Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Ivan on za 13-06-2015 at 11:17:58,29.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: E:\$Installs\Y_currently installed\$virus etc checkers\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2015-05-13-183224.log	101879 bytes

==== Empty Folders Check ======================

C:\PROGRA~3\Wondershare Player deleted successfully
C:\Users\Administrator\AppData\Local\EmieSiteList deleted successfully
C:\Users\Administrator\AppData\Local\EmieUserList deleted successfully
C:\Users\Administrator\AppData\Local\GHISLER deleted successfully

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Ivan\AppData\Local\Temp ====
2015-06-12 22:54:40	B8C997E772BE343E1664FEE14C1FB9B7	28849904	----a-w-	C:\Users\Ivan\AppData\Local\Temp\vlc-2.2.1-win32.exe
2015-06-09 12:14:15	92DC6EF532FBB4A5C3201469A5B5EB63	23312	----a-w-	C:\Users\Administrator\AppData\Local\Temp\is-MA7TT.tmp\_isetup\_shfoldr.dll
2015-06-09 12:14:15	5CBCDC359D9FA539458B65D78E1B1E8F	141824	----a-w-	C:\Users\Administrator\AppData\Local\Temp\is-MA7TT.tmp\InstallerSupportLib.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-06-06 10:14:35	E87D4371B24BC9E5BAE95AEA60FFD959	193536	----a-w-	C:\Windows\Sysnative\aepic.dll
2015-06-06 10:14:35	CFF429F2234C1D1A5993E80F46C37CFB	1119232	----a-w-	C:\Windows\Sysnative\aeinv.dll
2015-06-06 10:14:35	B23AB4C401E2DE02C47B7497D41E2318	757248	----a-w-	C:\Windows\Sysnative\invagent.dll
2015-06-06 10:14:35	6F07FC190DBCB42C8A5319235F72F906	423424	----a-w-	C:\Windows\Sysnative\devinv.dll
2015-06-06 10:14:35	6E2EB5A36C3CCD917F7FF9BED7C1390E	45568	----a-w-	C:\Windows\Sysnative\acmigration.dll
2015-06-06 10:14:35	52DEF4C743C2EABD6BD3EDC790A0E778	1021440	----a-w-	C:\Windows\Sysnative\appraiser.dll
2015-06-06 10:14:35	2DCA988113A02EB9BCB98A5DC2D34E57	700416	----a-w-	C:\Windows\Sysnative\generaltel.dll
2015-06-06 10:14:34	587BBA3B3959144334700EC48232712F	227328	----a-w-	C:\Windows\Sysnative\aepdu.dll
====== C:\Windows\Sysnative\drivers =====
2015-05-19 07:52:58	BDE56ADE3E236E659B3A4ADC3AD71413	287200	----a-w-	C:\Windows\Sysnative\drivers\avgidsdrivera.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-06-12 08:56:54	--------	d-----w-	C:\Program Files\Common Files\AV
======= C:\PROGRA~2 =====
2015-06-09 08:49:20	--------	d-----w-	C:\PROGRA~2\AVG
======= C: =====
====== C:\Users\Ivan\AppData\Roaming ======
2015-06-12 08:56:42	--------	d-----w-	C:\Users\Default\AppData\Roaming\TuneUp Software
2015-06-12 08:56:42	--------	d-----w-	C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-06-12 08:55:46	--------	d-----w-	C:\Users\Ivan\AppData\Local\Avg
2015-06-12 08:55:46	--------	d-----w-	C:\Users\Administrator\AppData\Local\Avg
2015-06-12 08:32:12	BD115D37D3E02880CD5F398E59EB269C	3554	----a-w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\WER3033.tmp.WERInternalMetadata.xml
2015-06-12 08:32:12	AC4CAD591A4FE0D3CF45CA4A3698F8FC	173279	----a-w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\WER3053.tmp.secure.hdmp
2015-06-09 12:12:06	--------	d-----w-	C:\Users\Administrator\AppData\Local\GWX
2015-06-09 12:11:45	--------	d-----w-	C:\Users\Administrator\AppData\Roaming\AVG2015
2015-06-09 12:11:44	--------	d-----w-	C:\Users\Administrator\AppData\Local\Avg2015
2015-06-09 12:11:39	--------	d-----w-	C:\Users\Administrator\AppData\Roaming\Logitech
2015-06-09 12:11:36	--------	d-----w-	C:\Users\Administrator\AppData\Roaming\Motorola Mobility
2015-06-09 08:50:20	--------	d-----w-	C:\Users\Ivan\AppData\Roaming\AVG2015
2015-06-09 08:50:09	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015
2015-06-09 08:49:54	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015
2015-06-09 08:49:26	--------	d-----w-	C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2015
2015-06-09 08:47:28	--------	d-----w-	C:\Users\Ivan\AppData\Local\Avg2015
2015-06-07 08:03:12	--------	d-----w-	C:\Users\Ivan\AppData\Local\GWX
2015-05-20 12:57:27	--------	d-----w-	C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet
2015-05-20 12:57:07	--------	d-----w-	C:\Users\Ivan\AppData\Local\Spotnet
2015-05-18 20:18:46	--------	d-----w-	C:\Users\Ivan\AppData\Local\SquirrelTemp
====== C:\Users\Ivan ======
2015-06-09 18:01:09	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Ivan\Downloads\RSITx64.exe
2015-06-09 08:49:53	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-09 08:49:40	--------	d-----w-	C:\ProgramData\AVG2015
2015-05-20 11:49:51	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0
2015-05-18 12:59:41	--------	d-----w-	C:\ProgramData\Spotnet

