Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Gebruiker on zo 18/05/2014 at 8:17:25,88. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 18/05/2014 8:25:31 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AVS4YOU deleted successfully C:\PROGRA~2\Cheat Engine 6.2 deleted successfully C:\PROGRA~2\ManyCam deleted successfully C:\PROGRA~2\TornTV.com deleted successfully C:\PROGRA~3\4shared Desktop deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\Evernote deleted successfully C:\PROGRA~3\PCSettings deleted successfully C:\PROGRA~3\SaveAs deleted successfully C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted successfully C:\Users\Gebruiker\AppData\Roaming\MusicNet deleted successfully C:\Users\Gebruiker\AppData\Roaming\Publish Providers deleted successfully C:\Users\Gebruiker\AppData\Roaming\Screensaver deleted successfully C:\Users\Gebruiker\AppData\Roaming\Solveig Multimedia deleted successfully C:\Users\Gebruiker\AppData\Roaming\Systweak deleted successfully C:\Users\Gebruiker\AppData\Roaming\TP deleted successfully C:\Users\Gebruiker\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Gast.Gebruiker-PC\AppData\Local\VirtualStore deleted successfully C:\Users\Gebruiker\AppData\Local\cache deleted successfully C:\Users\Gebruiker\AppData\Local\Downloaded Installations deleted successfully C:\Users\Gebruiker\AppData\Local\Lollipop deleted successfully C:\Users\Gebruiker\AppData\Local\NokiaAccount deleted successfully C:\Users\Gebruiker\AppData\Local\PackageAware deleted successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2239336281-3048674072-2116327964-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2239336281-3048674072-2116327964-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2239336281-3048674072-2116327964-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-2239336281-3048674072-2116327964-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-2239336281-3048674072-2116327964-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2239336281-3048674072-2116327964-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\monitor.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files (x86)\Web Protect\PCProtect.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Gebruiker\AppData\Roaming\uTorrent\uTorrent.exe c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe C:\Users\Gebruiker\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="explorer.exe" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "BrowserMngr Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "BrowserMngrDefaultScope"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{081B42CF-2278-5841-F9DF-08FAF6BA0D99}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18363C4B-F9BA-D3D7-0007-B1CE010FC142}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96C8B3CB-ABE6-C827-1DE4-A9AF036CCEA4}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1C861EC-B73F-E295-830B-79835607838D}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccuac.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keyscrambler.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe] ==== Batch Command(s) Run By Tool====================== De Winsock-catalogus is opnieuw ingesteld. De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien. ==== Deleting Files \ Folders ====================== "C:\Windows\Installer\5dcc1c.msi" deleted "C:\Users\Gebruiker\AppData\Roaming\WebServer" deleted "C:\ProgramData\vhosts" deleted "C:\ProgramData\Work - Home" deleted "C:\Users\Gebruiker\AppData\Roaming\imlgs\05-03-2014" deleted "C:\Users\Gebruiker\AppData\Roaming\imlgs\06-03-2014" deleted "C:\Users\Gebruiker\AppData\Roaming\imlgs\07-03-2014" deleted "C:\Users\Gebruiker\AppData\Roaming\imlgs" deleted ==== Folders Found In C:\Users\Gebruiker\AppData\Roaming\skyz ====================== 2014-05-10 10:35:28 d-----w- C:\Users\Gebruiker\AppData\Roaming\skyz\mod_prerequisites 2014-05-10 10:35:47 d-----w- C:\Users\Gebruiker\AppData\Roaming\skyz\mod_temp ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8044 MB CPU Info: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz CPU Speed: 2475,3 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Atheros AR5B97 Wireless Network Adapter | Microsoft Virtual WiFi Miniport Adapter CD / DVD Drives: 2x (E: | F: | ) E: MATSHITADVD-RAM UJ8B0AW | F: DTSOFT BDROM Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 449,7GB | D: 465,8GB Hard Disks - Free: C: 10,9MB | D: 400,4GB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 12/30/11 | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer JE70_HR Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated) Anti-Spyware: Norton Internet Security disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Norton Internet Security disabled Default Browser: Google Chrome 32.0.1700.107 Internet Explorer Version: 11.0.9600.17107 Mozilla Firefox version: 28.0 (x86 nl) Google Chrome version: 32.0.1700.107 Adobe Reader version: 10.1.9.22 Sun Java version: 1.7.0 (64-bit) Flash Player version: 12.0.0.77 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-05-11 20:24:25 3E3776FBC6BFDD0CC2BDEB1749F87D02 737541400 ------w- C:\Windows\MEMORY.DMP 2014-05-07 13:11:55 A94363181B3A777C47554F155CDF93B0 753873 ----a-w- C:\Windows\unins000.exe 2014-05-07 13:11:55 