Zoek.exe v5.0.0.0 Updated 31-12-2014 Tool run by gebruiker on wo 31/12/2014 at 14:33:20,29. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Databank\Data-Marnix\Eigen-downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Common Files\G Data\GDScan\GDScan.exe C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe C:\Windows\Explorer.EXE C:\Program Files\G Data\TotalCare\AVK\AVKService.exe C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Common Files\G DATA\AVKProxy\GDKBFltExe32.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe C:\Windows\System32\StikyNot.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Windows\system32\taskeng.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Databank\Data-Marnix\Eigen-downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== System Restore Info ====================== 31/12/2014 14:38:16 Zoek.exe System Restore Point Created Succesfully. ==== Windows Installer Info ====================== Adobe AIR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\360D32EFD43992840A8D0036C47EB9A4]c:\Windows\Installer\29c41f.msi Adobe Reader XI (11.0.10) - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73401B744BA0000000010]C:\Windows\Installer\24f67f.msi Adobe Refresh Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA408033019195008120111403]C:\Windows\Installer\1f492.msi Belgium e-ID middleware 4.0.5 (build 7363) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ED365428DA576614D90C6B84F2023736]C:\Windows\Installer\43bbc.msi Google Earth [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0336A2D4B8F23E11C9048BCAF6798BE8]C:\Windows\Installer\227852.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\3484a20.msi Java 7 Update 71 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF230120717FF]C:\Windows\Installer\80008.msi Java 8 Update 25 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF2381208520F]C:\Windows\Installer\9ccf95.msi Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E68D19A1421347534AFB04761662C5AF]C:\Windows\Installer\3a34dd.msi Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\271D3094BCCDF293393A43ACD974EFD3]C:\Windows\Installer\131b2ef.msi Microsoft Access MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109510031400000000000F01FEC]C:\Windows\Installer\144bb1b.msi Microsoft ASP.NET MVC 4 Runtime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5D213EF3268BEC04E8E46A8DBA6F7263]C:\Windows\Installer\11db150.msi Microsoft DCF MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109090031400000000000F01FEC]C:\Windows\Installer\144bb35.msi Microsoft Excel MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109610031400000000000F01FEC]C:\Windows\Installer\144bb26.msi Microsoft Groove MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109AB0031400000000000F01FEC]C:\Windows\Installer\144bb3f.msi Microsoft InfoPath MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109440031400000000000F01FEC]C:\Windows\Installer\144bb20.msi Microsoft Lync MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109B21031400000000000F01FEC]C:\Windows\Installer\144bb2b.msi Microsoft Office Access MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109510031400000000000F01FEC]C:\Windows\Installer\196f1.msi Microsoft Office Excel MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109610031400000000000F01FEC]C:\Windows\Installer\196c6.msi Microsoft Office Groove MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109AB0031400000000000F01FEC]C:\Windows\Installer\196cb.msi Microsoft Office InfoPath MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109440031400000000000F01FEC]C:\Windows\Installer\196fb.msi Microsoft Office Korrekturhilfen 2013 - Deutsch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F10070400000000000F01FEC]C:\Windows\Installer\144bb4a.msi Microsoft Office OneNote MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000041091A0031400000000000F01FEC]C:\Windows\Installer\196f6.msi Microsoft Office OSM MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091E0031400000000000F01FEC]C:\Windows\Installer\144bb5f.msi Microsoft Office OSM UX MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051092E0031400000000000F01FEC]C:\Windows\Installer\144bb64.msi Microsoft Office Outlook MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10031400000000000F01FEC]C:\Windows\Installer\196d1.msi Microsoft Office PowerPoint MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109810031400000000000F01FEC]C:\Windows\Installer\196be.msi Microsoft Office Professional Plus 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109110000000000000000F01FEC]C:\Windows\Installer\1970f.msi Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000000000000F01FEC]C:\Windows\Installer\144bd17.msi Microsoft Office Proof (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10031400000000000F01FEC]C:\Windows\Installer\196d6.msi Microsoft Office Proof (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC]C:\Windows\Installer\196e5.msi Microsoft Office Proof (French) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC]C:\Windows\Installer\196e0.msi Microsoft Office Proof (German) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC]C:\Windows\Installer\196db.msi Microsoft Office Proofing (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109C20031400000000000F01FEC]C:\Windows\Installer\196ea.msi Microsoft Office Proofing (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C20031400000000000F01FEC]C:\Windows\Installer\144bb5a.msi Microsoft Office Proofing Tools 2013 - English [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F10090400000000000F01FEC]C:\Windows\Installer\144bb55.msi Microsoft Office Proofing Tools 2013 - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F10031400000000000F01FEC]C:\Windows\Installer\144bb44.msi Microsoft Office Publisher MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109910031400000000000F01FEC]C:\Windows\Installer\19701.msi Microsoft Office Shared MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60031400000000000F01FEC]C:\Windows\Installer\196b9.msi Microsoft Office Shared MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109E60031400000000000F01FEC]C:\Windows\Installer\144bafe.msi Microsoft Office Word MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109B10031400000000000F01FEC]C:\Windows\Installer\19707.msi Microsoft OneNote MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091A0031400000000000F01FEC]C:\Windows\Installer\144bb3a.msi Microsoft Outlook MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A10031400000000000F01FEC]C:\Windows\Installer\144bb6a.msi Microsoft PowerPoint MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109810031400000000000F01FEC]C:\Windows\Installer\144bb77.msi Microsoft Publisher MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109910031400000000000F01FEC]C:\Windows\Installer\144bb30.