokeVerb = import HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" "%1" [Google Inc.] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] Startup items in "Koen" & "All Users" startup folders: ------------------------------------------------------ C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} Dropbox -> shortcut to: C:\Users\Koen\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [Dropbox, Inc.] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\Koen\AppData\Local\Microsoft\Windows Sidebar\Settings.ini "C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget" Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Apple Diagnostics -> launches: C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [Apple Inc.] CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] Microsoft Office 15 Sync Maintenance for Koen-PC-Koen Koen-PC -> launches: C:\Program Files\Microsoft Office\Office15\MsoSync.exe [MS] User_Feed_Synchronization-{205BB91B-AC44-40A7-AA53-C8FBCF9F2FA5} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS] {36E4DDD6-E47E-4E89-AE7F-199EA841721B} -> launches: C:\Users\Seppe\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe [file not found] {4F6DD7C6-45BB-4E54-9557-BFFD5ABA75A3} -> launches: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Google Inc.] {8AC1D133-1F98-4B01-9880-C5B815A1B41B} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Koen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2XH0RQS\wmp11-windowsxp-x86-NL-NL.exe" -d C:\Users\Koen\Desktop [MS] {BB3F6BA6-17B4-445D-9CA9-5014F434D7A5} -> launches: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Google Inc.] {D96032A5-2DED-40F1-88F3-6813F634075B} -> launches: C:\Users\Seppe\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe [file not found] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware Microsoft Antimalware Scheduled Scan -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS] MpIdleTask -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS] C:\Windows\System32\Tasks\Microsoft\Office Office 15 Subscription Heartbeat -> launches: %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [MS] OfficeTelemetryAgentFallBack -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880 [MS] OfficeTelemetryAgentLogOn -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform SvcRestartTask -> (HIDDEN!) launches: %systemroot%\system32\sc.exe start osppsvc [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-2043100165-3502898724-762426204-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] SqmUpload_S-1-5-21-2043100165-3502898724-762426204-1003 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000009\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000009\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...Wow...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll [MS] {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ ButtonText = Lync - klikken om te bellen MenuText = Lync - klikken om te bellen CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> {HKLM...CLSID} = Lync Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll [MS] {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ ButtonText = Lync - klikken om te bellen MenuText = Lync - klikken om te bellen CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> {HKLM...Wow...CLSID} = Lync Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...Wow...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] Garmin Core Update Service, Garmin Core Update Service, "C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe" [null data] iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> MsMpSvc, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> MsMpSvc, Service <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ PCL hpz3llhn\Driver = hpz3llhn.dll [Hewlett-Packard Company] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Koen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Koen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Leonie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Leonie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Seppe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Seppe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Leonie\AppData\Local\Mozilla\Firefox\Profiles\ys8nsm14.default\cache2 emptied successfully C:\Users\Seppe\AppData\Local\Mozilla\Firefox\Profiles\wob0ufa0.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Leonie\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Seppe\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=7130 folders=142 207873074 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\temp emptied successfully C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Koen\AppData\Local\Temp will be emptied at reboot C:\Users\Leonie\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\Seppe\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Koen\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 12/02/2015 at 15:36:26,95 ======================