5EF87EB92DE91BD8EC927F5E4C50872C 68324 ----a-w- C:\Windows\unins000.dat ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== 2014-05-12 18:51:46 68A0E3F8B70343185FCC342C86ABD570 2777920 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\Rar$EXa0.912\Fraps 3.5.9 Registered [Cyclonoid]\setup.exe 2014-05-12 18:37:21 6FE0477F96C1720179A9135FB8151926 261730816 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\Camtasia_Setup\Setup_CamtasiaStudio8_x86_ENU.msi 2014-05-12 18:37:21 53406E9988306CBD4537677C5336ABA4 889416 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\Camtasia_Setup\Prerequisites\DotNetFX40\dotNetFx40_Full_setup.exe 2014-05-12 18:32:24 68A0E3F8B70343185FCC342C86ABD570 2777920 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\Rar$EXa0.422\Fraps 3.5.9 Registered [Cyclonoid]\setup.exe 2014-05-12 18:26:28 68A0E3F8B70343185FCC342C86ABD570 2777920 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\Rar$EXa0.731\Fraps 3.5.9 Registered [Cyclonoid]\setup.exe 2014-05-10 14:01:12 3B1F8DF4B9CF28B749F3530614060DD0 10094088 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\BackupSetup.exe 2014-05-10 14:00:52 272F3B7EFC6DF7E9E249724AFB4AB84A 11567116 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\is1108708961\20792291_stp.EXE 2014-05-08 16:27:12 22385EE33688B10B61DA1D8CA9549E4B 120192 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\clear.fiClient\cabarc.exe 2014-05-07 10:39:44 3D2810BD999225AC121040BA80D24494 98024 ------w- C:\Users\Gebruiker\AppData\Local\Temp\is1108708961\20792384_stp\aff_setup.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-05-15 16:39:28 FBCF3F01177953EBF1E735643621CCF5 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 16:39:28 EB5347F6149D3FF25F4D609A21A3BD67 17382912 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-05-15 16:39:28 10D531ADC7B8FB36C7361D44AF6E8AB6 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 10:13:39 E9D88493FBDB36D4B65C6F2F7F122C95 12874240 ----a-w- C:\Windows\SysWOW64\shell32.dll 2014-05-15 10:13:24 ED195AC76E10F17F6DD60C49666F2A83 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 10:13:24 9DE19EA21DF99AF15BA5A947E5317F9E 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2014-05-15 10:13:24 4D59F470985D08139E42D15842816C47 3969984 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 10:13:24 31FA2485DFC773F1E718A4D19F443FA9 3914176 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 10:13:23 FBC78B5D12A4F5A62D9C91E0E0E46D46 49664 ----a-w- C:\Windows\SysWOW64\adprovider.dll 2014-05-15 10:13:23 C94CE65AE7701E9FDBA889045543E27C 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2014-05-15 10:13:23 995B39A08421C7725D1DF8DACEBBFC89 538112 ----a-w- C:\Windows\SysWOW64\objsel.dll 2014-05-15 10:13:23 834A859BB331B0B2CCAE25BB1986F80D 47616 ----a-w- C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 10:13:23 828185688FDAAE6C7959B884ABED1766 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2014-05-15 10:13:23 75878492F2B33405EEF900F8C16C6D08 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2014-05-15 10:13:23 62C0798CC68EBF42F29C92E6CD6DC3D6 36864 ----a-w- C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 10:13:23 5E11C55CC4D9330E55CCB22B1F20BB33 35328 ----a-w- C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 10:13:23 541BB9B4C899ADCC5D3DB89208C1F409 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 10:13:23 461B713DE7F353C6447B744F1A049930 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2014-05-15 10:13:23 3A1ABE045A3E30799576E83A2D012B43 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2014-05-15 10:13:23 38A30B8E4216BE24D30F766EF3BAC2C7 48128 ----a-w- C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 10:13:23 335FA669FC952BC4888CEDBDB42607E2 51200 ----a-w- C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 10:13:23 2A86C18CE6869C77FCEB62F3B47D4D5B 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2014-05-07 13:11:55 FA425C74CE2EB719B2A77A7A2ADDAE32 216064 ----a-w- C:\Windows\SysWOW64\Lagarith.dll 2014-05-07 13:11:55 D4F8F8AFEFE1D103539175F159905613 438008 ----a-w- C:\Windows\SysWOW64\BytescoutScreenCapturing.dll 2014-05-07 13:11:55 32A1BAD84A4076422848E2DED5E72AC4 175864 ----a-w- C:\Windows\SysWOW64\BytescoutVideoMixerFilter.dll 2014-05-07 13:11:55 11E5376FD83BD220399FD37AA84C0F8F 265976 ----a-w- C:\Windows\SysWOW64\BytescoutScreenCapturingFilter.dll 2014-05-04 14:31:29 E6C2F1D8B667DDC04CB55B9F0159EF97 467984 ----a-w- C:\Windows\SysWOW64\d3dx10_39.dll 2014-05-04 14:31:29 C4F1972497FE2CEB7D900938C97FCF91 1493528 ----a-w- C:\Windows\SysWOW64\D3DCompiler_39.dll 2014-05-04 14:31:26 8CB3DEFB8887C4F0846DB1FC1304D6D2 3851784 ----a-w- C:\Windows\SysWOW64\D3DX9_39.