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\Windows\Installer\22ba4a.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\22b8db.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1E4ACFA687B90463F8277AFB33442800]c:\Windows\Installer\a6d18.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]c:\Windows\Installer\caa64a.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98]c:\Windows\Installer\29c656.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\Windows\Installer\22bb76.msi Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D04BB691875110D32B98EBCF771AA1E1]c:\Windows\Installer\7d7ac.msi Microsoft Word MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109B10031400000000000F01FEC]C:\Windows\Installer\144bb89.msi MSVC90_x86 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\846111FA1A99E35418DD08BDFBD6DAD0]C:\Windows\Installer\4a800d.msi MSXML 4.0 SP3 Parser (KB2758694) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09AB59D18F4FCE748A2844C1993DC0E1]c:\Windows\Installer\22b8e1.msi MSXML 4.0 SP3 Parser [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1F764691F11C67F458B88521DA8CB349]C:\Windows\Installer\caa654.msi NVIDIA PhysX [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7AB7040836775934BA8925331F3BE456]C:\Windows\Installer\b54235.msi Outils de v‚rification linguistique 2013 de Microsoft Office˙- Fran‡ais [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F100C0400000000000F01FEC]C:\Windows\Installer\144bb50.msi swMSM [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C43C21609E58D74B9C5F017D78D7262]C:\Windows\Installer\1ecc1b6.msi ==== Empty Folders Check ====================== C:\Program Files\SiteLookup deleted successfully C:\Program Files\TeamViewer deleted successfully C:\Program Files\Common Files\337 deleted successfully C:\PROGRA~2\CanonEPP deleted successfully C:\PROGRA~2\CanonIJEPPEX2 deleted successfully C:\PROGRA~2\PhotoStitch deleted successfully C:\PROGRA~2\ZoomBrowser deleted successfully C:\Users\gebruiker\AppData\Roaming\JAM Software deleted successfully C:\Users\gebruiker\AppData\Roaming\Media Player Classic deleted successfully C:\Users\gebruiker\AppData\Roaming\Solvusoft deleted successfully C:\Users\gebruiker\AppData\Roaming\ZoomBrowser EX deleted successfully C:\Users\gebruiker\AppData\Local\Downloaded Installations deleted successfully C:\Users\gebruiker\AppData\Local\Opera Software deleted successfully ==== Checking Systemdrive for Symlinks ====================== Het volume in station C heeft geen naam. Het volumenummer is 5460-A837 Map van C:\ 14/07/2009 05:53 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\Program Files\Windows NT 10/02/2012 16:18 Bureau-accessoires [C:\Program Files\Windows NT\Accessories] 0 bestand(en) 0 bytes Map van C:\ProgramData 14/07/2009 05:53 Application Data [C:\ProgramData] 10/02/2012 16:18 Bureaublad [C:\Users\Public\Desktop] 14/07/2009 05:53 Desktop [C:\Users\Public\Desktop] 10/02/2012 16:18 Documenten [C:\Users\Public\Documents] 14/07/2009 05:53 Documents [C:\Users\Public\Documents] 10/02/2012 16:18 Favorieten [C:\Users\Public\Favorites] 14/07/2009 05:53 Favorites [C:\Users\Public\Favorites] 10/02/2012 16:18 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 10/02/2012 16:18 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14/07/2009 05:53 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 05:53 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\ProgramData\Microsoft\Windows\Start Menu 10/02/2012 16:18 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\ProgramData\Oracle\Java\javapath 29/12/2014 19:55 java.exe [C:\Program Files\Java\jre1.8.0_25\bin\java.exe] 29/12/2014 19:55 javaw.exe [C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe] 29/12/2014 19:55 javaws.exe [C:\Program Files\Java\jre1.8.0_25\bin\javaws.exe] 3 bestand(en) 0 bytes Map van C:\Users 14/07/2009 05:53 All Users [C:\ProgramData] 14/07/2009 05:53 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 14/07/2009 05:53 Application Data [C:\ProgramData] 10/02/2012 16:18 Bureaublad [C:\Users\Public\Desktop] 14/07/2009 05:53 Desktop [C:\Users\Public\Desktop] 10/02/2012 16:18 Documenten [C:\Users\Public\Documents] 14/07/2009 05:53 Documents [C:\Users\Public\Documents] 10/02/2012 16:18 Favorieten [C:\Users\Public\Favorites] 14/07/2009 05:53 Favorites [C:\Users\Public\Favorites] 10/02/2012 16:18 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 10/02/2012 16:18 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14/07/2009 05:53 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 05:53 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Microsoft\Windows\Start Menu 10/02/2012 16:18 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Oracle\Java\javapath 29/12/2014 19:55 java.exe [C:\Program Files\Java\jre1.8.0_25\bin\java.exe] 29/12/2014 19:55 javaw.exe [C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe] 29/12/2014 19:55 javaws.exe [C:\Program Files\Java\jre1.8.0_25\bin\javaws.exe] 3 bestand(en) 0 bytes Map van C:\Users\Default 14/07/2009 05:53 Application Data [C:\Users\Default\AppData\Roaming] 14/07/2009 05:53 Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 14/07/2009 05:53 Local Settings [C:\Users\Default\AppData\Local] 10/02/2012 16:18 Menu Start [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 10/02/2012 16:18 Mijn documenten [C:\Users\Default\Documents] 14/07/2009 05:53 My Documents [C:\Users\Default\Documents] 14/07/2009 05:53 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 10/02/2012 16:18 Netwerkprinteromgeving [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14/07/2009 05:53 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14/07/2009 05:53 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14/07/2009 05:53 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 10/02/2012 16:18 Sjablonen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 14/07/2009 05:53 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14/07/2009 05:53 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Local 14/07/2009 05:53 Application Data [C:\Users\Default\AppData\Local] 10/02/2012 16:18 Geschiedenis [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14/07/2009 05:53 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14/07/2009 05:53 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 10/02/2012 16:18 Programma's [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default\Documents 10/02/2012 16:18 Mijn afbeeldingen [C:\Users\Default\Pictures] 10/02/2012 16:18 Mijn muziek [C:\Users\Default\Music] 10/02/2012 16:18 Mijn video's [C:\Users\Default\Videos] 14/07/2009 05:53 My Music [C:\Users\Default\Music] 14/07/2009 05:53 My Pictures [C:\Users\Default\Pictures] 14/07/2009 05:53 My Videos [C:\Users\Default\Videos] 0 bestand(en) 0 bytes Map van C:\Users\gebruiker 10/02/2012 16:18 Application Data [C:\Users\gebruiker\AppData\Roaming] 10/02/2012 16:18 Cookies [C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Cookies] 10/02/2012 16:18 Local Settings [C:\Users\gebruiker\AppData\Local] 10/02/2012 16:18 Menu Start [C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu] 10/02/2012 16:18 Mijn documenten [C:\Users\gebruiker\Documents] 10/02/2012 16:18 NetHood [C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 10/02/2012 16:18 Netwerkprinteromgeving [C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 10/02/2012 16:18 Recent [C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent] 10/02/2012 16:18 SendTo [C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\SendTo] 10/02/2012 16:18 Sjablonen [C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\gebruiker\AppData\Local 10/02/2012 16:18 Application Data [C:\Users\gebruiker\AppData\Local] 10/02/2012 16:18 Geschiedenis [C:\Users\gebruiker\AppData\Local\Microsoft\Windows\History] 10/02/2012 16:18 Temporary Internet Files [C:\Users\gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu 10/02/2012 16:18 Programma's [C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\gebruiker\Documents 10/02/2012 16:18 Mijn afbeeldingen [C:\Users\gebruiker\Pictures] 10/02/2012 16:18 Mijn muziek [C:\Users\gebruiker\Music] 10/02/2012 16:18 Mijn video's [C:\Users\gebruiker\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 10/02/2012 16:18 Mijn afbeeldingen [C:\Users\Public\Pictures] 10/02/2012 16:18 Mijn muziek [C:\Users\Public\Music] 10/02/2012 16:18 Mijn video's [C:\Users\Public\Videos] 14/07/2009 05:53 My Music [C:\Users\Public\Music] 14/07/2009 05:53 My Pictures [C:\Users\Public\Pictures] 14/07/2009 05:53 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 6 bestand(en) 0 bytes 76 map(pen) 198.988.173.312 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3610193835-1686817779-3520744912-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{454CA758-3020-4B0D-9B9-4E9E23D29E59} deleted successfully HKEY_USERS\S-1-5-21-3610193835-1686817779-3520744912-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C651AE-2D0D-4C99-A79B-12E264FB637} deleted successfully HKEY_USERS\S-1-5-21-3610193835-1686817779-3520744912-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CB0CD35-9D4C-45A2-A9B-E4BB62C1FFF7} deleted successfully HKEY_USERS\S-1-5-21-3610193835-1686817779-3520744912-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74DE7F02-59E-4B1B-B93F-C96AD84DE7F} deleted successfully HKEY_USERS\S-1-5-21-3610193835-1686817779-3520744912-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85356ECA-F4E5-409D-91BB-50E39E36E07C} deleted successfully HKEY_USERS\S-1-5-21-3610193835-1686817779-3520744912-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85AAEF7B-4516-41C2-9A4A-1C8CDC1CD93} deleted successfully HKEY_USERS\S-1-5-21-3610193835-1686817779-3520744912-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8E181D-79F5-40DB-A8B5-B9BCED7F9B18} deleted successfully HKEY_USERS\S-1-5-21-3610193835-1686817779-3520744912-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF7F5670-5DE4-482F-A7B-DB8F667027AD} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 3M Products Update version 2012-05 for Microsoft Office 2010 Adobe AIR Adobe Flash Player 15 ActiveX Adobe Flash Player 16 NPAPI Adobe Reader XI (11.0.10) - Nederlands Adobe Refresh Manager Adobe Shockwave Player 12.1 Auslogics Duplicate File Finder Belgium e-ID middleware 4.0.5 (build 7363) Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon MP Navigator EX 3.0 Canon MP560 series MP Drivers Canon My Image Garden Canon My Image Garden Design Files Canon My Printer Canon Utilities CameraWindow DC 8 Canon Utilities CameraWindow Launcher Canon Utilities Movie Uploader for YouTube Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities Solution Menu Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CCleaner CrystalDiskInfo 5.0.5 Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition Definition Update for Microsoft Office 2013 (KB2910926) 32-Bit Edition Defraggler G DATA TOTAL PROTECTION Google Chrome Google Earth Google Update Helper Handset WinDriver 1.02.03.00 Java 7 Update 71 Java 8 Update 25 Java Auto Updater K-Lite Codec Pack 8.3.2 (Full) Light Image Resizer 4.6.5.0 Malwarebytes Anti-Malware versie 2.0.4.1028 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Access MUI (Dutch) 2013 Microsoft ASP.NET MVC 4 Runtime Microsoft DCF MUI (Dutch) 2013 Microsoft Excel MUI (Dutch) 2013 Microsoft Groove MUI (Dutch) 2013 Microsoft InfoPath MUI (Dutch) 2013 Microsoft Lync MUI (Dutch) 2013 Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office Korrekturhilfen 2013 - Deutsch Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office OSM MUI (Dutch) 2013 Microsoft Office OSM UX MUI (Dutch) 2013 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Professional Plus 2013 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Proofing (Dutch) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Nederlands Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2013 Microsoft Office Word MUI (Dutch) 2010 Microsoft OneNote MUI (Dutch) 2013 Microsoft Outlook MUI (Dutch) 2013 Microsoft PowerPoint MUI (Dutch) 2013 Microsoft Publisher MUI (Dutch) 2013 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Word MUI (Dutch) 2013 Mozilla Firefox 34.0 (x86 nl) Mozilla Maintenance Service MSVC90_x86 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) NVIDIA-configuratiescherm 340.52 NVIDIA GeForce Experience 2.1.5 NVIDIA GeForce Experience Service NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA Optimus Update 16.18.9 NVIDIA PhysX NVIDIA ShadowPlay 16.18.9 NVIDIA Stereoscopic 3D Driver NVIDIA Update 16.18.9 NVIDIA Update Core NVIDIA Virtual Audio 1.2.27 Opera Stable 26.0.1656.24 Outils de v‚rification linguistique 2013 de Microsoft Office˙- Fran‡ais Recuva Revo Uninstaller Pro 3.1.1 Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition Security Update for Microsoft Excel 2013 (KB2910929) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2726958) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition Security Update for Microsoft Word 2013 (KB2910916) 32-Bit Edition Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition SHIELD Streaming SHIELD Wireless Controller Driver Speccy Stuurprogrammapakket voor Windows - Fedict SmartCard (10/04/2011 4.0.0.5) swMSM Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Access 2013 (KB2863859) 32-Bit Edition Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition Update for Microsoft Lync 2013 (KB2881083) 32-Bit Edition Update for Microsoft Lync 2013 (KB2910927) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition Update for Microsoft Office 2013 (KB2760371) 32-Bit Edition Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition Update for Microsoft Office 2013 (KB2837654) 32-Bit Edition Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition Update for Microsoft Office 2013 (KB2881008) 32-Bit Edition Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition Update for Microsoft Office 2013 (KB2883095) 32-Bit Edition Update for Microsoft Office 2013 (KB2889858) 32-Bit Edition Update for Microsoft Office 2013 (KB2889938) 32-Bit Edition Update for Microsoft Office 2013 (KB2899498) 32-Bit Edition Update for Microsoft Office 2013 (KB2899501) 32-Bit Edition Update for Microsoft Office 2013 (KB2899505) 32-Bit Edition Update for Microsoft Office 2013 (KB2899522) 32-Bit Edition Update for Microsoft Office 2013 (KB2910922) 32-Bit Edition Update for Microsoft Office 2013 (KB2910931) 32-Bit Edition Update for Microsoft Office 2013 (KB2920734) 32-Bit Edition Update for Microsoft OneDrive for Business (KB2910935) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition Update for Microsoft OneNote 2013 (KB2899502) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft Outlook 2013 (KB2899504) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition Update for Microsoft PowerPoint 2013 (KB2910907) 32-Bit Edition Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\c0ibpbgl.default user.js not found ---- Lines poweraddon removed from prefs.js ---- user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"save-pa user_pref("extensions.poweraddon.nextReportTime", "1407253573450"); user_pref("extensions.poweraddon.uuid", "2891506dc5464000ba95e65deba7b528"); ---- Lines obviousidea removed from prefs.js ---- user_pref("extensions.obviousideaaddon.initialized", true); ---- FireFox user.js and prefs.js backups ---- prefs_20143112_1454_.backup ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Thunderbird\Profiles\sfqdynxp.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20143112_1454_.backup ==== Deleting Files \ Folders ====================== C:\Program Files\DealPly deleted C:\Users\gebruiker\AppData\Roaming\Omiga Plus deleted C:\Users\gebruiker\AppData\Roaming\WinZipper deleted C:\Users\gebruiker\AppData\Roaming\337 deleted C:\PROGRA~2\Tarma Installer deleted C:\Users\gebruiker\AppData\Local\CrashRpt deleted C:\Windows\system32\tasks\Omiga Plus RunAsStdUser deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\system32\roboot.exe deleted C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\c0ibpbgl.default\extensions\firefox@ghostery.com.xpi deleted C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\c0ibpbgl.default\jetpack deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601) Memory (RAM): 3062 MB CPU Info: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz CPU Speed: 2890,1 MHz Sound Card: Luidsprekers (High Definition A | Digitale audio (S/PDIF) (High D | Display Adapters: NVIDIA GeForce GT 220 | NVIDIA GeForce GT 220 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: Atheros AR8152/8158 PCI-E Fast Ethernet Controller CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW SH-222AB Ports: COM1 LPT1 Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 298,0GB Hard Disks - Free: C: 185,3GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 07/27/11 | ALASKA - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: MSI H61M-P21 (MS-7680) Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: G DATA TOTAL PROTECTION On-access scanning disabled (Outdated) Anti-Spyware: G DATA TOTAL PROTECTION disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: G Data Personal Firewall disabled Default Browser: Firefox 34.0 Internet Explorer Version: 11.0.9600.17501 Mozilla Firefox version: 34.0 (x86 nl) Opera Browser version: 26.0.1656.24 Google Chrome version: 39.0.2171.95 Adobe Reader version: 11.0.10.32 Sun Java version: 1.8.0_25 (32-bit) Flash Player version: 16.0.0.235 Shockwave Player version: 12.1r150 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-12-22 14:07:45 D9075290D97B5CB7E295B5DD7903A7D0 457800 ----a-w- C:\Windows\System32\FNTCACHE.DAT 2014-12-18 12:59:42 0481346D0EF668C0D4FF69A7BBEFA846 115712 ----a-w- C:\Windows\System32\ieUnatt.exe ====== C:\Windows\system32\drivers ===== 2014-12-27 10:56:38 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\7CCC51D8.sys 2014-12-16 16:35:44 3EEDE5E218F0978D802CE3196E8B9028 32912 ----a-w- C:\Windows\System32\drivers\nvvad32v.sys 2014-12-14 17:12:04 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-12-14 17:11:38 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-12-14 17:11:38 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-12-14 17:11:38 312CD3307F600E7CD340B79B3DCB3A01 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-12-11 10:17:43 7FE680A3DFA421C4A8E4879AE4C5AAB0 74752 ----a-w- C:\Windows\System32\drivers\tdx.sys ====== C:\Windows\Tasks ====== 2014-12-24 16:14:22 F64A2D5E9C1762DEAFBEB4978044D22B 3874 ----a-w- C:\Windows\system32\Tasks\Adobe Acrobat Update Task ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-30 19:19:23 -------- d-----w- C:\Program Files\trend micro 2014-12-29 18:55:59 -------- d-----w- C:\Program Files\Common Files\Java ======= C: ===== 2014-12-15 10:27:38 D7559C1C6FDB05CBF5291E383251CBCB 270 ----a-w- C:\DelFix.txt ====== C:\Users\gebruiker\AppData\Roaming ====== 2014-12-30 15:06:57 -------- d-----w- C:\Users\gebruiker\AppData\Local\ElevatedDiagnostics 2014-12-22 14:54:34 99E8D00FAF6118DA6933D34D54413693 117656 ----a-w- C:\Users\gebruiker\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-19 17:20:30 8EDD7AC5C3044011D7C9A6B90D99210A 7670 ----a-w- C:\Users\gebruiker\AppData\Local\Resmon.ResmonCfg ====== C:\Users\gebruiker ====== 2014-12-05 09:53:26 -------- d-----w- C:\Users\gebruiker\Start Menu ====== C: exe-files == === C: other files == 2014-12-29 18:55:21 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files\Java\jre1.8.0_25\lib\deploy\ffjcext.zip 2014-12-27 10:56:38 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\7CCC51D8.sys ======== System Restore Points ======== RP375: 1/12/2014 20:00:17 - Revo Uninstaller Pro's restore point - Nokia Software Updater RP376: 1/12/2014 20:00:30 - Removed Nokia Software Updater. RP378: 1/12/2014 20:04:26 - Revo Uninstaller Pro's restore point - Adobe AIR RP379: 2/12/2014 13:34:26 - Windows Update RP380: 3/12/2014 14:20:21 - Herstelbewerking RP381: 3/12/2014 14:35:50 - Windows Update RP382: 3/12/2014 14:39:36 - Removed Nokia Software Updater. RP383: 3/12/2014 14:45:42 - herstelpunt_031214_14:45 RP385: 5/12/2014 12:27:25 - Revo Uninstaller Pro's restore point - SpyHunter 4 RP387: 5/12/2014 12:31:39 - Revo Uninstaller Pro's restore point - SpyHunter 4 RP389: 5/12/2014 12:33:47 - Revo Uninstaller Pro's restore point - SpyHunter 4 RP391: 5/12/2014 17:34:11 - WinThruster vr, dec 05, 14 17:34 RP392: 7/12/2014 20:19:43 - Windows Back-up RP393: 7/12/2014 20:47:27 - Herstelbewerking RP394: 9/12/2014 12:24:06 - Windows Update RP395: 12/12/2014 13:11:06 - Windows Update RP396: 12/12/2014 13:56:26 - Windows Update RP397: 12/12/2014 20:44:11 - PROPLUSR RP398: 16/12/2014 15:37:29 - Windows Update RP399: 16/12/2014 18:12:58 - Nokia Connectivity