====== C: exe-files ==
2015-06-12 22:54:40	B8C997E772BE343E1664FEE14C1FB9B7	28849904	----a-w-	C:\Users\Ivan\AppData\Local\Temp\vlc-2.2.1-win32.exe
2015-06-12 08:57:21	5459B94B64CA8467E6453B3313F02383	4227024	----a-w-	C:\Program Files\Common Files\AV\AVG AntiVirus 2015\upgrade.exe
2015-06-12 08:55:18	EA3A530CA50D240360C3CA758380CC21	70096	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avguirux.exe
2015-06-12 08:55:18	DD722808DA0C0B18FE67DB8A6D71C384	22992	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgrdtestx.exe
2015-06-12 08:55:18	9B69E01A5A4AA4795F5548C02E877B23	24016	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgrdtesta.exe
2015-06-12 08:55:18	0F0F7BFA5BF6C19794325692F917E58B	6816000	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
2015-06-09 20:51:55	74D7DFE507EA48737061EA8E990157E8	2212944	----a-w-	C:\Program Files (x86)\Google\Update\Install\{C2229DC0-9F3F-4CB1-AF93-D74CF006F17B}\43.0.2357.124_43.0.2357.81_chrome_updater.exe
2015-06-09 20:51:55	74D7DFE507EA48737061EA8E990157E8	2212944	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.124\43.0.2357.124_43.0.2357.81_chrome_updater.exe
2015-06-09 18:01:09	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Ivan\Downloads\RSITx64.exe
2015-06-09 12:14:02	CBC2F7E3ACDA7050C0DEF2AF8672CBD3	20179848	----a-w-	C:\ProgramData\Zoner\NLMDB\product.0039\autoupdate.us\ZPS16_Update_Build09.exe
2015-06-09 08:52:00	114DEA326D9A95F27C53BFCE3040F3C2	7151856	----a-w-	C:\Program Files (x86)\AVG\AVG2015\Notification\Launcher.exe
2015-06-07 11:15:02	66A073F454728E1D41C9521669F4DE55	1494528	----a-w-	C:\Users\Ivan\AppData\Local\Spotnet\app-2.0.0.91\Squirrel.exe
2015-06-07 11:14:55	F4F31ECE4ED0DBA98F740E20D323BA59	2516992	----a-w-	C:\Users\Ivan\AppData\Local\Spotnet\app-2.0.0.91\Spotnet.exe
2015-06-07 11:14:55	564BE7D7967C1EC1E6BE125C013DE41F	159232	----a-w-	C:\Users\Ivan\AppData\Local\Spotnet\app-2.0.0.91\SABnzbd\win\unzip\unzip.exe
2015-06-07 11:14:55	2EAAE1A484A7D7DA5EAA658F8C734AD9	330328	----a-w-	C:\Users\Ivan\AppData\Local\Spotnet\app-2.0.0.91\SABnzbd\win\unrar\x64\UnRAR.exe
2015-06-07 11:14:54	E6FDBB66A816B3D1D96A811069442AC8	229376	----a-w-	C:\Users\Ivan\AppData\Local\Spotnet\app-2.0.0.91\SABnzbd\win\par2\par2-classic.exe
2015-06-07 11:14:54	D76C614A5810FDFAA611EE673C6737ED	309848	----a-w-	C:\Users\Ivan\AppData\Local\Spotnet\app-2.0.0.91\SABnzbd\win\unrar\UnRAR.exe
2015-06-07 11:14:54	D498F9376B13FE20DB972F7155E6A89C	106496	----a-w-	C:\Users\Ivan\AppData\Local\Spotnet\app-2.0.0.91\SABnzbd\SABnzbd.exe
2015-06-07 11:14:54	ABCAF37BDE149152CA8AB766736D4ADC	515072	----a-w-	C:\Users\Ivan\AppData\Local\Spotnet\app-2.0.0.91\SABnzbd\win\par2\x64\par2.exe
2015-06-07 11:14:54	1977F54AFB662549DCE68E26D6E48178	423936	----a-w-	C:\Users\Ivan\AppData\Local\Spotnet\app-2.0.0.91\SABnzbd\win\par2\par2.exe
2015-06-06 10:47:12	B1798BC27E40983B12FEFD0D85C05B3F	873800	----a-w-	C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\SwReporter\3.21.0\software_reporter_tool.exe
2015-06-06 10:11:50	2D7D54B47ACFAB94671E3C97B2D2E639	1106512	----a-w-	C:\Program Files (x86)\Google\Update\Install\{0496E3C9-B12F-4AF7-91E7-BF9513F829C9}\43.0.2357.81_43.0.2357.65_chrome_updater.exe
=== C: other files ==
2015-06-13 09:05:57	DE0983FE4B830699312D35A990B3AE1B	1945	----a-w-	C:\Users\Ivan\AppData\Local\Temp\_MEI17362\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2015-06-13 09:05:56	82F5C942549405F61A8808D0EA0FA9E2	25575	----a-w-	C:\Users\Ivan\AppData\Local\Temp\_MEI17362\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2015-06-07 11:14:53	E9F116BBF6B308E4D1842CF374EAB3F0	1574961	----a-w-	C:\Users\Ivan\AppData\Local\Spotnet\app-2.0.0.91\SABnzbd\lib\sabhelper.zip
2015-06-07 11:14:53	5C9CE8E90051C79A643B9E1A16BEAC66	5924051	----a-w-	C:\Users\Ivan\AppData\Local\Spotnet\app-2.0.0.91\SABnzbd\lib\sabnzbd.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"="C:\Users\Ivan\AppData\Roaming\Copy\CopyAgent.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3258346545-2544975186-4239377297-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Directory Opus Desktop Dblclk"="C:\Program Files (x86)\$tools\Directory Opus\dopusrt.exe /dblclk"
"Google Update"="C:\Users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe -s"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"IceDriveClient"="C:\Program Files (x86)\KPN\Opslag Online\VirtualDrive.exe"
"Remote Control Editor"="C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe"
"Viber"="C:\Users\Ivan\AppData\Local\Viber\Viber.exe StartMinimized"
"GoogleChromeAutoLaunch_C76D497934B1A0EE0E3BF23C3F10F9A7"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"VoipConnect"="C:\Program Files (x86)\$internet\$VOIP\VoipConnect\voipconnect.exe -nosplash -minimized"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"="C:\Users\Ivan\AppData\Roaming\Copy\CopyAgent.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"KeePass 2 PreLoad"="C:\Program Files (x86)\$various\KeePass Password Safe\KeePass.exe --preload"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"AcronisTibMounterMonitor"="C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe"
"Becwsupa"="C:\Program Files (x86)\ABN AMRO e.dentifier2\wss\becwsupa.exe"
"vmware-tray.exe"="C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Directory Opus Desktop Dblclk"="C:\Program Files (x86)\$tools\Directory Opus\dopusrt.exe /dblclk"
"Google Update"="C:\Users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe -s"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"IceDriveClient"="C:\Program Files (x86)\KPN\Opslag Online\VirtualDrive.exe"
"Remote Control Editor"="C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe"
"Viber"="C:\Users\Ivan\AppData\Local\Viber\Viber.exe StartMinimized"
"GoogleChromeAutoLaunch_C76D497934B1A0EE0E3BF23C3F10F9A7"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"VoipConnect"="C:\Program Files (x86)\$internet\$VOIP\VoipConnect\voipconnect.exe -nosplash -minimized"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2 Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acronis Scheduler2 Service"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acronis Scheduler2Service"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DelaypluginInstall]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DelaypluginInstall"
"hkey"="HKLM"
"command"="C:\\ProgramData\\Wondershare\\Video Converter Ultimate\\DelayPluginI.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPDLR.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesPDLR.exe"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesPreload"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesTrayAgent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Remote Control Editor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Remote Control Editor"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\TerraTec\\Remote\\TTTvRc.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SamsungRapidApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SamsungRapidApp"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\RAPID\\CacheFilter\\SamsungRapidApp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\snp2std]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="snp2std"
"hkey"="HKLM"
"command"="C:\\Windows\\vsnp2std.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Standby]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Standby"
"hkey"="HKLM"
"command"="\"c:\\Program Files (x86)\\Common Files\\Corel\\Standby\\Standby.exe\" -START"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrayServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TrayServer"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\$Multimedia\\MAGIX\\Movies_on_DVD_TV_Edition\\TrayServer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tsnp2std]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tsnp2std"
"hkey"="HKLM"
"command"="C:\\Windows\\tsnp2std.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VDownloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VDownloader"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\$internet\\VDownloader\\VDownloader.exe /silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VoipConnect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VoipConnect"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\$internet\\$VOIP\\VoipConnect\\voipconnect.exe\" -nosplash -minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zoner Photo Studio Autoupdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Zoner Photo Studio Autoupdate"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\$Multimedia\\Photo Studio 16\\Program32\\ZPSTRAY.EXE\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.2 HD Edition.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\PHOTOfunSTUDIO 5.2 HD Edition.lnk"
"backup"="C:\\Windows\\pss\\PHOTOfunSTUDIO 5.2 HD Edition.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\COMMON~1\\PANASO~1\\PHOTOF~1\\AUTOST~1.EXE -e \"C:\\Program Files (x86)\\$Multimedia\\Panasonic\\PHOTOfunSTUDIO 5.2 HD\\PHOTOfunSTUDIO.exe\""
"item"="PHOTOfunSTUDIO 5.2 HD Edition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ivan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^setup.lnk]
"path"="C:\\Users\\Ivan\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\setup.lnk"
"backup"="C:\\Windows\\pss\\setup.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~3\\{F92BF~1\\setup.exe /startup"
"item"="setup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ivan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^superoptimizersetup.lnk]
"path"="C:\\Users\\Ivan\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\superoptimizersetup.lnk"
"backup"="C:\\Windows\\pss\\superoptimizersetup.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~3\\{D7CCE~1\\SUPERO~1.EXE /startup"
"item"="superoptimizersetup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ivan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^YninViewer.lnk]
"backup"="C:\\Windows\\pss\\YninViewer.lnk.Startup"
"backupExtension"=".Startup"
"item"="YninViewer"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\afcdpsrv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\becldr3Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\clr_optimization_v4.0.30319_32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\clr_optimization_v4.0.30319_64]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DUMeterSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Fax]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FileZilla Server]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IDriverT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MotoHelper]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RelevantKnowledge]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SandraAgentSrv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TuneUp.UtilitiesSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Xlight FTP Server]


==== Startup Folders ======================

2013-11-28 19:50:52	1171	----a-w-	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
2012-09-14 13:47:41	1141	----a-w-	C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
2014-02-03 21:07:19	1104	----a-w-	C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
2010-05-05 17:31:51	2251	----a-w-	C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
2013-12-07 18:08:31	180	----a-w-	C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NVIDIA Experience.url
2013-12-03 21:35:46	180	----a-w-	C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nvidia Expirience.url
2011-11-09 11:30:49	2109	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000Core.job --a------ [Undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000UA.job --a------ C:\Users\Ivan\AppData\Local\Facebook\Update\FacebookUpdate.exe [12-07-2012 00:54]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-10-2014 11:29]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-10-2014 11:29]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000Core.job --a------ C:\Users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe [22-10-2014 11:33]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000UA.job --a------ C:\Users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe [22-10-2014 11:33]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Ivan)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000Core" [C:\Users\Ivan\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000UA" [C:\Users\Ivan\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000Core" [C:\Users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000UA" [C:\Users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Motorola Device Manager Initial Update" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\SysNative\tasks\Motorola Device Manager Update" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\SysNative\tasks\SamsungMagician" ["C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe"]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Ivan" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{36F55315-E5E7-4B7B-B9D3-45DD63B9BC5E}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{8E5CE5A4-305C-4FF7-B28B-A7F7EAE9940B}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{14613E83-E147-47DB-8C7A-1585A6628057}" [msiexec.exe]
"C:\Windows\SysNative\tasks\{2320BB52-5D43-4658-BC1D-B8CDB89F9350}" [C:\Program Files (x86)\Skype\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\{B77B32C3-B854-4C49-8E63-6764F7E86316}" ["c:\users\ivan\appdata\local\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS Update Checker" [C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\3jcft8zu.default-1425316423199
user_pref("browser.startup.homepage", "https://www.facebook.com/");
user_pref("browser.search.defaultenginename", "Bing");

ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\3ez57wbs.default
user_pref("browser.startup.homepage", "https://www.facebook.com/");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"support@vdownloader.com"="C:\Program Files (x86)\$internet\VDownloader\Addons\FireFox" [08-04-2014 11:26]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [18-04-2015 21:42]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\hrole8o1.default
- Undetermined - C:\Program Files (x86)\$internet\Mozilla\Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
- Undetermined - C:\Program Files (x86)\$internet\Mozilla\Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
- Default Manager - %ProfilePath%\extensions\DefaultManager@Microsoft

ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\3jcft8zu.default-1425316423199
- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- Magyar helyesrs-ellenrz sztr - %ProfilePath%\extensions\hu@dictionaries.addons.mozilla.org
- Magyar HU Language Pack - %ProfilePath%\extensions\langpack-hu@firefox.mozilla.org.xpi
- Symbaloo bookmarker - %ProfilePath%\extensions\symbaloo-ff-extension@symbaloo.com.xpi

ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\3ez57wbs.default
- Magyar helyesrs-ellenrz sztr - %ProfilePath%\extensions\hu@dictionaries.addons.mozilla.org
- DOM-granskaren DOM Inspector - %ProfilePath%\extensions\inspector@mozilla.org
- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- Undetermined - %ProfilePath%\extensions\{9c21158b-2c76-4d0a-980a-c51fc9cefaa7}.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi

ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Thunderbird\Profiles\fxbvxset.default
- Undetermined - C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\fxbvxset.default\extensions\en-GB@dictionaries.addons.mozilla.org
- Undetermined - C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\fxbvxset.default\extensions\countrylookup@fvds.frih.net
- Undetermined - C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\fxbvxset.default\extensions\{F8147CF4-B9E3-445B-AA87-081ED66548F8}
- Undetermined - C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\fxbvxset.default\extensions\hu@dictionaries.addons.mozilla.org
- Undetermined - C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\fxbvxset.default\extensions\{9c21158b-2c76-4d0a-980a-c51fc9cefaa7}
- Undetermined - C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\fxbvxset.default\extensions\nl-NL@dictionaries.addons.mozilla.org
- Country Lookup - %ProfilePath%\extensions\countrylookup@fvds.frih.net
- British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org
- Hungarian dictionary - %ProfilePath%\extensions\hu@dictionaries.addons.mozilla.org
- Woordenboek Nederlands - %ProfilePath%\extensions\nl-NL@dictionaries.addons.mozilla.org
- send_format_ldap - %ProfilePath%\extensions\send_format_ldap@milimail.org
- Contacts Sidebar - %ProfilePath%\extensions\{4dce973c-25a5-4657-8e37-6c2a85c24a7e}
- Mailbox Alert - %ProfilePath%\extensions\{9c21158b-2c76-4d0a-980a-c51fc9cefaa7}
- Copy Link Name for Thunderbird - %ProfilePath%\extensions\{C632CA78-E184-44BE-9F15-E8183EDDCC0F}
- View Headers Toggle Button - %ProfilePath%\extensions\{CC181FFE-82BD-4c02-907F-4B79C4C404F2}
- Display Mail User Agent - %ProfilePath%\extensions\{F8147CF4-B9E3-445B-AA87-081ED66548F8}
- header scroll extension - %ProfilePath%\extensions\{F8147CF4-B9E3-445B-AA87-081ED66548FA}

ProfilePath: C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\9dxpynrg.default
- Country Lookup - %ProfilePath%\extensions\countrylookup@fvds.frih.net
- British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org
- Magyar helyesrs-ellenrz sztr - %ProfilePath%\extensions\hu@dictionaries.addons.mozilla.org
- Woordenboek Nederlands - %ProfilePath%\extensions\nl-NL@dictionaries.addons.mozilla.org
- Folder Pane View Switcher - %ProfilePath%\extensions\FolderPaneSwitcher@kamens.us.xpi
- Skicka Senare - %ProfilePath%\extensions\sendlater3@kamens.us.xpi
- Send Format LDAP - %ProfilePath%\extensions\send_format_ldap@milimail.org.xpi
- Undetermined - %ProfilePath%\extensions\{9c21158b-2c76-4d0a-980a-c51fc9cefaa7}.xpi
- Google Contacts - %ProfilePath%\extensions\{BDD92442-0534-4D6F-A966-BAB7D561D781}.xpi

ProfilePath: C:\Users\Ivan\AppData\Roaming\TomTom\HOME\Profiles\8q0mqwvh.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Carminat TomTom - %ProfilePath%\extensions\RenaultTheme@tomtom.com

ProfilePath: C:\Users\Juli\AppData\Roaming\Thunderbird\Profiles\la8yr81t.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\3jcft8zu.default-1425316423199
87132527E2256CF6683A18C4EB34DD3B	- C:\Windows\system32\Wat\npWatWeb.dll -	Windows Activation Technologies
77887617FA24E755A5A431E3E28E25E1	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll -	Shockwave for Director / Shockwave for Director
2E661988463BCFA1B95D4DAAB9B0B6FA	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll -	Shockwave Flash
F7DD45B40F54FF7E8BDB76F63D1F7102	- C:\Users\Ivan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -	Unity Player
6622169512C931AC6DD18CBAC037B6FB	- C:\Users\Ivan\AppData\Roaming\TorrentStream\player\npts_plugin.dll -	Torrent Stream P2P Multimedia Plug-in 2
08ACECEB47FAF053C468D8AFE44709AD	- C:\Users\Ivan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll -	Google Update
3CD19649B2C3023D65E67C056457A2BC	- C:\Users\Ivan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -	Facebook Video Calling Plugin


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.124

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cnjfgbikbkcmickdalamlmpmkhmbollm - No path found[]
ipmeajfmcoafocgllabadecddnaabakj - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01-05-2015 11:17]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Ivan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[04-07-2013 00:30]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Comodo Drag&Drop Service - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
Comodo Share Page Service - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf
Google Wallet - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Slides - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Text Mode - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\adelhekhakakocomdfejiipdnaadiiib
Bejeweled - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
Google Docs - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
TV - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh
YouTube - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Symbaloo Bookmarker 0.5.0 - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnjfgbikbkcmickdalamlmpmkhmbollm
Google Search - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Symbaloo - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfnbdccaiknlpdgabdgjijniolkgmoeh
Weerplaza - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\djakjaebiehcbcjclfgifnhipfcobpaa
Logitech Smooth Scrolling - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
Easy WebContent Free HTML Editor - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\encbaekhkcjjmhbcghnlcaiifdmfeokn
Hola Better Internet Engine - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng
Google Sheets - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
AdBlock - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Hola Better Internet - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
TinEye Reverse Image Search - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl
TweetDeck by Twitter - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl
IE Tab - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd
NOS Video - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggmbjghgeahcopdibklblgfkfendefg
Televisie - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioiokildeekemklablpefodkilpfkmgp
SingleFile Core - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma
TweetDeck Launcher - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk
Google Drive App Launcher - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
SingleFile - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
Google Wallet - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Docs PDFPowerPoint Viewer by Google - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn
Gmail - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Wondershare Video Converter Ultimate - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp
Google Search - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Preferences
rk_stats":{"srtt":7921}},"s.weltsport.net:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"s.ytimg.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"s0.2mdn.net:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"scontent-ams2-1.xx.fbcdn.net:443":{"supports_spdy":true},"securepubads.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":8032}},"ssl.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":8598},"supports_spdy":true},"ssl.gstatic.com:443":{"network_stats":{"srtt":8803},"supports_spdy":true},"ssl.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"stats.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":8129},"supports_spdy":true},"storage.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":7178}},"syndication.twitter.com:443":{"supports_spdy":true},"t0.gstatic.com:443":{"network_stats":{"srtt":7481},"supports_spdy":true},"t0.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"t1.gstatic.com:443":{"supports_spdy":true},"t1.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"t2.gstatic.com:443":{"network_stats":{"srtt":7267},"supports_spdy":true},"t2.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"t3.gstatic.com:443":{"network_stats":{"srtt":8132},"supports_spdy":true},"t3.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"themes.googleusercontent.com:443":{"network_stats":{"srtt":7537}},"tpc.googlesyndication.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":7512}},"translate.google.com:443":{"supports_spdy":true},"translate.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"translate.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":6717},"supports_spdy":true},"weltsport.appspot.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.blogblog.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.blogger.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":6447}},"www.facebook.com:443":{"supports_spdy":true},"www.google-analytics.com:443":{"supports_spdy":true},"www.google-analytics.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":10298},"supports_spdy":true},"www.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.nl:443":{"network_stats":{"srtt":10347},"supports_spdy":true},"www.google.nl:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googleadservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":7163},"supports_spdy":true},"www.googleadservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":14649}},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":7716},"supports_spdy":true},"www.googletagmanager.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":8544},"supports_spdy":true},"www.googletagmanager.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googletagservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":8739}},"www.googletagservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":7824}},"www.gstatic.com:443":{"supports_spdy":true},"www.youtube.com:443":{"supports_spdy":true},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":20556}}},"supports_quic":{"address":"192.168.0.102","used_quic":true},"version":3}},"ntp":{"app_page_names":["Apps"]},"partition":{"per_host_zoom_levels":{"2166136261":{"ama.survey.netq.nl":3.8017840169239308}}},"password_bubble":{"nopes":0},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":0,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{},"pref_version":1},"created_by_version":"43.0.2357.81","exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg","gaia_info_update_time":"13078615005325737","icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Ivan","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"D:\\wegermee"},"selectfile":{"last_directory":"D:\\wegermee"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13078182998421446"},"translate_accepted_count":{"en":0,"hu":0},"translate_blocked_languages":["nl"],"translate_denied_count":{"en":1,"hu":1},"translate_last_denied_time":1433714216325.294,"translate_too_often_denied":true,"translate_whitelists":{}}
BDFB","licjnkifamhpbaefhdpacpmihicfbomb":"E797D93A893E6AFB0B088A56E8B37F61F6354CA35335CA087566C89480E61CD4","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"D70E53787D359CC989E0A66C6F73B782BBE999FD9E71CE5E89D6FCB3C2E99BCA","lmjegmlicamnimmfhcmpkclmigmmcbeh":"F38102F63223A2EB20EE912C4B670D1FC59745529F06EDA8EEFC93977CB869CD","mfehgcgbbipciphmccgaenjidiccnmng":"595D2F23FF6F71F15825F9D9C54DAB3A40796913C1C50DC86478EAADB8D1DF0C","mfffpogegjflfpflabcdkioaeobkgjik":"E2F59DDDD3889993183BDA2A7CA30D45A5E83D6F959FB2B1A15EB2B5BA4FB50B","mgndgikekgjfcpckkfioiadnlibdjbkf":"2C7BAE942AC57ACD64E6618597044BE152F17E6BD95A2469CA5F592A4105F7A1","mhhnnpdiclfmdbhammncfhpaonhencaj":"907725219214C6727C6ADBBA11C90A926E5F022A6EC72DF3B6A493FD5DFC2AC5","mhjfbmdgcfjbbpaeojofohoefgiehjai":"5E48C1B76065EDC286230642380AC2AC42449F16A26CD654A05BE6EAA4E3D741","mpiodijhokgodhhofbcjdecpffjipkle":"A7C432281AD6D8CEBA80D5F5152BB5DF6F5240A9C5C4BEF357C0A0D4FF4E17AD","neajdppkdcdipfabeoofebfddakdcjhd":"D13C871C61AE00A93E3ECA133AEF4C48D8909AAFC0AF800403CE74619B41DAA2","nkeimhogjdpnpccoofpliimaahmaaome":"A3DEDFA8CF41CBA7026F2F9FD7FEC196385AEEF2ADE49625AE729656DAF9080D","nmmhkkegccagdldgiimedpiccmgmieda":"1C100DB9E44BD069BDD0C1ECDAAE503DE26336309DCBB2F6A88F369CE0A28D5C","nnbmlagghjjcbdhgmkedmbmedengocbn":"4ED3AF0BAF4927D8CFACC1D2F58F91E4633DBA78FAB72978A6C8C110B5DC34C6","oilipfekkmncanaajkapbpancpelijih":"6CF7C533AA1A1CB904031F8FA5C9CC24FB87B1D7A58C233AB9701B200AC72645","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"CE4114F26276BBE19E8C1743026701A4B0F354C73741CB29BC09C5F67D3CF9FB","phkgflgjcpmlohkfpnlajcpcoklkcbnb":"8E4EBDC1276645994FDEEAA8BEBF6E21F4B4A4E00B85C3D06C0AC03D831C36F8","pjkljhegncpnkpknbcohdijeoejaedia":"D8B14A9BB6F1BA616828A9F4B865A61229C042CCD6921516557A364534A5F365"}},"google":{"services":{"last_username":"71E79106AB8D5D88B1271BBEFCC60467C8156109CFE7D3EFD966D72B60302A97","username":"9EE54769BCF7540AFB171284FB5A58CFF801C8A086E27765049E8C981B4A5647"}},"homepage":"F2D9C9567F837C518D351446B2265BB78B1024BFC15E30A93EC5014E7C44D815","homepage_is_newtabpage":"2B2395E6DFA3977260107429E85AED22E95260AB4312B402619F85BC859BD78F","pinned_tabs":"47702E539D59B71E912C4CC6AF81CB4483CD97AA5977A86071AAD2E38F114856","prefs":{"preference_reset_time":"AE55926C6D9E07433E5430238BF0E237C3B92F633B46E4D8443D701A5F873453"},"profile":{"reset_prompt_memento":"89CD00733AC82F94E4FB04B3942E4020EFB37EC140F3DE82293A24DF59F6B7A7"},"safebrowsing":{"incidents_sent":"46A04F05549309E70AC7A31B14F367EC08C000C8C78740388DAF0B149269896F"},"search_provider_overrides":"2D977A697D3C0FDF9331AC7EAE19E938A90B3E15E1CB00E1E5FB4BFE6DB60BDA","session":{"restore_on_startup":"66CAE1353B262F507AA3F526E78639116B7797CEF8109D2C4F827E29460CF358","startup_urls":"3FF6FCEB3BD3D4AA8862938218A43925D660D610BB867DB81DADD544DA6048FD"},"software_reporter":{"prompt_reason":"C3EBE281AC0441442128658C9F5E46515486AF803009E5833873549F75712687","prompt_seed":"02EB912D0358B2AEBBB8300EFC94EB6AB93B1C3B0C3CD3C87AF5F1C244C7AA5C","prompt_version":"5AFC92C502AE5776F8E8E15BBB2871AD607B6B16559150B47AF24A2970AEA7C7"},"sync":{"remaining_rollback_tries":"AE1B4397EB48FD98BEE9CB156B3971E5DE01B3B2A6D6F2D286672814428D7537"}},"super_mac":"9FE091F1600F2C45DCAA123531C26EF9F3774266D4BCCAD9D59D130A02B2F93A"},"session":{"restore_on_startup":4,"startup_urls":["http://www.symbaloo.com/"]},"sync":{"remaining_rollback_tries":0}}

C:\Users\Juli\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.nl/ig",
"urls_to_restore_on_startup": [ "http://www.google.nl/ig#t_0", "http://www.weerplaza.nl/nederland/1333+(Molenbuurt,+Landgoederenbuurt)/227", "http://www.facebook.com/", "" ]


==== C:\zoek_backup content ======================

C:\zoek_backup (files=219 folders=81 82961195 bytes)

==== EOF on za 13-06-2015 at 11:24:01,83 ======================