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-05-15 16:39:29 A920E1336F9FEA95477763E2CC15891B 84992 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-05-15 16:39:29 797E2E5C309AFF76990D5B7AF457EACA 23544320 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-05-15 16:39:28 A45BFDCFD5864F658289A165E6E0227F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-05-15 10:13:40 427015D56DF17241F634611557146C57 14175744 ----a-w- C:\Windows\Sysnative\shell32.dll 2014-05-15 10:13:38 4A795989DF0043973711B666D36D2678 477184 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-05-15 10:13:37 485FB1F3792FF7B5D5EBB99AB870E588 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-05-15 10:13:25 9358149234A4F3FE00CF5C2096DC1652 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2014-05-15 10:13:24 E2A483E796D5FC7E447725FD01D98FA0 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2014-05-15 10:13:24 B19C8390A1D641B9AC4490D4828A7B5E 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2014-05-15 10:13:24 89EF1CE0CE43AB8F55247D746739A321 722944 ----a-w- C:\Windows\Sysnative\objsel.dll 2014-05-15 10:13:24 6B47CF5C27865DDF6680E4D834FBE34F 5550016 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2014-05-15 10:13:23 CF13522172342AD8196B329C15D68E23 44544 ----a-w- C:\Windows\Sysnative\dimsroam.dll 2014-05-15 10:13:23 C072064F95579C0D6D86AF5B3DC53192 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2014-05-15 10:13:23 BDA8B14AFE99A0C52BFEA64C5AC62171 52736 ----a-w- C:\Windows\Sysnative\dpapiprovider.dll 2014-05-15 10:13:23 B6D8C1202DACA028AD94BDA2795CBBE9 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-05-15 10:13:23 9D942180B5B6CE1C882B9CC54EA1F275 57344 ----a-w- C:\Windows\Sysnative\cngprovider.dll 2014-05-15 10:13:23 9A3C6D8593F29A9F66744A3D4E6309B2 39936 ----a-w- C:\Windows\Sysnative\wincredprovider.dll 2014-05-15 10:13:23 851BB346CD59D9B3BC8854384C7DD5C3 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2014-05-15 10:13:23 82A72E99AA1CF0B04D3B9843CBA3AEC1 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-05-15 10:13:23 8098627D0AA1706D69C5AF3F74332ABB 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2014-05-15 10:13:23 692E9886B2A475684F7E3294BF66E97D 56832 ----a-w- C:\Windows\Sysnative\adprovider.dll 2014-05-15 10:13:23 4959DE74643CBC4B83E5BC99486A4FC9 53760 ----a-w- C:\Windows\Sysnative\capiprovider.dll 2014-05-15 10:13:23 481F70241D4EA038BB02590A30F15A23 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2014-05-15 10:13:23 39312B37C5FE5138F99680A49ACD3AEA 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2014-05-15 10:13:23 26AF184300C0868D854D5A3092234E24 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2014-05-15 10:13:23 204F3F58212B3E422C90BD9691A2DF28 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2014-05-07 13:11:55 EE6407670B4CA47CCC9AF5ED41A19150 148992 ----a-w- C:\Windows\Sysnative\Lagarith.dll ====== C:\Windows\Sysnative\drivers ===== 2014-05-15 10:13:23 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2014-05-15 10:13:23 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-05-10 11:23:01 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-05-15 16:38:53 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER 2014-05-12 18:45:21 -------- d-----w- C:\PROGRA~2\QuickTime 2014-05-12 18:45:09 -------- d-----w- C:\PROGRA~2\COMMON~1\TechSmith Shared 2014-05-12 18:44:53 -------- d-----w- C:\PROGRA~2\TechSmith 2014-05-07 13:11:50 -------- d-----w- C:\PROGRA~2\ezvid ======= C: ===== ====== C:\Users\Gebruiker\AppData\Roaming ====== 2014-05-12 19:02:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\TechSmith 2014-05-12 18:46:57 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\TechSmith 2014-05-11 07:57:24 -------- d-----w- C:\Users\Gast.Gebruiker-PC\AppData\Roaming\WinRAR 2014-05-11 07:55:53 -------- d-----w- C:\Users\Gast.Gebruiker-PC\AppData\Local\Google 2014-05-10 19:27:50 -------- d-s---w- C:\Users\Gast.Gebruiker-PC\AppData\Locallow\Microsoft 2014-05-10 19:24:05 -------- d-----w- C:\Users\Gast.Gebruiker-PC\AppData\Roaming\Screensaver 2014-05-10 19:24:02 -------- d-----w- C:\Users\Gast.Gebruiker-PC\AppData\Local\Adobe 2014-05-10 19:22:28 -------- d-----w- C:\Users\Gast.Gebruiker-PC\AppData\Roaming\Adobe 2014-05-10 19:22:16 -------- d-----r- C:\Users\Gast.Gebruiker-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-10 19:22:16 -------- d-----r- C:\Users\Gast.Gebruiker-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-10 19:22:05 -------- d-----w- C:\Users\Gast.Gebruiker-PC\AppData\Roaming\Identities 2014-05-10 19:21:31 -------- d-s---w- C:\Users\Gast.Gebruiker-PC\AppData\Roaming\Microsoft 2014-05-10 19:21:31 -------- d-----w- C:\Users\Gast.Gebruiker-PC\AppData\Roaming\TuneUp Software 2014-05-10 19:21:31 -------- d-----w- C:\Users\Gast.Gebruiker-PC\AppData\Roaming\Media Center Programs 2014-05-10 19:21:31 -------- d-----w- C:\Users\Gast.Gebruiker-PC\AppData\Local\Temp 2014-05-10 19:21:31 -------- d-----w- C:\Users\Gast.Gebruiker-PC\AppData\Local\Microsoft Help 2014-05-10 19:21:31 -------- d-----w- C:\Users\Gast.Gebruiker-PC\AppData\Local\Microsoft 2014-05-10 19:21:31 -------- d-----r- C:\Users\Gast.Gebruiker-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-05-10 19:21:31 -------- d-----r- C:\Users\Gast.Gebruiker-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-05-10 13:57:17 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\DuckLink 2014-05-10 10:35:28 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\skyz 2014-05-07 13:12:21 -------- d-----w- C:\Users\Gebruiker\AppData\Local\ezvid,_inc 2014-05-04 20:20:26 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\LolClient 2014-05-04 14:28:57 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Riot Games 2014-05-01 20:13:56 -------- d-sh--w- C:\Users\Gebruiker\AppData\Locallow\EmieUserList 2014-05-01 20:13:56 -------- d-sh--w- C:\Users\Gebruiker\AppData\Local\EmieUserList 