Cable Driver is verwijderd RP400: 16/12/2014 18:13:28 - PC Connectivity Solution is verwijderd RP401: 18/12/2014 14:00:38 - Windows Update RP402: 23/12/2014 12:48:01 - Windows Update RP403: 30/12/2014 15:29:08 - Windows Update RP404: 31/12/2014 14:37:56 - zoek.exe restore point ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3610193835-1686817779-3520744912-1000\Software\Microsoft\Windows\CurrentVersion\Run] "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GDFirewallTray"="C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart" "NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" "G Data ASM"="C:\Program Files\G Data\TotalCare\DelayLoader\AutorunDelayLoader.exe /autostart" "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/12/2014 19:56] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [18/10/2014 15:08] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [18/10/2014 15:08] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Opera scheduled Autoupdate 1400443394" [C:\Program Files\Opera\launcher.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{FF1921C3-363A-4E12-A7FF-1DEA20AF7DB0}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\c0ibpbgl.default user_pref("browser.startup.homepage", "http://www.google.be"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\c0ibpbgl.default - Undetermined - belgiumeid@eid.belgium.be - Undetermined - copyplaintext@teo.pl - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi - Copy Plain Text 2 - %ProfilePath%\extensions\copyplaintext@teo.pl.xpi ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Thunderbird\Profiles\sfqdynxp.default - Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\c0ibpbgl.default E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25 238F239EAEFF7E3E782913D599084E18 - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.250.18 424899266BA430CCE5DDB6C1B4BE1B99 - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll - Shockwave Flash 0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update 59FADC9EB6550247497C68D4BA498CC0 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision E3F807ECC0EF5DEA04D67676672841E4 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION 893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In 0E8B2D0D9E3415A91EF259CE1112C579 - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll - Shockwave for Director / Shockwave for Director D6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013 C2321043FA2CA4C32FF449DE6116B5D9 - C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies 3239619A441E23A20EC923DF92FF2D70 - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll - CANON iMAGE GATEWAY Album Plugin Utility for IJ 8BA469072B5A692B659F856C7E97A230 - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll - NPCIG.dll 8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fnefekibahpibgnllfjpckodgobkpije - C:\Users\gebruiker\AppData\Local\ObviousIdea\extension.crx[07/05/2013 12:09] Google Drive - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf YoWindow Weather - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef ObviousIdea - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnefekibahpibgnllfjpckodgobkpije Google Wallet - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\gebruiker\AppData\Local\ObviousIdea\extension.crx deleted successfully C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnefekibahpibgnllfjpckodgobkpije deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{8E5B0851-BC40-4A12-B894-C0FC3C93CA6F}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {8E5B0851-BC40-4A12-B894-C0FC3C93CA6F} Google Url="https://www.google.com/search?q={searchTerms}" ==== Reset Google Chrome ====================== C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\gebruiker\Desktop\Access 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\accicons.exe C:\Users\gebruiker\Desktop\Auslogics Duplicate File Finder.lnk - C:\Program Files\Auslogics\Duplicate File Finder\DuplicateFileFinder.exe C:\Users\gebruiker\Desktop\CrystalDiskInfo.lnk - C:\Program Files\CrystalDiskInfo\DiskInfo.exe C:\Users\gebruiker\Desktop\Excel 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\gebruiker\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\gebruiker\Desktop\Light Image Resizer 4.lnk - C:\Program Files\ObviousIdea\Image Resizer 4\Resize.exe C:\Users\gebruiker\Desktop\Microsoft Mediagalerie.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe C:\Users\gebruiker\Desktop\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe C:\Users\gebruiker\Desktop\msconfig.exe - Snelkoppeling.lnk - C:\Windows\System32\msconfig.exe C:\Users\gebruiker\Desktop\Outlook 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\outicon.exe C:\Users\gebruiker\Desktop\PowerPoint 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\Users\gebruiker\Desktop\Publisher 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\pubs.exe C:\Users\gebruiker\Desktop\Uitgaven_Elke.xlsx - Snelkoppeling.lnk - C:\Databank\Data-Marnix\Documenten\Uitgaven_Elke.xlsx C:\Users\gebruiker\Desktop\Vti.exe - Snelkoppeling.lnk - C:\Databank\Data-Anke\TI 83\Vti.exe C:\Users\gebruiker\Desktop\Word 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\wordicon.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk - C:\Program Files\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk - C:\Program Files\Canon\MP Navigator EX 3.0\mpnex30.exe C:\Users\Public\Desktop\Canon My Printer.lnk - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE /dt C:\Users\Public\Desktop\Canon Solution Menu.lnk - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Users\Public\Desktop\Defraggler.lnk - C:\Program Files\Defraggler\Defraggler.exe C:\Users\Public\Desktop\eID Viewer.lnk - C:\Program Files\Belgium Identity Card\EidViewer\eID Viewer.exe C:\Users\Public\Desktop\G DATA TOTAL PROTECTION.lnk - C:\Program Files\G Data\TotalCare\GUI\GDSC.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Opera.lnk - C:\Program Files\Opera\launcher.exe C:\Users\Public\Desktop\Recuva.lnk - C:\Program Files\Recuva\recuva.exe C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy.exe C:\Users\Public\Desktop\ZoomBrowser EX.lnk - C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA TOTAL PROTECTION\G DATA Bootmedium.lnk - C:\Program Files\G Data\TotalCare\AVK\BootCDWizard.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA TOTAL PROTECTION\G DATA TOTAL PROTECTION.lnk - C:\Program Files\G Data\TotalCare\GUI\GDSC.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\accicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\outicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Verzenden naar OneNote 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Hulpprogramma's van Office 2013\Lync opnamebeheer.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Verwijder Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE /recycle C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Access 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\accicons.exe C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Excel 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\G Data TotalProtection 2014.lnk - C:\Program Files\G Data\TotalCare\GUI\GDSC.exe C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Outlook 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\outicon.exe C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PowerPoint 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Publisher 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\pubs.exe C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Word 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe ==== Uninstall List x86 ====================== 3M Products Update version 2012-05 for Microsoft Office 2010 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1] Adobe AIR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE23D063-934D-4829-A0D8-00634CE79B4A}] Adobe AIR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR] Adobe Flash Player 15 ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Adobe Flash Player 16 NPAPI [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] Adobe Reader XI (11.0.10) - Nederlands [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1043-7B44-AB0000000001}] Adobe Refresh Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001802114130}] Adobe Shockwave Player 12.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player] Auslogics Duplicate File Finder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1] Belgium e-ID middleware 4.0.5 (build 7363) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{824563DE-75AD-4166-9DC0-B6482F207363}] Canon Easy-PhotoPrint EX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Easy-PhotoPrint EX] Canon Easy-WebPrint EX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Easy-WebPrint EX] CANON iMAGE GATEWAY MyCamera Download Plugin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyCamera Download Plugin] CANON iMAGE GATEWAY Task for ZoomBrowser EX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CANON iMAGE GATEWAY Task] Canon MOV Decoder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Canon MOV Decoder] Canon MOV Encoder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Canon MOV Encoder] Canon MovieEdit Task for ZoomBrowser EX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MovieEditTask] Canon MP Navigator EX 3.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MP Navigator EX 3.0] Canon MP560 series MP Drivers [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series] Canon My Image Garden [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Canon My Image Garden] Canon My Image Garden Design Files [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Canon My Image Garden Design Files] Canon My Printer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CanonMyPrinter] Canon Utilities CameraWindow DC 8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDC8] Canon Utilities CameraWindow Launcher [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowLauncher] Canon Utilities Movie Uploader for YouTube [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MovieUploaderForYouTube] Canon Utilities MyCamera [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyCamera] Canon Utilities PhotoStitch [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PhotoStitch] Canon Utilities Solution Menu [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CanonSolutionMenu] Canon Utilities ZoomBrowser EX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoomBrowser EX] Canon ZoomBrowser EX Memory Card Utility [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoomBrowser EX Memory Card Utility] CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner] CrystalDiskInfo 5.0.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CrystalDiskInfo_is1] Defraggler [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Defraggler] G DATA TOTAL PROTECTION [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6715BEB5-01F1-41AC-B44B-0A78CD50C433}] Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Earth [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] Handset WinDriver 1.02.03.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Handset WinDriver] Java 7 Update 71 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF}] Java 8 Update 25 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218025F0}] K-Lite Codec Pack 8.3.2 (Full) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KLiteCodecPack_is1] Light Image Resizer 4.6.5.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1] Malwarebytes Anti-Malware versie 2.0.4.1028 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] Microsoft .NET Framework 4.5.1 (Nederlands) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043] Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1A91D86E-3124-3574-A4BF-406761265CFA}] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4903D172-DCCB-392F-93A3-34CA9D47FE3D}] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft ASP.NET MVC 4 Runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}] Microsoft Office Professional Plus 2010 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS] Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{196BB40D-1578-3D01-B289-BEFC77A11A1E}] Mozilla Firefox 34.0 (x86 nl) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 34.0 (x86 nl)] Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService] MSVC90_x86 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}] MSXML 4.0 SP3 Parser (KB2758694) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}] MSXML 4.0 SP3 Parser [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{196467F1-C11F-4F76-858B-5812ADC83B94}] NVIDIA-configuratiescherm 340.52 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] NVIDIA GeForce Experience 2.1.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience] NVIDIA GeForce Experience Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService] NVIDIA Install Application [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] NVIDIA LED Visualizer 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer] NVIDIA Network Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service] NVIDIA Optimus Update 16.18.9 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] NVIDIA PhysX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{80407BA7-7763-4395-AB98-5233F1B34E65}] NVIDIA ShadowPlay 16.18.9 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] NVIDIA Stereoscopic 3D Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIAStereo] NVIDIA Update 16.18.9 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] NVIDIA Update Core [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] NVIDIA Virtual Audio 1.2.27 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] Opera Stable 26.0.1656.24 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Opera 26.0.1656.24] Recuva [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Recuva] Revo Uninstaller Pro 3.1.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1] SHIELD Streaming [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] SHIELD Wireless Controller Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] Speccy [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Speccy] Stuurprogrammapakket voor Windows - Fedict SmartCard (10/04/2011 4.0.0.5) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\3FE3642036A0F4AEC17772437CE14BB1E67006AA] swMSM [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fnefekibahpibgnllfjpckodgobkpije deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\program files\g data\totalcare\avkkid\avkcks.exe,C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe, O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" O4 - HKLM\..\Run: [G Data ASM] "C:\Program Files\G Data\TotalCare\DelayLoader\AutorunDelayLoader.exe" /autostart O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: G DATA Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKService.exe O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe O23 - Service: G DATA Backup Service (GDBackupSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupService.exe O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe O23 - Service: G DATA Tuner Service (GDTunerSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} RESTART_STICKY_NOTES = C:\Windows\System32\StikyNot.exe [MS] OfficeSyncProcess = "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [MS] CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [Piriform Ltd] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} GDFirewallTray = C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe [G Data Software AG] BCSSync = "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [MS] SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] ShadowPlay = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart [MS] NvBackend = "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" [NVIDIA Corporation] G Data ASM = "C:\Program Files\G Data\TotalCare\DelayLoader\AutorunDelayLoader.exe" /autostart [G Data Software AG] CanonSolutionMenu = C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [CANON INC.] CanonMyPrinter = C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [CANON INC.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Lync Click to Call BHO -> {HKLM...CLSID} = Lync Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS] {3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\(Default) = Canon Easy-WebPrint EX BHO -> {HKLM...CLSID} = Canon Easy-WebPrint EX BHO \InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [Oracle Corporation] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {86B567D0-313C-11D2-8985-0080ADA96E9B} = G Data -> {HKLM...CLSID} = G DATA Shredder \InProcServer32\(Default) = C:\Program Files\G Data\TotalCare\Shredder\Reisswlf.dll [G Data Software AG] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...CLSID} = Werkruimten \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\VISSHE.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} = Revo Uninstaller Pro Extension -> {HKLM...CLSID} = RUShellExt Class \InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group] {B28AA736-876B-46DA-B3A8-84C5E30BA492} = Websites -> {HKLM...CLSID} = Websites \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\WXPNSE.DLL [MS] {8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] {CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OLKFSTUB.DLL [MS] {435E5DF5-2510-463C-B223-BDA47006D002} = RecuvaShellExt -> {HKLM...CLSID} = RecuvaShellExt Class \InProcServer32\(Default) = C:\Program Files\Recuva\RecuvaShell.dll [Piriform Ltd] {04184942-D1DF-4B17-BD72-81C230531CA6} = AVKVirtualFolder Class -> {HKLM...CLSID} = AVKVirtualFolder Class \InProcServer32\(Default) = C:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupNSE.dll [G DATA Software AG] {E5A82055-B4B3-449B-9202-C714068617F9} = SOBVirtualFolder Class -> {HKLM...CLSID} = SOBVirtualFolder Class \InProcServer32\(Default) = C:\Program Files\G Data\TotalCare\AVK\SOBFilesNSE.dll [G Data Software AG] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ <> Userinit = C:\Windows\system32\userinit.exe,c:\program files\g data\totalcare\avkkid\avkcks.exe,C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe, [MS], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807583E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <> osf\CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1} -> {HKLM...CLSID} = Protocol Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AVK9CM\(Default) = {CAF4C320-32F5-11D3-A222-004095200FF2} -> {HKLM...CLSID} = AVK9ContextMenue \InProcServer32\(Default) = C:\Program Files\G Data\TotalCare\AVK\ShellExt.dll [G Data Software AG] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [Malwarebytes Corporation] Reisswolf\(Default) = {1F0F1EE7-36B9-11D2-8985-0080ADA96E9B} -> {HKLM...CLSID} = ReisswolfContextMenu \InProcServer32\(Default) = C:\Program Files\G Data\TotalCare\Shredder\Reisswlf.dll [G Data Software AG] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ RecuvaShellExt\(Default) = {435E5DF5-2510-463C-B223-BDA47006D002} -> {HKLM...CLSID} = RecuvaShellExt Class \InProcServer32\(Default) = C:\Program Files\Recuva\RecuvaShell.dll [Piriform Ltd] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVK9CM\(Default) = {CAF4C320-32F5-11D3-A222-004095200FF2} -> {HKLM...CLSID} = AVK9ContextMenue \InProcServer32\(Default) = C:\Program Files\G Data\TotalCare\AVK\ShellExt.dll [G Data Software AG] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [Malwarebytes Corporation] RecuvaShellExt\(Default) = {435E5DF5-2510-463C-B223-BDA47006D002} -> {HKLM...CLSID} = RecuvaShellExt Class \InProcServer32\(Default) = C:\Program Files\Recuva\RecuvaShell.dll [Piriform Ltd] Reisswolf\(Default) = {1F0F1EE7-36B9-11D2-8985-0080ADA96E9B} -> {HKLM...CLSID} = ReisswolfContextMenu \InProcServer32\(Default) = C:\Program Files\G Data\TotalCare\Shredder\Reisswlf.dll [G Data Software AG] RUShellExt\(Default) = {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} -> {HKLM...CLSID} = RUShellExt Class \InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000002 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ CanonCWDCEventHandler\ Provider = Canon CameraWindow ProgID = CwDC.AutoplayHandler HKLM\SOFTWARE\Classes\CwDC.AutoplayHandler\CLSID\(Default) = {CB7F044B-4400-48a4-8FEF-23B8D0D986EC} -> {HKLM...CLSID} = Canon CameraWindow \LocalServer32\(Default) = "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\CameraLauncher.exe" [CANON INC.] CanonMPNEX30PictureOnArrival\ Provider = MP Navigator EX Ver3.0 InvokeProgID = MPNavigatorEX30.AutoplayHandler InvokeVerb = open HKLM\SOFTWARE\Classes\MPNavigatorEX30.AutoplayHandler\shell\open\command\(Default) = C:\Program Files\Canon\MP Navigator EX 3.0\mpnex30.exe /AUTOPLAY %1 [CANON INC.] CanonZB4PicturesOnArrival\ Provider = Canon ZoomBrowser EX InvokeProgID = Zb.AutoplayHandler InvokeVerb = open HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = C:\Program Files\Canon\ZoomBrowser EX MCU\MCULauncher.exe [null data] LightImageResizerAutoplay_741406\ Provider = Light Image Resizer 4 InvokeProgID = LightImageResizerAutoplay InvokeVerb = LightImageResizerAutoplay_741406 HKLM\SOFTWARE\Classes\LightImageResizerAutoplay\shell\LightImageResizerAutoplay_741406\command\(Default) = C:\Program Files\ObviousIdea\Image Resizer 4\Resize.exe %L [ObviousIdea SARL] MPCPlayBluRayOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayBlurayMovie HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %L\BDMV\INDEX.BDMV [MPC-HC Team] MPCPlayCDAudioOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayCDAudio HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd [MPC-HC Team] MPCPlayDVDMovieOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayDVDMovie HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd [MPC-HC Team] MPCPlayMusicFilesOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayMusicFiles HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team] MPCPlayVideoFilesOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayVideoFiles HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team] WIA_{069730AE-AFAC-4E6D-A860-183001800E6E}\ Provider = Microsoft Office Publisher CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\Office12\MSPUB.EXE /IMG_WIA; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{1F6FD3CB-0D03-44E2-AF8A-FBF21668DC5C}\ Provider = Microsoft Publisher CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\Office14\MSPUB.EXE /IMG_WIA; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{551DECC8-D277-4F40-BF31-EA64E16A27C4}\ Provider = Microsoft Publisher CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\Office14\MSPUB.EXE /IMG_STI /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{A206F527-B225-4358-9091-7B862F0B60D7}\ Provider = MP Navigator EX Ver3.0 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Canon\MP Navigator EX 3.0\mpnex30.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{A225355C-0F7B-40E4-87F4-B6D8D4B5B609}\ Provider = Microsoft Office Publisher CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\Office12\MSPUB.EXE /IMG_STI /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{A37A5F2E-7547-416D-BD5D-97906D56D555}\ Provider = Microsoft Word CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\Office14\WINWORD.EXE /IMG_WIA; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{E547C5AF-2F49-47D5-8C54-8853E6CA6FD9}\ Provider = Microsoft Office Word CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /IMG_WIA; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Acrobat Update Task -> launches: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated] Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] Microsoft Office 15 Sync Maintenance for gebruiker-PC-gebruiker gebruiker-PC -> launches: C:\Program Files\Microsoft Office\Office15\MsoSync.exe [MS] Opera scheduled Autoupdate 1400443394 -> launches: C:\Program Files\Opera\launcher.exe --scheduledautoupdate [Opera Software] SidebarExecute -> launches: C:\Program Files\Windows Sidebar\sidebar.exe [MS] User_Feed_Synchronization-{FF1921C3-363A-4E12-A7FF-1DEA20AF7DB0} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS] C:\Windows\System32\Tasks\Microsoft\Office Office 15 Subscription Heartbeat -> launches: %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [MS] OfficeTelemetryAgentFallBack -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880 [MS] OfficeTelemetryAgentLogOn -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe \\?\Volume{a26f70c3-53f9-11e1-aab2-806e6f6e6963}\ -e [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup AutomaticBackup -> launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS] Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Defender MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-3610193835-1686817779-3520744912-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 20 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -> {HKLM...CLSID} = Canon Easy-WebPrint EX \InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX -> {HKLM...CLSID} = Canon Easy-WebPrint EX \InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {21347690-EC41-4F9A-8887-1F4AEE672439}\(Default) = (no title provided) -> {HKLM...CLSID} = Canon Easy-WebPrint EX \InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.] HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] G Data AntiVirus Proxy, AVKProxy, "C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe" [G Data Software AG] G Data Bestandssysteembewaker, AVKWCtl, "C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe" [G Data Software AG] G Data Personal Firewall, GDFwSvc, "C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe" [G Data Software AG] G Data Scanner, GDScan, "C:\Program Files\Common Files\G Data\GDScan\GDScan.exe" [G Data Software AG] G DATA Scheduler, AVKService, "C:\Program Files\G Data\TotalCare\AVK\AVKService.exe" [G Data Software AG] MBAMScheduler, MBAMScheduler, "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation] MBAMService, MBAMService, "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [Malwarebytes Corporation] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] NVIDIA GeForce Experience Service, GfExperienceService, "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe" [NVIDIA Corporation] NVIDIA Network Service, NvNetworkService, "C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe" [NVIDIA Corporation] NVIDIA Stereoscopic 3D Driver Service, Stereo Service, "C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [NVIDIA Corporation] NVIDIA Streamer Service, NvStreamSvc, "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" [NVIDIA Corporation] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> PEVSystemStart, Service Keyboard Driver Filters: ------------------------ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ <> UpperFilters = <> GDKBFlt [file not found],kbdclass [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor MP560 series\Driver = CNMLMA0.DLL [CANON INC.] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Users\gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\gebruiker\AppData\Local\Mozilla\Firefox\Profiles\c0ibpbgl.default\cache2 emptied successfully C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\c0ibpbgl.default\personas\cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=175 folders=45 15399105 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\gebruiker\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot