Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Edpo on di 19-05-2015 at 10:50:21,84. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Edpo\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-05-19-072151.log 14846 bytes C:\zoek-results2015-05-19-084123.log 159093 bytes ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\System32\svchost.exe -k utcsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Edpo\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Users\Edpo\AppData\Roaming\Spotify\Spotify.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Edpo\AppData\Roaming\Spotify\Spotify.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Edpo\AppData\Roaming\Spotify\Spotify.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\IncrediMail\Bin\IncMail.exe C:\Program Files\IncrediMail\Bin\ImApp.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\servicing\TrustedInstaller.exe C:\Users\Edpo\Desktop\zoek.exe C:\Windows\system32\conhost.exe ==== Windows Installer Info ====================== Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0]C:\Windows\Installer\c56cb.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\86b08.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC]C:\Windows\Installer\43779.msi HP Support Solutions Framework [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77B2C3CF00866C841AD5D9011331C061]C:\Windows\Installer\4bf70f.msi hppLaserJetService [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\155F173D9BD0CEC448B4C409EC19AEB0]C:\Windows\Installer\effa6.msi hppP1100P1560P1600SeriesLaserJetService [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\652844E0515DE3C45AEBA0B767EC5D4D]C:\Windows\Installer\eff9d.msi hppusgP1100P1560P1600Series [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A464F3588B2BE404ABE39BF86F68C214]C:\Windows\Installer\effaf.msi HPSSupply [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\313E2097F0FF3944CA1B8A41B787CD0D]C:\Windows\Installer\effb8.msi IncrediMail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DE90FC180BF5A0E48AF3F015D4EDBACB]C:\Windows\Installer\5508b.msi MarketResearch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1110F57186925394F8073301C8A6D43E]C:\Windows\Installer\eff94.msi Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E68D19A1421347534AFB04761662C5AF]C:\Windows\Installer\145661.msi Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\271D3094BCCDF293393A43ACD974EFD3]C:\Windows\Installer\63f124.msi Microsoft Access MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109510031400000000000F01FEC]C:\Windows\Installer\c56dd.msi Microsoft Access MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109510090400000000000F01FEC]C:\Windows\Installer\50412.msi Microsoft Access Setup Metadata MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109711090400000000000F01FEC]C:\Windows\Installer\50418.msi Microsoft DCF MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109090031400000000000F01FEC]C:\Windows\Installer\c56fb.msi Microsoft DCF MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109090090400000000000F01FEC]C:\Windows\Installer\50441.msi Microsoft Download Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BD779456100020000010AEDB22D8EDB8]C:\Windows\Installer\41585.msi Microsoft Excel MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109610031400000000000F01FEC]C:\Windows\Installer\c56e9.msi Microsoft Excel MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109610090400000000000F01FEC]C:\Windows\Installer\5042f.msi Microsoft Groove MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109AB0031400000000000F01FEC]C:\Windows\Installer\c5707.msi Microsoft Groove MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109AB0090400000000000F01FEC]C:\Windows\Installer\5044d.msi Microsoft InfoPath MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109440031400000000000F01FEC]C:\Windows\Installer\c56e3.msi Microsoft InfoPath MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109440090400000000000F01FEC]C:\Windows\Installer\5041e.msi Microsoft Lync MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109B21031400000000000F01FEC]C:\Windows\Installer\c56ef.msi Microsoft Lync MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109B21090400000000000F01FEC]C:\Windows\Installer\50424.msi Microsoft Office Korrekturhilfen 2013 - Deutsch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F10070400000000000F01FEC]C:\Windows\Installer\c5713.msi Microsoft Office OSM MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091E0031400000000000F01FEC]C:\Windows\Installer\c572b.msi Microsoft Office OSM MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091E0090400000000000F01FEC]C:\Windows\Installer\50467.msi Microsoft Office OSM UX MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051092E0031400000000000F01FEC]C:\Windows\Installer\c5731.msi Microsoft Office OSM UX MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051092E0090400000000000F01FEC]C:\Windows\Installer\5046d.msi Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109110000000000000000F01FEC]C:\Windows\Installer\50550.msi Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000000000000F01FEC]C:\Windows\Installer\c574d.msi Microsoft Office Proofing (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C20031400000000000F01FEC]C:\Windows\Installer\c5725.msi Microsoft Office Proofing (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C20090400000000000F01FEC]C:\Windows\Installer\50461.msi Microsoft Office Proofing Tools 2013 - English [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F10090400000000000F01FEC]C:\Windows\Installer\c571f.msi Microsoft Office Proofing Tools 2013 - Espa¤ol [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F100A0C00000000000F01FEC]C:\Windows\Installer\50453.msi Microsoft Office Proofing Tools 2013 - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F10031400000000000F01FEC]C:\Windows\Installer\c570d.msi Microsoft Office Shared MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109E60031400000000000F01FEC]C:\Windows\Installer\c56d7.msi Microsoft Office Shared MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109E60090400000000000F01FEC]C:\Windows\Installer\50406.msi Microsoft Office Shared Setup Metadata MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109511090400000000000F01FEC]C:\Windows\Installer\5040c.msi Microsoft OneNote MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091A0031400000000000F01FEC]C:\Windows\Installer\c5701.msi Microsoft OneNote MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091A0090400000000000F01FEC]C:\Windows\Installer\50447.msi Microsoft Outlook MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A10031400000000000F01FEC]C:\Windows\Installer\c5737.msi Microsoft Outlook MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A10090400000000000F01FEC]C:\Windows\Installer\50478.msi Microsoft PowerPoint MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109810031400000000000F01FEC]C:\Windows\Installer\c573d.msi Microsoft PowerPoint MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109810090400000000000F01FEC]C:\Windows\Installer\50435.msi Microsoft Publisher MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109910031400000000000F01FEC]C:\Windows\Installer\c56f5.msi Microsoft Publisher MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109910090400000000000F01FEC]C:\Windows\Installer\5043b.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]C:\Windows\Installer\1ce8be.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]C:\Windows\Installer\8f7db.msi Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]C:\Windows\Installer\38ccb9.msi Microsoft Visual Studio 2010 Tools for Office Runtime (x86) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3FB95CD427D08EC3FBFEE1F8FA86E90B]C:\Windows\Installer\38cd0a.msi Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5A26EE4DCB4BC6C3C99F80A3CF542F10]C:\Windows\Installer\38cd2b.msi Microsoft Word MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109B10031400000000000F01FEC]C:\Windows\Installer\c5743.msi Microsoft Word MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109B10090400000000000F01FEC]C:\Windows\Installer\5047e.msi Outils de v‚rification linguistique 2013 de Microsoft Office˙- Fran‡ais [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F100C0400000000000F01FEC]C:\Windows\Installer\c5719.msi ==== Checking Systemdrive for Symlinks ====================== De volumenaam van station C is ACER Het volumenummer is B821-BBBF Map van C:\ 14-07-2009 06:53 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\oud\Program Files\Windows NT 27-05-2008 16:26 Bureau-accessoires [C:\Windows.old\Program Files\Windows NT\Accessories] 0 bestand(en) 0 bytes Map van C:\oud\ProgramData 02-11-2006 15:02 Application Data [C:\Windows.old\ProgramData] 27-05-2008 16:26 Bureaublad [C:\Windows.old\Users\Public\Desktop] 02-11-2006 15:02 Desktop [C:\Windows.old\Users\Public\Desktop] 27-05-2008 16:26 Documenten [C:\Windows.old\Users\Public\Documents] 02-11-2006 15:02 Documents [C:\Windows.old\Users\Public\Documents] 27-05-2008 16:26 Favorieten [C:\Windows.old\Users\Public\Favorites] 02-11-2006 15:02 Favorites [C:\Windows.old\Users\Public\Favorites] 27-05-2008 16:26 Menu Start [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu] 27-05-2008 16:26 Sjablonen [C:\Windows.old\ProgramData\Microsoft\Windows\Templates] 02-11-2006 15:02 Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu] 02-11-2006 15:02 Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\oud\ProgramData\Microsoft\Windows 27-05-2008 16:26 Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\oud\ProgramData\Microsoft\Windows\Start Menu 27-05-2008 16:26 Programma's [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Program Files\Windows NT 24-06-2014 02:16 Bureau-accessoires [C:\Program Files\Windows NT\Accessories] 0 bestand(en) 0 bytes Map van C:\ProgramData 14-07-2009 06:53 Application Data [C:\ProgramData] 24-06-2014 02:16 Bureaublad [C:\Users\Public\Desktop] 14-07-2009 06:53 Desktop [C:\Users\Public\Desktop] 24-06-2014 02:16 Documenten [C:\Users\Public\Documents] 14-07-2009 06:53 Documents [C:\Users\Public\Documents] 24-06-2014 02:16 Favorieten [C:\Users\Public\Favorites] 14-07-2009 06:53 Favorites [C:\Users\Public\Favorites] 24-06-2014 02:16 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 24-06-2014 02:16 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14-07-2009 06:53 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14-07-2009 06:53 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\ProgramData\Microsoft\Windows\Start Menu 24-06-2014 02:16 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users 14-07-2009 06:53 All Users [C:\ProgramData] 14-07-2009 06:53 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 14-07-2009 06:53 Application Data [C:\ProgramData] 24-06-2014 02:16 Bureaublad [C:\Users\Public\Desktop] 14-07-2009 06:53 Desktop [C:\Users\Public\Desktop] 24-06-2014 02:16 Documenten [C:\Users\Public\Documents] 14-07-2009 06:53 Documents [C:\Users\Public\Documents] 24-06-2014 02:16 Favorieten [C:\Users\Public\Favorites] 14-07-2009 06:53 Favorites [C:\Users\Public\Favorites] 24-06-2014 02:16 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 24-06-2014 02:16 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14-07-2009 06:53 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14-07-2009 06:53 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Microsoft\Windows\Start Menu 24-06-2014 02:16 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default 14-07-2009 06:53 Application Data [C:\Users\Default\AppData\Roaming] 14-07-2009 06:53 Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 14-07-2009 06:53 Local Settings [C:\Users\Default\AppData\Local] 24-06-2014 02:16 Menu Start [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 24-06-2014 02:16 Mijn documenten [C:\Users\Default\Documents] 14-07-2009 06:53 My Documents [C:\Users\Default\Documents] 14-07-2009 06:53 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 24-06-2014 02:16 Netwerkprinteromgeving [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14-07-2009 06:53 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14-07-2009 06:53 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14-07-2009 06:53 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 24-06-2014 02:16 Sjablonen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 14-07-2009 06:53 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14-07-2009 06:53 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Local 14-07-2009 06:53 Application Data [C:\Users\Default\AppData\Local] 24-06-2014 02:16 Geschiedenis [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14-07-2009 06:53 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14-07-2009 06:53 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 24-06-2014 02:16 Programma's [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default\Documents 24-06-2014 02:16 Mijn afbeeldingen [C:\Users\Default\Pictures] 24-06-2014 02:16 Mijn muziek [C:\Users\Default\Music] 24-06-2014 02:16 Mijn video's [C:\Users\Default\Videos] 14-07-2009 06:53 My Music [C:\Users\Default\Music] 14-07-2009 06:53 My Pictures [C:\Users\Default\Pictures] 14-07-2009 06:53 My Videos [C:\Users\Default\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Edpo 24-06-2014 02:17 Application Data [C:\Users\Edpo\AppData\Roaming] 24-06-2014 02:17 Cookies [C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Cookies] 24-06-2014 02:17 Local Settings [C:\Users\Edpo\AppData\Local] 24-06-2014 02:17 Menu Start [C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Start Menu] 24-06-2014 02:17 Mijn documenten [C:\Users\Edpo\Documents] 24-06-2014 02:17 NetHood [C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 24-06-2014 02:17 Netwerkprinteromgeving [C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 24-06-2014 02:17 Recent [C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Recent] 24-06-2014 02:17 SendTo [C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\SendTo] 24-06-2014 02:17 Sjablonen [C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Edpo\AppData\Local 24-06-2014 02:17 Application Data [C:\Users\Edpo\AppData\Local] 24-06-2014 02:17 Geschiedenis [C:\Users\Edpo\AppData\Local\Microsoft\Windows\History] 24-06-2014 02:17 Temporary Internet Files [C:\Users\Edpo\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Start Menu 24-06-2014 02:17 Programma's [C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Edpo\Documents 24-06-2014 02:17 Mijn afbeeldingen [C:\Users\Edpo\Pictures] 24-06-2014 02:17 Mijn muziek [C:\Users\Edpo\Music] 24-06-2014 02:17 Mijn video's [C:\Users\Edpo\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 24-06-2014 02:16 Mijn afbeeldingen [C:\Users\Public\Pictures] 24-06-2014 02:16 Mijn muziek [C:\Users\Public\Music] 24-06-2014 02:16 Mijn video's [C:\Users\Public\Videos] 14-07-2009 06:53 My Music [C:\Users\Public\Music] 14-07-2009 06:53 My Pictures [C:\Users\Public\Pictures] 14-07-2009 06:53 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 0 bestand(en) 0 bytes 90 map(pen) 62.945.165.312 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-238867565-741587740-316287982-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856747e-cccc-4105-b43d-1cc7fd1d53b9} deleted successfully HKEY_USERS\S-1-5-21-238867565-741587740-316287982-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad89df8a-eeb7-4049-a529-a72f65e6c67c} deleted successfully HKEY_USERS\S-1-5-21-238867565-741587740-316287982-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f1f8bb2a-3a0e-454d-a440-aa9292d2298d} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8856747e-cccc-4105-b43d-1cc7fd1d53b9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8856747e-cccc-4105-b43d-1cc7fd1d53b9} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ad89df8a-eeb7-4049-a529-a72f65e6c67c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad89df8a-eeb7-4049-a529-a72f65e6c67c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d640ce67-58e4-43c2-9adc-6bb959d7c606} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f1f8bb2a-3a0e-454d-a440-aa9292d2298d} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1f8bb2a-3a0e-454d-a440-aa9292d2298d} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Flash Player 17 ActiveX Avast Premier Buzzdock CDBurnerXP Definition Update for Microsoft Office 2013 (KB2986209) 32-Bit Edition Dropbox Google Chrome Google Toolbar for Internet Explorer Google Update Helper HP Support Solutions Framework hppLaserJetService hppP1100P1560P1600SeriesLaserJetService hppusgP1100P1560P1600Series HPSSupply IncrediMail IncrediMail 2.5 Malwarebytes Anti-Malware versie 2.1.6.1022 MarketResearch Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Access MUI (Dutch) 2013 Microsoft Access MUI (English) 2013 Microsoft Access Setup Metadata MUI (English) 2013 Microsoft DCF MUI (Dutch) 2013 Microsoft DCF MUI (English) 2013 Microsoft Download Manager Microsoft Excel MUI (Dutch) 2013 Microsoft Excel MUI (English) 2013 Microsoft Groove MUI (Dutch) 2013 Microsoft Groove MUI (English) 2013 Microsoft InfoPath MUI (Dutch) 2013 Microsoft InfoPath MUI (English) 2013 Microsoft Lync MUI (Dutch) 2013 Microsoft Lync MUI (English) 2013 Microsoft Office Korrekturhilfen 2013 - Deutsch Microsoft Office OSM MUI (Dutch) 2013 Microsoft Office OSM MUI (English) 2013 Microsoft Office OSM UX MUI (Dutch) 2013 Microsoft Office OSM UX MUI (English) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (Dutch) 2013 Microsoft Office Proofing (English) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Espa¤ol Microsoft Office Proofing Tools 2013 - Nederlands Microsoft Office Shared MUI (Dutch) 2013 Microsoft Office Shared MUI (English) 2013 Microsoft Office Shared Setup Metadata MUI (English) 2013 Microsoft OneNote MUI (Dutch) 2013 Microsoft OneNote MUI (English) 2013 Microsoft Outlook MUI (Dutch) 2013 Microsoft Outlook MUI (English) 2013 Microsoft PowerPoint MUI (Dutch) 2013 Microsoft PowerPoint MUI (English) 2013 Microsoft Publisher MUI (Dutch) 2013 Microsoft Publisher MUI (English) 2013 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD Microsoft Word MUI (Dutch) 2013 Microsoft Word MUI (English) 2013 Outils de v‚rification linguistique 2013 de Microsoft Office˙- Fran‡ais Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft .NET Framework 4.5.1 (KB3023224) Security Update for Microsoft .NET Framework 4.5.1 (KB3035490) Security Update for Microsoft .NET Framework 4.5.1 (KB3037581) Security Update for Microsoft Excel 2013 (KB2986216) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2910941) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2975808) 32-Bit Edition Security Update for Microsoft PowerPoint 2013 (KB2975816) 32-Bit Edition Security Update for Microsoft Word 2013 (KB2965307) 32-Bit Edition Security Update for Skype for Business 2015 (KB3039779) 32-Bit Edition Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition Spotify Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD Update for Microsoft Access 2013 (KB2965276) 32-Bit Edition Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition Update for Microsoft Office 2013 (KB2760371) 32-Bit Edition Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition Update for Microsoft Office 2013 (KB2837654) 32-Bit Edition Update for Microsoft Office 2013 (KB2880487) 32-Bit Edition Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition Update for Microsoft Office 2013 (KB2881017) 32-Bit Edition Update for Microsoft Office 2013 (KB2881076) 32-Bit Edition Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition Update for Microsoft Office 2013 (KB2883095) 32-Bit Edition Update for Microsoft Office 2013 (KB2899498) 32-Bit Edition Update for Microsoft Office 2013 (KB2899522) 32-Bit Edition Update for Microsoft Office 2013 (KB2956152) 32-Bit Edition Update for Microsoft Office 2013 (KB2956164) 32-Bit Edition Update for Microsoft Office 2013 (KB2965253) 32-Bit Edition Update for Microsoft Office 2013 (KB2965259) 32-Bit Edition Update for Microsoft Office 2013 (KB2965269) 32-Bit Edition Update for Microsoft Office 2013 (KB2965271) 32-Bit Edition Update for Microsoft Office 2013 (KB2965277) 32-Bit Edition Update for Microsoft Office 2013 (KB2975869) 32-Bit Edition Update for Microsoft Office 2013 (KB2986156) 32-Bit Edition Update for Microsoft Office 2013 (KB2986171) 32-Bit Edition Update for Microsoft Office 2013 (KB3054782) 32-Bit Edition Update for Microsoft OneDrive for Business (KB2986244) 32-Bit Edition Update for Microsoft OneNote 2013 (KB2975901) 32-Bit Edition Update for Microsoft Outlook 2013 (KB3039799) 32-Bit Edition Update for Microsoft Outlook Social Connector 2013 (KB3039711) 32-Bit Edition Update for Microsoft Publisher 2013 (KB2883048) 32-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition Update for Skype for Business 2015 (KB2889853) 32-Bit Edition Windows Installer Clean Up WinRAR 5.21 (32-bit) ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8856747e-cccc-4105-b43d-1cc7fd1d53b9}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad89df8a-eeb7-4049-a529-a72f65e6c67c}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d640ce67-58e4-43c2-9adc-6bb959d7c606}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1f8bb2a-3a0e-454d-a440-aa9292d2298d}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "3B3D8CBFDC6E7A0D7BD03925CCF9D2733A7AE662._service_run"=- "GoogleChromeAutoLaunch_F259D3AFC958008C1EE7E7205C555659"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb not found C:\Program Files\Common Files\b56dff5a-df23-4e43-acde-a4f08b8dcffb not found C:\Users\Edpo\AppData\Roaming\Enigma Software Group not found C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb not found C:\Program Files\SaleoPLLus not found C:\Program Files\Fruit Ninja Extended not found C:\ProgramData\nihhjhmdhaaefmpdcffmdmphbjbehcfb not found C:\ProgramData\mjoinbniobpejhagmjnobekipdomanfh not found C:\ProgramData\eicnneollbepgpkablophlpbcfjlnbfl not found C:\ProgramData\{e004df8f-1eaa-bfc2-e004-4df8f1ea7e3c} not found C:\ProgramData\{8dfdf42a-9776-0a42-8dfd-df42a977d0aa} not found C:\Program Files\SSaalePallus not found "C:\Windows\system32\drivers\EsgScanner.sys" not found C:\Program Files\Dragon Branch deleted C:\Program Files\Enigma Software Group deleted C:\Windows\AutoKMS deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601) Memory (RAM): 3072 MB CPU Info: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz CPU Speed: 2197,9 MHz Sound Card: Luidsprekers (2- High Definitio | Luidsprekers (2- High Definitio | Digitale audio (HDMI) (High Def | Digitale audio (S/PDIF) (2- Hig | Display Adapters: NVIDIA GeForce 8400 (Microsoft Corporation - WDDM v1.1) | NVIDIA GeForce 8400 (Microsoft Corporation - WDDM v1.1) | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: NVIDIA nForce-netwerkcontroller CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM_GSA-H60N Ports: COM1 | COM2 LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 144,3GB | D: 144,0GB | F: 931,5GB | G: 441,3GB | H: 24,4GB Hard Disks - Free: C: 58,6GB | D: 119,0GB | F: 679,7GB | G: 308,0GB | H: 10,8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 12/07/07 | ACRSYS - 20071207 Time Zone: West-Europa (standaardtijd) Motherboard *: ACER MCP73 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Firewall: avast! Antivirus disabled Default Browser: Google Chrome 42.0.2311.152 Internet Explorer Version: 11.0.9600.17801 Google Chrome version: 42.0.2311.152 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-05-14 09:50:04 2169B4B1EFAA3453A4DA732F1F94C1E1 43112 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\Edpo\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-05-19 07:07:20 75BB19048F756691E12C3CEA17935A3C 51712 ----a-w- C:\Windows\System32\HP1100SMs.dll 2015-05-19 07:07:14 DE3DA7EF179CC1A5F606E0A3EA1CAAB1 1511424 ----a-w- C:\Windows\System32\HP1100SM.EXE 2015-05-19 07:07:14 BB7992FB16BC30FA43CFA070383D2A6F 151552 ----a-w- C:\Windows\System32\HP1100LM.DLL 2015-05-19 07:05:22 3C2A475751DEEF13BD6D978203101136 284160 ----a-w- C:\Windows\System32\mvhlewsi.dll 2015-05-18 10:30:07 1D66934D8DB4AEBE53D3F0FE40CA76CE 291312 ----a-w- C:\Windows\System32\aswBoot.exe 2015-05-18 09:44:10 DE03D52A69F7F73B843C9B93AE034629 142512 ----a-w- C:\Windows\System32\FlashPlayerCPLApp.cpl 2015-05-18 09:44:10 A414E74D8EA0C3E446BF776667D16387 778416 ----a-w- C:\Windows\System32\FlashPlayerApp.exe 2015-05-14 12:28:27 858EB73F68B20A2A5C66B6C000D1C0DD 102608 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 09:48:06 744AB3C1A73A57DEED49D631F1BDEA1D 2311168 ----a-w- C:\Windows\System32\wpdshext.dll 2015-05-14 09:48:03 E95DE5B790B2D16706DAC8472E51F31A 851456 ----a-w- C:\Windows\System32\diagtrack.dll 2015-05-14 09:48:03 47DE8B7A482D4BABBCC70C0199E35881 36864 ----a-w- C:\Windows\System32\UtcResources.dll 2015-05-14 09:48:02 D0F574320615303ADECDCB452EBB8930 635392 ----a-w- C:\Windows\System32\tdh.dll 2015-05-14 09:48:02 8D50ED3F0FBE3590AB0D43BF7B60E57A 3989440 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2015-05-14 09:48:02 7410C9F088E4F13C981F981B52475B5E 1307648 ----a-w- C:\Windows\System32\ntdll.dll 2015-05-14 09:48:02 0A66C88B087249742381924AB8F9EFCC 3934144 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-05-14 09:48:01 FCB1C8345C794FE89ABA03B4CA3131BB 65536 ----a-w- C:\Windows\System32\TSpkg.dll 2015-05-14 09:48:01 F286528898342F0F1EB402606750C391 17408 ----a-w- C:\Windows\System32\diskperf.exe 2015-05-14 09:48:01 ECB7366ED80E349436FC495A77EAF24C 15872 ----a-w- C:\Windows\System32\sspisrv.dll 2015-05-14 09:48:01 EB058143B57ED460AC4F2DFBA104BBFF 364544 ----a-w- C:\Windows\System32\tracerpt.exe 2015-05-14 09:48:01 D362BFE84A44A442CB6B8CBFE6DE027D 1061376 ----a-w- C:\Windows\System32\lsasrv.dll 2015-05-14 09:48:01 C6D2D384B6232B0B800234C03C50979F 82944 ----a-w- C:\Windows\System32\logman.exe 2015-05-14 09:48:01 AFFE5747054D03F8CEE18A8518A9AA34 50176 ----a-w- C:\Windows\System32\auditpol.exe 2015-05-14 09:48:01 ABA025664F9F42C568B2C022AADCB18F 43008 ----a-w- C:\Windows\System32\srclient.dll 2015-05-14 09:48:01 99A508910BB06DFBE99D9AF7D6B4E950 22016 ----a-w- C:\Windows\System32\secur32.dll 2015-05-14 09:48:01 97B30711DC6CA0EA4EACEDCE8080A3B4 37888 ----a-w- C:\Windows\System32\relog.exe 2015-05-14 09:48:01 9638DA21E965E23C85C4319F3F66D824 6656 ----a-w- C:\Windows\System32\apisetschema.dll 2015-05-14 09:48:01 8C45A65ED20B487085B79EEFCC08D160 92160 ----a-w- C:\Windows\System32\sechost.dll 2015-05-14 09:48:01 850F756363237A2EB069B9B25EF8BEC3 172032 ----a-w- C:\Windows\System32\wdigest.dll 2015-05-14 09:48:01 7E9A03C1B76CB8A222C9AB232B3118D9 262656 ----a-w- C:\Windows\System32\rstrui.exe 2015-05-14 09:48:01 7CC0547B9FD90649731E021DA2763086 400896 ----a-w- C:\Windows\System32\srcore.dll 2015-05-14 09:48:01 7A5824DC9A85FCE4334F57FF0795853E 641536 ----a-w- C:\Windows\System32\advapi32.dll 2015-05-14 09:48:01 79AF005633B7E41B7A194A7E7B9D3D93 17408 ----a-w- C:\Windows\System32\credssp.dll 2015-05-14 09:48:01 74C0EC1257698176E288DA282F318E1C 40448 ----a-w- C:\Windows\System32\typeperf.exe 2015-05-14 09:48:01 6C427298E65C1430D232A0529ED9B18E 100352 ----a-w- C:\Windows\System32\sspicli.dll 2015-05-14 09:48:01 66D6A06936088E412E29A182679F0D71 259584 ----a-w- C:\Windows\System32\msv1_0.dll 2015-05-14 09:48:01 5DCF39695CD614B162330F5AC27C4654 38912 ----a-w- C:\Windows\System32\csrsrv.dll 2015-05-14 09:48:01 54A01CC4BC47B31C5CD082D064AB37BC 550912 ----a-w- C:\Windows\System32\kerberos.dll 2015-05-14 09:48:01 1667D76FBF42B24B9DE3E8B0A7CF06BE 22528 ----a-w- C:\Windows\System32\lsass.exe 2015-05-14 09:48:01 0B6E937863837BA3383E9CE9200DDF1E 221184 ----a-w- C:\Windows\System32\ncrypt.dll 2015-05-14 09:48:01 03CD13A169C19558F637C2F36B974BDA 69632 ----a-w- C:\Windows\System32\smss.exe 2015-05-14 09:48:00 D079A408CC3E22A09D1260A6F18FC0FD 146432 ----a-w- C:\Windows\System32\msaudite.dll 2015-05-14 09:48:00 BF9BB4113E9FCDABD4C703DDD06293F3 60416 ----a-w- C:\Windows\System32\msobjs.dll 2015-05-14 09:48:00 86B2AC15999BB4F8B5C84AB6154A1783 686080 ----a-w- C:\Windows\System32\adtschema.dll 2015-05-14 09:47:51 EF63EDC07D444AC4B6E88CA6E2841737 159744 ----a-w- C:\Windows\System32\aepic.dll 2015-05-14 09:47:51 E51E2C5EED4CE667D2CF06E56AC6FF1C 896000 ----a-w- C:\Windows\System32\aeinv.dll 2015-05-14 09:47:51 98F09936B1C397987268D6F2F3D869DB 26112 ----a-w- C:\Windows\System32\acmigration.dll 2015-05-14 09:47:51 76F800C6046B439799C3A4120A0B398A 576000 ----a-w- C:\Windows\System32\generaltel.dll 2015-05-14 09:47:51 5F823C55FB9761F1236AF48DFF630353 860160 ----a-w- C:\Windows\System32\appraiser.dll 2015-05-14 09:47:50 90D6FA9DB9502FC992D260DE4CB944C7 331264 ----a-w- C:\Windows\System32\devinv.dll 2015-05-14 09:47:50 87D7FF1217B32CD069DAF079686F43AE 630784 ----a-w- C:\Windows\System32\invagent.dll 2015-05-14 09:47:48 896850F7D6E6E95DC5BE0F192E05CD0E 202752 ----a-w- C:\Windows\System32\aepdu.dll 2015-05-14 09:47:43 D824C1C235349B67E652A5CA70D1AA49 58880 ----a-w- C:\Windows\System32\clfsw32.dll 2015-05-14 09:47:43 33A60554882FDF59CDA3E1806370BBA1 249784 ----a-w- C:\Windows\System32\clfs.sys 2015-05-14 09:47:42 172D2960EF38795D2819A35268672F3D 305152 ----a-w- C:\Windows\System32\gdi32.dll 2015-05-14 09:47:10 E62FA8858669B48E66DA21C366257F64 2382336 ----a-w- C:\Windows\System32\win32k.sys 2015-05-14 09:47:10 C22AB1781BC6F0BB1C9B352CF66DBFFC 1250816 ----a-w- C:\Windows\System32\DWrite.dll 2015-05-14 09:47:10 6EC244F102C7F129678E5F7309D1366D 909312 ----a-w- C:\Windows\System32\FntCache.dll 2015-05-14 09:47:04 D0CA74BE380498A0111A73EB9C76CF8F 342016 ----a-w- C:\Windows\System32\certcli.dll 2015-05-14 09:47:04 2665A3D34D1C62DF303723422215B001 248832 ----a-w- C:\Windows\System32\schannel.dll 2015-05-14 09:46:45 0780A42DBD7D9969F9BF4A19AA4285B5 259072 ----a-w- C:\Windows\System32\services.exe 2015-05-14 09:46:41 FE8453CD0ABE1F1D42A545CCDEBEB044 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe 2015-05-14 09:46:41 D5EFD1C5F5BB4F7D52D1F77FBBD2342E 685568 ----a-w- C:\Windows\System32\ie4uinit.exe 2015-05-14 09:46:41 C3120D99E6DA7878A1DD2D88138AC60A 30720 ----a-w- C:\Windows\System32\iernonce.dll 2015-05-14 09:46:41 9025CA7BCD6B7956366FC90B3D6E3933 47616 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2015-05-14 09:46:41 746BBC86351D07859D8B40056447F7B2 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2015-05-14 09:46:40 CC4974FCF9387F32A0FF87BCE093A5AD 620032 ----a-w- C:\Windows\System32\jscript9diag.dll 2015-05-14 09:46:40 AA2F2D55DEF98007839D0189D721D70B 1310208 ----a-w- C:\Windows\System32\urlmon.dll 2015-05-14 09:46:40 6388FC82897DDDA607BBE3580D75AE15 342736 ----a-w- C:\Windows\System32\iedkcs32.dll 2015-05-14 09:46:40 3CE5DE0730C22A54FE783DB8A989E8BD 47104 ----a-w- C:\Windows\System32\jsproxy.dll 2015-05-14 09:46:40 2AB830C47C6C59F378B13BF8233C1D74 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2015-05-14 09:46:40 1BBC9CFD29A62D80FB77BB69BFF7513C 115712 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-05-14 09:46:39 C2EB0AA5570CF8BC881B36EE55A59337 688640 ----a-w- C:\Windows\System32\msfeeds.dll 2015-05-14 09:46:39 63A2E3E9C771B1D4D7D84942D6FCB661 710144 ----a-w- C:\Windows\System32\ieapfltr.dll 2015-05-14 09:46:39 5AAC24BF6C4A54DA526CC6244DEBE227 418304 ----a-w- C:\Windows\System32\dxtmsft.dll 2015-05-14 09:46:39 28313FF0DE83EAD8F5EF1B963D9078C3 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2015-05-14 09:46:38 E993B5E929F46A52E9F4EB68A7855CDF 62464 ----a-w- C:\Windows\System32\iesetup.dll 2015-05-14 09:46:38 37625FC1DAF886F1980E2D8F315B93AC 168960 ----a-w- C:\Windows\System32\msrating.dll 2015-05-14 09:46:38 136687227F11CE928CB05F4FD90319AC 2052608 ----a-w- C:\Windows\System32\inetcpl.cpl 2015-05-14 09:46:37 CB5F450D21B9D76B7F01D006E4AEDB40 1882112 ----a-w- C:\Windows\System32\wininet.dll 2015-05-14 09:46:37 9EA5751205B65A11CC4C3F9FE353B5F3 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2015-05-14 09:46:37 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\System32\ieuinit.inf 2015-05-14 09:46:36 7B4FA4B41FBDBB12C5038FCB6E6652AA 285696 ----a-w- C:\Windows\System32\dxtrans.dll 2015-05-14 09:46:35 BCFA71A878903B5F92A7AFEFCCC5CA97 478208 ----a-w- C:\Windows\System32\ieui.dll 2015-05-14 09:46:35 0E22CD36FC3292CB812CC46CBCFD8444 12828672 ----a-w- C:\Windows\System32\ieframe.dll 2015-05-14 09:46:34 07E82A31808C8BC053D1DE547082C58F 341504 ----a-w- C:\Windows\System32\html.iec 2015-05-14 09:46:33 CFCB89C0FE8EF502A7934C0D20E5DBD6 76288 ----a-w- C:\Windows\System32\mshtmled.dll 2015-05-14 09:46:33 1C5C5B5EF9CFDFC897D4549A2385DB3A 1155072 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2015-05-14 09:46:32 C525258A00ECFB4CE089F54C163268C3 2278400 ----a-w- C:\Windows\System32\iertutil.dll 2015-05-14 09:46:32 8C00AB01B1BC1E2F69765776BBC5A5D1 64000 ----a-w- C:\Windows\System32\MshtmlDac.dll 2015-05-14 09:46:31 D74445161E58644309F858342F5E265C 19691008 ----a-w- C:\Windows\System32\mshtml.dll 2015-05-14 09:46:30 6E2B4875B968324E5844F35A37A79260 4305920 ----a-w- C:\Windows\System32\jscript9.dll 2015-05-14 09:46:29 F2DB87F164BC13AB8EF90FBF5D866B65 664576 ----a-w- C:\Windows\System32\jscript.dll 2015-05-14 09:46:29 C1A32612710492D0C3339E46EC15E333 504320 ----a-w- C:\Windows\System32\vbscript.dll 2015-05-14 09:46:27 DCA2C6E7990771209CDD8E9DA90ED0E2 5120 ----a-w- C:\Windows\System32\shimeng.dll 2015-05-14 09:46:27 D3E8C7FADB758E5D222C639CC65790AD 295936 ----a-w- C:\Windows\System32\apphelp.dll 2015-05-14 09:46:27 715C060150D969B0DE5DD5B365A712AF 20992 ----a-w- C:\Windows\System32\sdbinst.exe 2015-05-14 09:46:27 12E6A172D72AFC626727B8635DD17E39 62464 ----a-w- C:\Windows\System32\aelupsvc.dll 2015-05-14 09:46:24 E981C27FA6C2F45C135DB4AF78D6FE1F 92672 ----a-w- C:\Windows\System32\wudriver.dll 2015-05-14 09:46:24 CFF96E0CE6F81F5968A6D61786642855 131584 ----a-w- C:\Windows\System32\wuauclt.exe 2015-05-14 09:46:24 C7E498E41D92CF8C2EAED9995781A7F7 29696 ----a-w- C:\Windows\System32\wups.dll 2015-05-14 09:46:24 9D68CE45935C439D5082ECB56902124D 566784 ----a-w- C:\Windows\System32\wuapi.dll 2015-05-14 09:46:24 7E5C454A3F986FEBAD075DB8D915917E 2020864 ----a-w- C:\Windows\System32\wuaueng.dll 2015-05-14 09:46:24 751C4859FD46A1461B3FB57252F541D8 33792 ----a-w- C:\Windows\System32\wuapp.exe 2015-05-14 09:46:24 3096CA2455ECDEF83A90F2384BD305D3 3088384 ----a-w- C:\Windows\System32\wucltux.dll 2015-05-14 09:46:24 131BDD454DD1AA5BF732886DA6A3B0FA 11776 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll 2015-05-14 09:46:24 124FD729FB2B621EB32E9B34B8D49A34 50176 ----a-w- C:\Windows\System32\WinSetupUI.dll 2015-05-14 09:46:24 0430D8CE2C251BAD25CF809CEA3D2153 35328 ----a-w- C:\Windows\System32\wups2.dll 2015-05-14 09:46:24 031C03C9639CE0D294695968C68A5775 173056 ----a-w- C:\Windows\System32\wuwebv.dll 2015-05-14 09:46:06 955200436F29C751FEB30F139F0664B1 19968 ----a-w- C:\Windows\System32\jnwmon.dll 2015-05-14 09:46:06 418AEC0CE89A13200F2820079B9CDFD9 216064 ----a-w- C:\Windows\System32\InkEd.dll 2015-05-14 09:46:03 C489D8B4D8C64F20CC75A93F541F7D91 123904 ----a-w- C:\Windows\System32\poqexec.exe 2015-05-14 09:41:40 DA5B856A037872BE089CA6967C7050C5 1237504 ----a-w- C:\Windows\System32\msxml3.dll 2015-05-14 09:41:40 78492CF3C3697FB5AF4EAABB2BAF8595 2048 ----a-w- C:\Windows\System32\msxml3r.dll ====== C:\Windows\system32\drivers ===== 2015-05-18 10:44:03 04B309A1A653177994630C2773E659F1 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-05-18 10:43:38 3C21F7E95FFCA33EF1A83AA33D9663CF 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-05-18 10:43:38 167BCE00050B19DA25065335645A3C7A 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-05-18 10:43:38 155BF99B2B87E0C298CAC3B4B8136D83 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-05-18 10:30:13 FAABB4A109ECAC9594342EDFE6ADF5D8 26096 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2015-05-18 10:29:13 5F83BD0F09F356D4B2A77D5702D6707B 271248 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys 2015-05-14 09:48:01 76C0D35167B1369C68388FEDB56A3048 137664 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-05-14 09:48:01 6DD2A1064DD8AFBED22E71176E2AF59B 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-05-14 09:46:01 487569E5DA56A5A432FF8AF6D3599CF9 514560 ----a-w- C:\Windows\System32\drivers\http.sys ====== C:\Windows\Tasks ====== 2015-05-19 08:43:23 5D6E8E5A7D1E7F712EC91AF526502FC8 3490 ----a-w- C:\Windows\system32\Tasks\AutoKMS 2015-05-18 09:44:12 F0A5F14E5108EDF653B7983B1C36B74B 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-18 09:44:12 E8DA11B5D0EA5C8E50C61F4EC42532D3 3878 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater 2015-05-18 09:18:44 7B8030F50CBD26A75B5FD234488F8889 3162 ----a-w- C:\Windows\system32\Tasks\{DE58A327-0975-4EE0-BD9A-BC590D901081} 2015-05-18 09:10:11 33A408C80FAB8DD964E3E5869BA9ED47 3114 ----a-w- C:\Windows\system32\Tasks\{E95FA466-9250-4EF4-8EA8-653FA75D9931} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-05-19 06:35:57 -------- d-----w- C:\Program Files\Hewlett-Packard 2015-05-18 18:09:36 -------- d-----w- C:\Program Files\WinRAR 2015-05-18 16:40:00 -------- d-----w- C:\Program Files\trend micro 2015-05-18 09:35:13 -------- d-----w- C:\Program Files\IncrediMail 2015-05-18 09:11:09 -------- d-----w- C:\Program Files\Windows Installer Clean Up 2015-05-18 09:10:16 -------- d-----w- C:\Program Files\MSECACHE 2015-05-15 15:27:23 -------- d-----w- C:\Program Files\Common Files\Adobe 2015-05-15 15:27:23 -------- d-----w- C:\Program Files\Adobe 2015-05-15 12:09:32 -------- d-----w- C:\Program Files\HP 2015-05-15 11:26:40 -------- d-----w- C:\Program Files\Photo Notifier and Animation Creator 2015-05-14 09:29:48 -------- d-----w- C:\Program Files\CDBurnerXP ======= C: ===== 2015-05-18 10:39:15 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS 2015-05-18 10:39:15 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS ====== C:\Users\Edpo\AppData\Roaming ====== 2015-05-19 08:37:52 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-05-19 08:37:52 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-05-19 08:37:52 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-05-19 08:37:52 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-05-19 08:37:51 -------- d-----w- C:\Users\Edpo\AppData\Local\Temp 2015-05-19 06:38:07 -------- d-----w- C:\Users\Edpo\AppData\Local\Hewlett-Packard 2015-05-18 18:10:01 -------- d-----w- C:\Users\Edpo\AppData\Roaming\WinRAR 2015-05-18 18:09:46 -------- d-----w- C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-15 15:28:12 -------- d-----w- C:\Users\Edpo\AppData\Locallow\Adobe 2015-05-15 12:14:05 -------- d-----w- C:\Users\Edpo\AppData\Local\ElevatedDiagnostics 2015-05-15 11:19:41 -------- d-----w- C:\Users\Edpo\AppData\Local\Adobe 2015-05-14 09:29:50 -------- d-----w- C:\Users\Edpo\AppData\Roaming\Canneverbe Limited ====== C:\Users\Edpo ====== 2015-05-19 07:06:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-05-19 07:02:40 E18453B4073158DA50AB41F5B1F79240 149654480 ----a-w- C:\Users\Edpo\Downloads\LJP1100_P1560_P1600_Full_Solution.exe 2015-05-18 18:09:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-18 18:09:18 7CC13CDC3CE682596E5B69A3569120E3 2141856 ----a-w- C:\Users\Edpo\Downloads\wrar521nl.exe 2015-05-18 17:58:42 B9FF555660A02DC4D3EAFF58357BE02A 3109248 ----a-w- C:\Users\Edpo\Downloads\SpyHunter-Installer (4).exe 2015-05-18 17:58:17 B9FF555660A02DC4D3EAFF58357BE02A 3109248 ----a-w- C:\Users\Edpo\Downloads\SpyHunter-Installer (3).exe 2015-05-18 17:57:10 93633F48F52427099B60C4664C06E9EC 3109248 ----a-w- C:\Users\Edpo\Downloads\SpyHunter-Installer (2).exe 2015-05-18 17:56:48 B9FF555660A02DC4D3EAFF58357BE02A 3109248 ----a-w- C:\Users\Edpo\Downloads\SpyHunter-Installer (1).exe 2015-05-18 17:55:26 B9FF555660A02DC4D3EAFF58357BE02A 3109248 ----a-w- C:\Users\Edpo\Downloads\SpyHunter-Installer.exe 2015-05-18 17:13:50 33C195F50AAECA7337A7B493359E91F3 2209792 ----a-w- C:\Users\Edpo\Downloads\adwcleaner_4.204.exe 2015-05-18 16:38:33 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Edpo\Downloads\RSIT.exe 2015-05-18 16:31:53 -------- d-----w- C:\Users\Edpo\Start Menu 2015-05-18 10:42:44 6CDEAC78E5677E304477FB36351C3195 21546080 ----a-w- C:\Users\Edpo\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-18 09:41:24 0B1BA4DC442EE9C6CE87DF9DF03ABD3F 927920 ----a-w- C:\Users\Edpo\Downloads\uninstall_flash_player.exe 2015-05-18 09:35:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail 2015-05-18 09:34:10 72DFE906ACB4D2156B788B3F37C862CE 13510056 ----a-w- C:\Users\Edpo\Downloads\IncrediMailSetup_nl (2).exe 2015-05-18 09:30:18 6A530554E4E8FBF171FAD2A34F70F89D 755056 ----a-w- C:\Users\Edpo\Downloads\Malavida_Download_Manager.exe 2015-05-18 09:19:16 72DFE906ACB4D2156B788B3F37C862CE 13510056 ----a-w- C:\Users\Edpo\Downloads\IncrediMailSetup_nl (1).exe 2015-05-18 09:09:24 D5F4AB6063B3B3795B1C0F0CF30C7DFB 359656 ----a-w- C:\Users\Edpo\Downloads\msicuu2.exe 2015-05-18 08:44:46 72DFE906ACB4D2156B788B3F37C862CE 13510056 ----a-w- C:\Users\Edpo\Downloads\IncrediMailSetup_nl.exe 2015-05-15 18:03:17 -------- d-----w- C:\ProgramData\HP 2015-05-15 18:01:39 -------- d-----w- C:\ProgramData\Hewlett-Packard 2015-05-15 15:26:54 -------- d-----w- C:\ProgramData\Adobe 2015-05-15 11:14:36 -------- d-----w- C:\ProgramData\Photo Notifier and Animation Creator 2015-05-15 10:56:06 -------- d-----w- C:\Users\Edpo\OneDrive 2015-05-15 10:55:30 -------- d-----w- C:\ProgramData\Microsoft OneDrive 2015-05-15 07:03:57 -------- d-----w- C:\ProgramData\IncrediMail 2015-05-15 07:03:57 -------- d-----w- C:\ProgramData\IM 2015-05-14 10:19:41 EE8E61F376F7F3E309525C975642C989 1483336 ----a-w- C:\Users\Edpo\Downloads\mediacreationtool (2).exe 2015-05-14 09:56:59 EE8E61F376F7F3E309525C975642C989 1483336 ----a-w- C:\Users\Edpo\Downloads\mediacreationtool (1).exe 2015-05-14 09:27:21 22188B22BE5ABA25102B0D0EC0EA2553 5644312 ----a-w- C:\Users\Edpo\Downloads\cdbxp_setup_4.5.5.5571.exe 2015-05-14 09:21:10 EE8E61F376F7F3E309525C975642C989 1483336 ----a-w- C:\Users\Edpo\Downloads\mediacreationtool.exe ====== C: exe-files == === C: other files == 2015-05-18 18:03:23 CF8DB399F07ED463D86110E503673F6C 3094887 ----a-w- C:\Users\Edpo\Downloads\Spyhunter.keygen.zip 2015-05-18 17:22:00 EA2D0730CFE878E205DC080725EEDA6E 4588 ----a-r- C:\Users\Edpo\AppData\Local\IM\Identities\{FCA0156D-2703-4BE8-9640-CE7951E1C559}\Message Store\Messages\1\{5E660F56-2F0E-41D4-BF28-85D3F7CC33BC}\Attachments\diensten sheet.zip 2015-05-18 17:05:46 13228287F916FD27AD8BE3E21491ABE4 44464044 ----a-w- C:\Users\Edpo\Downloads\Spyhunter version 4 cracked.zip 2015-05-18 10:43:38 3C21F7E95FFCA33EF1A83AA33D9663CF 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-05-18 10:43:38 155BF99B2B87E0C298CAC3B4B8136D83 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-05-18 10:39:15 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS 2015-05-18 10:39:15 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS 2015-05-18 10:30:13 FAABB4A109ECAC9594342EDFE6ADF5D8 26096 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2015-05-18 10:29:13 5F83BD0F09F356D4B2A77D5702D6707B 271248 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys 2015-05-15 12:43:27 E34581F5F16D331ACD89C056A5A16DF7 10693140 ----a-w- C:\Users\Edpo\OneDrive\map van tante\bewijzen schenkingen.zip 2015-05-15 12:43:27 DBA07ACE8D92139BCAB6C6B2A461B36A 2439569 ----a-w- C:\Users\Edpo\OneDrive\map van tante\duitsland.zip 2015-05-15 12:43:27 D0E5F954E835BDECECA929CEC8CB0674 2392033 ----a-w- C:\Users\Edpo\OneDrive\map van tante\onkosten tante.zip 2015-05-15 12:43:27 799CB83A08A067DB13D53F37E8D791BF 7330584 ----a-w- C:\Users\Edpo\OneDrive\map van tante\OneDrive-2014-04-01.zip 2015-05-15 12:43:27 799CB83A08A067DB13D53F37E8D791BF 7330584 ----a-w- C:\Users\Edpo\OneDrive\map van tante\documenten tante.zip 2015-05-15 12:43:27 05B26ABA2E2A02000C1243093D51B536 37946 ----a-w- C:\Users\Edpo\OneDrive\map van tante\feest 90 jaar.zip 2015-05-15 12:42:21 FF3D482B4601B6AD09F51FFA12A828B6 1087137 ----a-w- C:\Users\Edpo\OneDrive\map van tante\OneDrive-2014-04-01 (1).zip 2015-05-14 09:48:01 76C0D35167B1369C68388FEDB56A3048 137664 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-05-14 09:48:01 6DD2A1064DD8AFBED22E71176E2AF59B 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-05-14 09:47:48 242B118BDC00DFB670A8FC242952E4D9 20104 ----a-w- C:\Windows\System32\appraiser\nxquery.sys 2015-05-14 09:47:43 33A60554882FDF59CDA3E1806370BBA1 249784 ----a-w- C:\Windows\System32\clfs.sys 2015-05-14 09:47:10 E62FA8858669B48E66DA21C366257F64 2382336 ----a-w- C:\Windows\System32\win32k.sys 2015-05-14 09:46:01 487569E5DA56A5A432FF8AF6D3599CF9 514560 ----a-w- C:\Windows\System32\drivers\http.sys ======== System Restore Points ======== No Restore Point in System. ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-238867565-741587740-316287982-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Spotify Web Helper"="C:\Users\Edpo\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Spotify"="C:\Users\Edpo\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "HPUsageTrackingLEDM"="C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe C:\Program Files\HP\HP UT LEDM\" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Spotify Web Helper"="C:\Users\Edpo\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Spotify"="C:\Users\Edpo\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18-05-2015 11:44] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [24-06-2014 04:00] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [24-06-2014 04:00] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\{70FFE6C5-2DC2-4A20-A461-4F9BEA895C25}" [J:\Microsoft Works\Setup.exe] "C:\Windows\system32\tasks\{F70F2F0B-9510-4658-9668-0098F844492C}" [J:\Microsoft Works\Setup.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [18-05-2015 12:29] ==== Chromium Look ====================== Google Chrome Version: 42.0.2311.152 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[24-03-2015 12:37] Bookmark Manager - Edpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Avast Online Security - Edpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Edpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?pc=AV01" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?pc=AV01" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" ==== Reset Google Chrome ====================== C:\Users\Edpo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Edpo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Edpo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Edpo\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Edpo\Desktop\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe C:\Users\Edpo\Desktop\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\Edpo\Desktop\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe C:\Users\Edpo\Desktop\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\Users\Edpo\Desktop\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pubs.exe C:\Users\Edpo\Desktop\Spotify.lnk - C:\Users\Edpo\AppData\Roaming\Spotify\Spotify.exe C:\Users\Edpo\Desktop\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Avast Premier.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Public\Desktop\Avast SafeZone.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe /sfzonebrowser C:\Users\Public\Desktop\CDBurnerXP.lnk - C:\Program Files\CDBurnerXP\cdbxpp.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\IncrediMail.lnk - C:\Program Files\IncrediMail\Bin\IncMail.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Microsoft Download Manager.lnk - C:\Windows\Installer\{654977DB-0001-0002-0001-EABD228DDE8B}\DMClient.ico C:\Users\Public\Desktop\Secure passwords.lnk - C:\Program Files\IncrediMail\Bin\SecurePasswords_Desktop.url C:\Users\Public\Desktop\Shop for HP Supplies.lnk - C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\Edpo\AppData\Roaming\Spotify\Spotify.exe C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk - C:\Users\Edpo\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR-handleiding.lnk - C:\Program Files\WinRAR\Rar.txt C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Wat is nieuw in de meest recente versie.lnk - C:\Program Files\WinRAR\WhatsNew.txt C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\winrar.chm C:\Users\Edpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk - C:\Program Files\CDBurnerXP\cdbxpp.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk - C:\Program Files\IncrediMail\Bin\IncMail.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Premier.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast SafeZone.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe /sfzonebrowser C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games.lnk - C:\Program Files\IncrediMail\Bin\IncrediGamesStart.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Shop for HP Supplies.lnk - C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail\IncrediMail Gallery.lnk - C:\Program Files\IncrediMail\Bin\IncrediGalleryStart.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail\IncrediMail.lnk - C:\Program Files\IncrediMail\Bin\IncMail.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail\Letter Creator.lnk - C:\Program Files\IncrediMail\Bin\ImLc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail\Uninstall IncrediMail.lnk - C:\Program Files\IncrediMail\Bin\ImSetup.exe /uninstallProduct /addon:incredimail C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pubs.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Send to OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Skype for Business 2015.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Verzenden naar OneNote 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Hulpprogramma's van Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Hulpprogramma's van Office 2013\Lync opnamebeheer.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Hulpprogramma's van Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\sscicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Skype for Business Recording Manager.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR-handleiding.lnk - C:\Program Files\WinRAR\Rar.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Wat is nieuw in de meest recente versie.lnk - C:\Program Files\WinRAR\WhatsNew.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\winrar.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Edpo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Edpo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk - C:\Program Files\IncrediMail\Bin\IncMail.exe C:\Users\Edpo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Edpo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Edpo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Edpo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Edpo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Edpo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe ==== Uninstall List x86 ====================== Adobe Flash Player 17 ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Avast Premier [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Avast] Buzzdock [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{cfd32d46-7d3f-483f-bace-7172aec5592d}] CDBurnerXP [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1] Dropbox [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dropbox] Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] HP Support Solutions Framework [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FC3C2B77-6800-48C6-A15D-9D1031130C16}] hppLaserJetService [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}] hppP1100P1560P1600SeriesLaserJetService [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}] hppusgP1100P1560P1600Series [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{853F464A-B2B8-404E-BA3E-B98FF6862C41}] HPSSupply [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}] IncrediMail [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{81CF09ED-5FB0-4E0A-A83F-0F514DDEABBC}] IncrediMail 2.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail] Malwarebytes Anti-Malware versie 2.1.6.1022 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] MarketResearch [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{175F0111-2968-4935-8F70-33108C6A4DE3}] Microsoft .NET Framework 4.5.1 (Nederlands) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043] Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1A91D86E-3124-3574-A4BF-406761265CFA}] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4903D172-DCCB-392F-93A3-34CA9D47FE3D}] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft Download Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{654977DB-0001-0002-0001-EABD228DDE8B}] Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUS] Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}] Microsoft Visual Studio 2010 Tools for Office Runtime (x86) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}] Microsoft Visual Studio 2010 Tools for Office Runtime (x86) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)] Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D4EE62A5-B4BC-3C6C-9CF9-083AFC45F201}] Spotify [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spotify] Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD] Windows Installer Clean Up [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}] WinRAR 5.21 (32-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver] ==== HijackThis Entries ====================== O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Edpo\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Edpo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall (avast! Firewall) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS] Spotify Web Helper = "C:\Users\Edpo\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [Spotify Ltd] Spotify = "C:\Users\Edpo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized [Spotify Ltd] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [Avast Software s.r.o.] (Default) = (empty string) [file not found] HPUsageTrackingLEDM = "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Skype for Business Click to Call BHO -> {HKLM...CLSID} = Skype for Business Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = avast! Online Security -> {HKLM...CLSID} = avast! Online Security \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [Avast Software s.r.o.] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [MS] SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [MS] SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [MS] "DropboxExt1"\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt2"\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt3"\(Default) = {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt4"\(Default) = {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt5"\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt6"\(Default) = {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt7"\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt8"\(Default) = {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {472083B0-C522-11CF-8763-00608CC02F24} = avast -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] {B28AA736-876B-46DA-B3A8-84C5E30BA492} = Web Sites -> {HKLM...CLSID} = Web Sites \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\WXPNSE.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\VISSHE.DLL [MS] {8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [MS] {CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [MS] {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OLKFSTUB.DLL [MS] {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807583E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <> osf\CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1} -> {HKLM...CLSID} = Protocol Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [MS] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Edpo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ SoftwareSASGeneration = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ CDBurnerXP\ Provider = CDBurnerXP InvokeProgID = CDBurnerXPOpen InvokeVerb = open HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = "C:\Program Files\CDBurnerXP\cdbxpp.exe" /od "%1" [null data] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\Edpo\AppData\Local\Microsoft\Windows Sidebar\Settings.ini "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCalendar.Gadget" Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] AutoKMS -> launches: C:\Windows\AutoKMS\AutoKMS.exe [file not found] avast! Emergency Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [Avast Software s.r.o.] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] {70FFE6C5-2DC2-4A20-A461-4F9BEA895C25} -> launches: J:\Microsoft Works\Setup.exe [file not found] {7498F49F-12B5-4C9C-8289-4F3843E46272} -> launches: C:\Windows\system32\pcalua.exe -a "J:\Microsoft Works\Setup.exe" -d "J:\Microsoft Works" [MS] {AC2587DF-CDE3-4635-80D0-861F01C4401D} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Windows.old\Program Files\IncrediMail\Bin\ImSetup.exe" -d "C:\Windows.old\Program Files\IncrediMail\Bin" [MS] {DE58A327-0975-4EE0-BD9A-BC590D901081} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files\IncrediMail\Bin\ImSetup.exe" -c /uninstallProduct /addon:incredimail [MS] {E95FA466-9250-4EF4-8EA8-653FA75D9931} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Edpo\Downloads\msicuu2.exe -d C:\Users\Edpo\Downloads [MS] {EF4A6B20-F2F1-4500-88FA-B8B43558D844} -> launches: C:\Windows\system32\pcalua.exe -a "D:\works\Microsoft Works\Setup.exe" -d "D:\works\Microsoft Works" [MS] {F70F2F0B-9510-4658-9668-0098F844492C} -> launches: J:\Microsoft Works\Setup.exe [file not found] C:\Windows\System32\Tasks\Microsoft\Office Office 15 Subscription Heartbeat -> launches: %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [MS] OfficeTelemetryAgentFallBack -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880 [MS] OfficeTelemetryAgentLogOn -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx launchtrayprocess -> launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS] refreshgwxconfig -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS] refreshgwxcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [MS] runappraiser -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RunAppraiser [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform SvcRestartTask -> (HIDDEN!) launches: sc.exe start sppsvc [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Defender MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS] MpIdleTask -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS] C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform SvcRestartTask -> (HIDDEN!) launches: %systemroot%\system32\sc.exe start osppsvc [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 20 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Send to OneNote MenuText = Se&nd to OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll [MS] {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ ButtonText = Skype for Business Click to Call MenuText = Skype for Business Click to Call CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> {HKLM...CLSID} = Skype for Business Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = OneNote Lin&ked Notes MenuText = OneNote Lin&ked Notes CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] <> Tabs = about:newtab [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Avast Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [Avast Software s.r.o.] Avast Firewall, avast! Firewall, "C:\Program Files\AVAST Software\Avast\afwServ.exe" [Avast Software s.r.o.] AvastVBox COM Service, AvastVBoxSvc, "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [Avast Software] Diagnostics Tracking Service, DiagTrack, C:\Windows\System32\svchost.exe -k utcsvc {C:\Windows\system32\diagtrack.dll [MS]} HP LaserJet Service, HP LaserJet Service, "C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe" [null data] HP Support Solutions Framework Service, HPSupportSolutionsFrameworkService, "C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe" [null data] MBAMScheduler, MBAMScheduler, "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation] MBAMService, MBAMService, "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [Malwarebytes Corporation] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> PEVSystemStart, Service Keyboard Driver Filters: ------------------------ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ <> UpperFilters = <> aswKbd [Avast Software s.r.o.],kbdclass [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ HP1100LM\Driver = HP1100LM.DLL [null data] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Edpo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Edpo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54SQWXP4 will be deleted at reboot C:\Users\Edpo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBZOSXK8 will be deleted at reboot C:\Users\Edpo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMNNKIPL will be deleted at reboot C:\Users\Edpo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STHEE71S will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Edpo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=266 folders=74 195738284 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Edpo\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Edpo\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Edpo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54SQWXP4" not found "C:\Users\Edpo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBZOSXK8" not found "C:\Users\Edpo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMNNKIPL" not found "C:\Users\Edpo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STHEE71S" not found ==== EOF on di 19-05-2015 at 11:32:15,00 ======================