2014-05-01 20:13:56 -------- d-sh--w- C:\Users\Gebruiker\AppData\Local\EmieSiteList 2014-05-01 20:11:54 -------- d-sh--w- C:\Users\Gebruiker\AppData\Locallow\EmieSiteList ====== C:\Users\Gebruiker ====== 2014-05-17 08:11:52 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Searches 2014-05-12 18:45:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2014-05-12 18:45:22 -------- d-----w- C:\ProgramData\regid.1995-08.com.techsmith 2014-05-12 18:44:53 -------- d-----w- C:\ProgramData\TechSmith 2014-05-12 18:31:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps 2014-05-12 18:31:25 13818170DA8A9F38AA6B3D1D30A2946E 255523176 ----a-w- C:\Users\Gebruiker\Downloads\camtasia.exe 2014-05-11 08:03:51 EA3CCEC5A4C6A86C68727510A35CD7D9 2808712 ----a-w- C:\Users\Gebruiker\Downloads\CreativeCloudSet-Up (8).exe 2014-05-11 08:03:43 EA3CCEC5A4C6A86C68727510A35CD7D9 2808712 ----a-w- C:\Users\Gebruiker\Downloads\CreativeCloudSet-Up (7).exe 2014-05-11 08:03:40 EA3CCEC5A4C6A86C68727510A35CD7D9 2808712 ----a-w- C:\Users\Gebruiker\Downloads\CreativeCloudSet-Up (6).exe 2014-05-10 19:22:16 -------- d-----r- C:\Users\Gast.Gebruiker-PC\Searches 2014-05-10 19:21:53 -------- d-----r- C:\Users\Gast.Gebruiker-PC\Contacts 2014-05-10 19:21:31 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Gast.Gebruiker-PC\ntuser.ini 2014-05-10 19:21:31 -------- d--h--w- C:\Users\Gast.Gebruiker-PC\AppData 2014-05-10 19:21:31 -------- d-----r- C:\Users\Gast.Gebruiker-PC\Documents 2014-05-10 19:21:31 -------- d-----r- C:\Users\Gast.Gebruiker-PC\Desktop 2014-05-10 19:21:30 -------- d-----r- C:\Users\Gast.Gebruiker-PC\Videos 2014-05-10 19:21:30 -------- d-----r- C:\Users\Gast.Gebruiker-PC\Saved Games 2014-05-10 19:21:30 -------- d-----r- C:\Users\Gast.Gebruiker-PC\Pictures 2014-05-10 19:21:30 -------- d-----r- C:\Users\Gast.Gebruiker-PC\Music 2014-05-10 19:21:30 -------- d-----r- C:\Users\Gast.Gebruiker-PC\Links 2014-05-10 19:21:30 -------- d-----r- C:\Users\Gast.Gebruiker-PC\Favorites 2014-05-10 19:21:30 -------- d-----r- C:\Users\Gast.Gebruiker-PC\Downloads 2014-05-10 13:59:49 935C478B68509048DC2F6AB32DD6D83A 665840 ----a-w- C:\Users\Gebruiker\Downloads\CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe 2014-05-10 13:55:54 1BA4625544F5E2EA5DC956C824FCF09E 6142695 ----a-w- C:\Users\Gebruiker\Downloads\Install_DuckCapture_2.7.exe 2014-05-08 16:31:56 EA3CCEC5A4C6A86C68727510A35CD7D9 2808712 ----a-w- C:\Users\Gebruiker\Downloads\CreativeCloudSet-Up (5).exe 2014-05-08 16:30:20 1B4BCE39FDC6C84E0EA802F1B5BDC67E 2808712 ----a-w- C:\Users\Gebruiker\Downloads\CreativeCloudSet-Up (4).exe 2014-05-07 16:59:50 6F2A546F86D8CE2EE9DF5BADC941E0EE 1168896 ----a-w- C:\Users\Gebruiker\Downloads\ezvid0982d (3).exe 2014-05-07 16:59:47 6F2A546F86D8CE2EE9DF5BADC941E0EE 1168896 ----a-w- C:\Users\Gebruiker\Downloads\ezvid0982d (2).exe 2014-05-07 13:11:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ezvid 2014-05-07 13:09:41 6F2A546F86D8CE2EE9DF5BADC941E0EE 1168896 ----a-w- C:\Users\Gebruiker\Downloads\ezvid0982d (1).exe 2014-05-07 13:09:39 6F2A546F86D8CE2EE9DF5BADC941E0EE 1168896 ----a-w- C:\Users\Gebruiker\Downloads\ezvid0982d.exe 2014-05-07 12:17:32 EA3CCEC5A4C6A86C68727510A35CD7D9 2808712 ----a-w- C:\Users\Gebruiker\Downloads\CreativeCloudSet-Up (3).exe 2014-05-07 12:17:32 EA3CCEC5A4C6A86C68727510A35CD7D9 2808712 ----a-w- C:\Users\Gebruiker\Downloads\CreativeCloudSet-Up (2).exe 2014-05-07 12:17:30 EA3CCEC5A4C6A86C68727510A35CD7D9 2808712 ----a-w- C:\Users\Gebruiker\Downloads\CreativeCloudSet-Up (1).exe 2014-05-07 12:15:02 EA3CCEC5A4C6A86C68727510A35CD7D9 2808712 ----a-w- C:\Users\Gebruiker\Downloads\CreativeCloudSet-Up.exe 2014-05-04 14:28:10 7E7D561273C3D23795AE1AC32BC13FBE 34888568 ----a-w- C:\Users\Gebruiker\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe 2014-04-23 11:57:16 -------- d-----w- C:\Users\dub_cm_auto\Application Data ====== C: exe-files == 2014-05-15 19:41:52 DD5B5B10BB387F7A7D4B60323163C93B 1268560 ----a-w- C:\Users\Gebruiker\AppData\Roaming\uTorrent\updates\3.4.1_31139.exe 2014-05-15 10:13:24 6B47CF5C27865DDF6680E4D834FBE34F 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe 2014-05-15 10:13:23 204F3F58212B3E422C90BD9691A2DF28 31232 ----a-w- C:\Windows\System32\lsass.exe 2014-05-13 17:52:40 B110ADC13FA0FEAC4E037B1A9F55B302 16820736 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\BFP4f.exe 2014-05-13 17:44:27 C5E4412B814AA4463A59BD37AFEB6B03 499896 ----a-w- C:\Program Files (x86)\TeamViewer\Version8\uninstall.exe 2014-05-13 17:44:27 8B8F1D0C3850B1E99A6255476850BC1F 232288 ----a-w- C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe 2014-05-13 17:44:27 876A8C722250A0499A7CE6FD3389CA5B 4171104 ----a-w- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe 2014-05-13 17:44:27 7C8DD5576695B3362202EF09B20C425E 3574624 ----a-w- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe 2014-05-13 17:44:27 2A832192509EDB09B6059C1416A97C37 193888 ----a-w- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe 2014-05-13 17:44:26 7BB7E26DDC7E4AB9DC1559E17DD0A3BA 10244448 ----a-w- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe 2014-05-12 18:51:46 68A0E3F8B70343185FCC342C86ABD570 2777920 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\Rar$EXa0.912\Fraps 3.5.9 Registered [Cyclonoid]\setup.exe 2014-05-12 18:37:21 53406E9988306CBD4537677C5336ABA4 889416 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\Camtasia_Setup\Prerequisites\DotNetFX40\dotNetFx40_Full_setup.exe 2014-05-12 18:32:24 68A0E3F8B70343185FCC342C86ABD570 2777920 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\Rar$EXa0.422\Fraps 3.5.9 Registered [Cyclonoid]\setup.exe 2014-05-12 18:31:35 2E107AEEB6D0E523C345B4194EADB48F 40445 ----a-w- C:\Fraps\uninstall.exe 2014-05-12 18:31:25 13818170DA8A9F38AA6B3D1D30A2946E 255523176 ----a-w- C:\Users\Gebruiker\Downloads\camtasia.exe 2014-05-12 18:26:28 68A0E3F8B70343185FCC342C86ABD570 2777920 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\Rar$EXa0.731\Fraps 3.5.9 Registered [Cyclonoid]\setup.exe 2014-05-11 08:03:51 EA3CCEC5A4C6A86C68727510A35CD7D9 2808712 ----a-w- C:\Users\Gebruiker\Downloads\CreativeCloudSet-Up (8).exe 2014-05-11 08:03:43 EA3CCEC5A4C6A86C68727510A35CD7D9 2808712 ----a-w- C:\Users\Gebruiker\Downloads\CreativeCloudSet-Up (7).exe 2014-05-11 08:03:40 EA3CCEC5A4C6A86C68727510A35CD7D9 2808712 ----a-w- C:\Users\Gebruiker\Downloads\CreativeCloudSet-Up (6).exe === C: other files == 2014-05-13 17:52:39 74441036A428ECEF4F50820EE93D3DE0 150287 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Sound_server.zip 2014-05-13 17:52:26 81C74AF42C4E79CC3AF3C7331D171375 728237 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Shaders_client.zip 2014-05-13 17:52:26 0BE9AA89E3668F16ABA94F38DCC09AC4 353434573 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Sound_client.zip 2014-05-13 17:52:25 E80BC02D107010F885F8F98FA37E4E22 964267 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Menu_server.zip 2014-05-13 17:52:25 51051BAAB2BFE9DE9A070CCAD12541B5 19270021 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Menu_client.zip 2014-05-13 17:52:24 A656BF8FA8EC4D17AA64E1F09C659A65 9122 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Fonts_server.zip 2014-05-13 17:52:24 77021D97634CE7DCA6D1F5C9982A0302 578431 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Fonts_client.zip 2014-05-13 17:52:24 44EB54BE3D99FC0CB345FA7AC453C393 46452 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Common_server.zip 2014-05-13 17:52:23 BBEF8C792E54B82730BFFA197360058E 28528079 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Common_client.zip 2014-05-13 17:51:39 A96E0614919AD068EA971B3595948167 2198609 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\Sharqi\server.zip 2014-05-13 17:51:38 6B286DAF18C6423DF4F9FFDF6B6658F0 70726505 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\Sharqi\client.zip 2014-05-13 17:51:38 32E41112FA14B8D89927731EE0259064 2376306 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\Mashtuur_City\server.zip 2014-05-13 17:51:35 E016876FE72EC0017BC770402ACA94E6 69227620 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\Mashtuur_City\client.zip 2014-05-13 17:51:35 A2DECF059870769CB4DCDC7F68EA7391 851533 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\karkand_rush\server.zip 2014-05-13 17:51:34 91ADF87FB75081A82D36CD0CA6973649 42495936 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\karkand_rush\client.zip 2014-05-13 17:51:34 17918F3A4F67CB8C471EFC46280A4C90 1586722 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\Gulf_of_Oman\server.zip 2014-05-13 17:51:32 C620F47A494A8EFCA7C9C8CB7C297E6A 71505014 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\Gulf_of_Oman\client.zip 2014-05-13 17:51:31 61BAD4664D58FD81A05F0A2E7BB55C05 5589334 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\Dragon_Valley\server.zip 2014-05-13 17:51:27 AF93D71176478F5D832DE39F643FFFB0 187246 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\Downtown\server.zip 2014-05-13 17:51:27 0CEEE236F3E79FBA1AE7B3D7183AC27D 100710230 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\Dragon_Valley\client.zip 2014-05-13 17:51:26 F6D5D754843167BE0ADE980235D37115 2222222 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\Dalian_plant\server.zip 2014-05-13 17:51:26 4E295861A09592914196D7D5B2286C57 28738192 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\Downtown\client.zip 2014-05-13 17:51:23 AFF591274E94978C065264607E024521 79610538 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Play4Free\mods\main\Levels\Dalian_plant\client.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2239336281-3048674072-2116327964-1000\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "uTorrent"="C:\Users\Gebruiker\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "Spotify Web Helper"="C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "uTorrent"="C:\Users\Gebruiker\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "Spotify Web Helper"="C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~2\\gssupp~1\\assist~1.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "Persistence"="C:\Windows\system32\igfxpers.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "Google Update"="\"C:\\Users\\Gebruiker\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Advanced Audio v2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dolby Advanced Audio v2" "hkey"="HKLM" "command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LManager" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LogMeIn Hamachi Ui" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NextLive" "hkey"="HKCU" "command"="C:\\Windows\\SysWOW64\\rundll32.exe \"C:\\Users\\Gebruiker\\AppData\\Roaming\\newnext.me\\nengine.dll\",EntryPoint -m l" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Nikon Message Center 2" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Nikon\\Nikon Message Center 2\\NkMC2.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Gebruiker\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Gebruiker\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BBSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CltMngSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DefaultTabSearch] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DefaultTabUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DsiWMIService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GamesAppService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMIGuardianSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NTI IScheduleSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RealNetworks Downloader Resolver Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer7] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TuneUp.UtilitiesSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "IntelTBRunOnce"="wscript.exe //b //nologo \"C:\\Program Files\\Intel\\TurboBoost\\RunTBGadgetOnce.vbs\"" ==== Startup Folders ====================== 2014-03-04 08:15:39 54 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.com.url ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/05/2014 10:01] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2239336281-3048674072-2116327964-1000Core.job --a------ C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [14/09/2012 19:09] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2239336281-3048674072-2116327964-1000UA.job --a------ C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [14/09/2012 19:09] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/12/2012 17:27] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/12/2012 17:27] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2239336281-3048674072-2116327964-1000Core.job --a------ C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [09/12/2012 17:27] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2239336281-3048674072-2116327964-1000UA.job --a------ C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [09/12/2012 17:27] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"] "C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"] "C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2239336281-3048674072-2116327964-1000Core" [C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2239336281-3048674072-2116327964-1000UA" [C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2239336281-3048674072-2116327964-1000Core" [C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2239336281-3048674072-2116327964-1000UA" [C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe"] "C:\Windows\SysNative\tasks\PMMUpdate" ["C:\Program Files\EgisTec IPS\PMMUpdate.exe"] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2239336281-3048674072-2116327964-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2239336281-3048674072-2116327964-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\{483FE4A1-9C00-4023-98C5-0DD3A90C818C}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{5B4C654B-E65F-4F32-A7A5-D2C683D55484}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{5F517ECA-4697-4A56-91B4-F209F0C2A0DB}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE] "C:\Windows\SysNative\tasks\{90118DB7-F1AB-4F5D-9194-1EB8EB6DED77}" ["c:\users\gebruiker\appdata\local\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn" [15/05/2014 21:40] ==== Firefox Extensions ====================== ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - SmileysWeLove: Smileys for use with Facebook GMail and more - %ProfilePath%\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\q3iaghtw.default - Battlefield Play4Free - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\q3iaghtw.default\extensions\battlefieldplay4free@ea.com - Battlefield Play4Free - %ProfilePath%\extensions\battlefieldplay4free@ea.com ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0 - SmileysWeLove: Smileys for use with Facebook GMail and more - %ProfilePath%\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi ExtDir: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - GoPhotoIt - %ExtDir%\gophoto@gophoto.it.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\q3iaghtw.default 95812430959AE88CDD0301AB3A71913B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash 045DCEC5BBF3C9F4A0788FDF90B1DEDE - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\q3iaghtw.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll - Battlefield Play4Free Updater C36444D7301A8C881FC7296B092609C7 - C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Gebruiker\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 99E2145307150EB8AB78F4F888F97DBE - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll - Nexon Game Controller D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Deleted Firefox Extensions ====================== C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi deleted C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi deleted C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ahilkiibpgjnonbhdfkkgjddddmapala - C:\Users\Gebruiker\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx[] bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\GEBRUI~1\AppData\Local\funmoods.crx[01/09/2012 15:35] ccbgjfdieajmokelnlapbedknchgenne - C:\Users\Gebruiker\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx[] cjpglkicenollcignonpgiafdgfeehoj - C:\Users\GEBRUI~1\AppData\Local\funmoods-speeddial.crx[01/09/2012 15:35] clbfjfbnelcflpgpklppgplejolacbej - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx[22/12/2011 14:57] fjbbjfdilbioabojmcplalojlmdngbjl - C:\Users\Gebruiker\AppData\Local\Temp\bhfiles\smileyswelovetoolbar_3_0_8_0.crx[] gpicboiclhmnllnjdcfcffifpoaebgkm - C:\Program Files (x86)\Freecorder extension\Freecorder.crx[] jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx[11/03/2014 22:44] nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[] ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx[] pfmopbbadnfoelckkcmjjeaaegjpjjbk - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx[31/07/2012 13:58] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions ahilkiibpgjnonbhdfkkgjddddmapala - C:\Users\Gebruiker\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx[] bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\GEBRUI~1\AppData\Local\funmoods.crx[01/09/2012 15:35] ccbgjfdieajmokelnlapbedknchgenne - C:\Users\Gebruiker\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx[] cjpglkicenollcignonpgiafdgfeehoj - C:\Users\GEBRUI~1\AppData\Local\funmoods-speeddial.crx[01/09/2012 15:35] Websavve - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aknpdmpfidcgecfkpmlnammldgmffoan greattsAvier - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boddbdgagblejpgojolanlbfmnnpidmo gRReatsaver - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\clfgcnmoldjiiemimhobegmffjkgkmbc wEbsavve - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dgkckpgmpdlhanfagebbplbedcbcgfop Websave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\efjgjdjanmjdfclalaeobfbaanjjplme ggreiaTsaveeru - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlabhanbojnphpbkmfpekminfdlckajh Websavve - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpdmpfidcgecfkpmlnammldgmffoan greattsAvier - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\boddbdgagblejpgojolanlbfmnnpidmo gRReatsaver - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\clfgcnmoldjiiemimhobegmffjkgkmbc wEbsavve - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkckpgmpdlhanfagebbplbedcbcgfop Websave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjgjdjanmjdfclalaeobfbaanjjplme ggreiaTsaveeru - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlabhanbojnphpbkmfpekminfdlckajh Websavve - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aknpdmpfidcgecfkpmlnammldgmffoan greattsAvier - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boddbdgagblejpgojolanlbfmnnpidmo gRReatsaver - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\clfgcnmoldjiiemimhobegmffjkgkmbc wEbsavve - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dgkckpgmpdlhanfagebbplbedcbcgfop Websave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\efjgjdjanmjdfclalaeobfbaanjjplme ggreiaTsaveeru - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlabhanbojnphpbkmfpekminfdlckajh Websavve - Administrator\AppData\Local\Torch\User Data\Default\Extensions\aknpdmpfidcgecfkpmlnammldgmffoan greattsAvier - Administrator\AppData\Local\Torch\User Data\Default\Extensions\boddbdgagblejpgojolanlbfmnnpidmo gRReatsaver - Administrator\AppData\Local\Torch\User Data\Default\Extensions\clfgcnmoldjiiemimhobegmffjkgkmbc wEbsavve - Administrator\AppData\Local\Torch\User Data\Default\Extensions\dgkckpgmpdlhanfagebbplbedcbcgfop Websave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\efjgjdjanmjdfclalaeobfbaanjjplme ggreiaTsaveeru - Administrator\AppData\Local\Torch\User Data\Default\Extensions\jlabhanbojnphpbkmfpekminfdlckajh Websavve - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aknpdmpfidcgecfkpmlnammldgmffoan greattsAvier - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boddbdgagblejpgojolanlbfmnnpidmo gRReatsaver - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\clfgcnmoldjiiemimhobegmffjkgkmbc wEbsavve - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dgkckpgmpdlhanfagebbplbedcbcgfop Websave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\efjgjdjanmjdfclalaeobfbaanjjplme ggreiaTsaveeru - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlabhanbojnphpbkmfpekminfdlckajh Websavve - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpdmpfidcgecfkpmlnammldgmffoan greattsAvier - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\boddbdgagblejpgojolanlbfmnnpidmo gRReatsaver - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\clfgcnmoldjiiemimhobegmffjkgkmbc wEbsavve - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkckpgmpdlhanfagebbplbedcbcgfop Websave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjgjdjanmjdfclalaeobfbaanjjplme ggreiaTsaveeru - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlabhanbojnphpbkmfpekminfdlckajh Websavve - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aknpdmpfidcgecfkpmlnammldgmffoan greattsAvier - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boddbdgagblejpgojolanlbfmnnpidmo gRReatsaver - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\clfgcnmoldjiiemimhobegmffjkgkmbc wEbsavve - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dgkckpgmpdlhanfagebbplbedcbcgfop Websave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\efjgjdjanmjdfclalaeobfbaanjjplme ggreiaTsaveeru - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlabhanbojnphpbkmfpekminfdlckajh Websavve - Gast\AppData\Local\Torch\User Data\Default\Extensions\aknpdmpfidcgecfkpmlnammldgmffoan greattsAvier - Gast\AppData\Local\Torch\User Data\Default\Extensions\boddbdgagblejpgojolanlbfmnnpidmo gRReatsaver - Gast\AppData\Local\Torch\User Data\Default\Extensions\clfgcnmoldjiiemimhobegmffjkgkmbc wEbsavve - Gast\AppData\Local\Torch\User Data\Default\Extensions\dgkckpgmpdlhanfagebbplbedcbcgfop Websave - Gast\AppData\Local\Torch\User Data\Default\Extensions\efjgjdjanmjdfclalaeobfbaanjjplme ggreiaTsaveeru - Gast\AppData\Local\Torch\User Data\Default\Extensions\jlabhanbojnphpbkmfpekminfdlckajh Google Docs - Gast.Gebruiker-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gast.Gebruiker-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gast.Gebruiker-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Browser Companion Helper - Gast.Gebruiker-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej Google Search - Gast.Gebruiker-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Skype Click to Call - Gast.Gebruiker-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Norton Identity Protection - Gast.Gebruiker-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Gast.Gebruiker-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda GoPhoto.it - Gast.Gebruiker-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk Gmail - Gast.Gebruiker-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Websavve - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aknpdmpfidcgecfkpmlnammldgmffoan greattsAvier - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boddbdgagblejpgojolanlbfmnnpidmo gRReatsaver - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\clfgcnmoldjiiemimhobegmffjkgkmbc wEbsavve - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dgkckpgmpdlhanfagebbplbedcbcgfop Websave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\efjgjdjanmjdfclalaeobfbaanjjplme ggreiaTsaveeru - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jlabhanbojnphpbkmfpekminfdlckajh Funmoods Chat - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Battlefield Heroes - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh Last updated at time on date - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb UoTuberAADBlockEEr - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijifagpkkknmpneaklfmlpcepkohgpl Funmoods - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj Browser Companion Helper - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej SaverExteNsion - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\efgengpnmgmakmlbbmeplllflknjfijl ExsTraCeoUPon - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcmfppeockjmchgahhnkiikfhlopcdji Google Wallet - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Battlefield Play4Free - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh GoPhoto.it - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk Websavve - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aknpdmpfidcgecfkpmlnammldgmffoan greattsAvier - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boddbdgagblejpgojolanlbfmnnpidmo gRReatsaver - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\clfgcnmoldjiiemimhobegmffjkgkmbc wEbsavve - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dgkckpgmpdlhanfagebbplbedcbcgfop Websave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\efjgjdjanmjdfclalaeobfbaanjjplme ggreiaTsaveeru - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jlabhanbojnphpbkmfpekminfdlckajh Websavve - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\aknpdmpfidcgecfkpmlnammldgmffoan greattsAvier - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\boddbdgagblejpgojolanlbfmnnpidmo gRReatsaver - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\clfgcnmoldjiiemimhobegmffjkgkmbc wEbsavve - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\dgkckpgmpdlhanfagebbplbedcbcgfop SaverExteNsion - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\efgengpnmgmakmlbbmeplllflknjfijl Websave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\efjgjdjanmjdfclalaeobfbaanjjplme ExsTraCeoUPon - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\fcmfppeockjmchgahhnkiikfhlopcdji SaveAs - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\hpobkpjbohlcpakkplmohajahgiiidbb Mapit 1 - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl ggreiaTsaveeru - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\jlabhanbojnphpbkmfpekminfdlckajh Ask Video Search - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\khfhickdpicdaakidammlhdmhhpgfmkc Torch Helper - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg Ask Image Search - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\maenakfpbfmdigldjpegddiphokaodjh Settings Protector - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph