Zoek.exe v5.0.0.1 Updated 11-November-2015 Tool run by Niek Limpens on wo 11-11-2015 at 20:44:29,77. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Niek Limpens\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2012-10-29-125456.log 579 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\HanaMobile deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\TVersity deleted successfully C:\PROGRA~2\ubi.com deleted successfully C:\PROGRA~2\COMMON~1\Sony Ericsson deleted successfully C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully C:\PROGRA~3\Ralink deleted successfully C:\PROGRA~3\Ubisoft deleted successfully C:\PROGRA~3\WLInstaller deleted successfully C:\Users\Niek Limpens\AppData\Roaming\AdobeUM deleted successfully C:\Users\Niek Limpens\AppData\Roaming\install deleted successfully C:\Users\Niek Limpens\AppData\Roaming\Media Player Classic deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3887351716-307149313-405428169-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A817C286-3D6B-4ECD-A99C-E44E50DBC523} deleted successfully HKEY_USERS\S-1-5-21-3887351716-307149313-405428169-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A817C286-3D6B-4ECD-A99C-E44E50DBC523} deleted successfully HKEY_USERS\S-1-5-21-3887351716-307149313-405428169-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A817C286-3D6B-4ECD-A99C-E44E50DBC523} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A817C286-3D6B-4ECD-A99C-E44E50DBC523} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3887351716-307149313-405428169-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{A817C286-3D6B-4ECD-A99C-E44E50DBC523} deleted successfully ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) Aangifte inkomstenbelasting 2013 Adobe Flash Player 19 ActiveX Adobe Flash Player 19 NPAPI Adobe Photoshop CS6 Adobe Reader X (10.1.0) - Nederlands Adobe Shockwave Player 11.5 Advanced SystemCare 3 Advertising Center AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD AVIVO64 Codecs AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD Steady Video Plug-In AMD VISION Engine Control Center Amnesia: A Machine for Pigs Apple Application Support Apple Mobile Device Support Apple Software Update ASIO4ALL ATI Catalyst Registration Audacity 1.3.13 (Unicode) AudioLabel AVG AVG 2016 AVG Protection Banished Basissoftware voor HP Officejet 6500 E710n-z Battlefield 3T Battlelog Web Plugins BeamNG.drive BioShock 2 Bonjour BulletStorm Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CollabNet Subversion Client 1.6.15 Combined Community Codec Pack 2009-09-09 ControlMK 0.232 Counter-Strike Counter-Strike: Source Creative ALchemy Creative Configuratiescherm voor geluid Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition Creative WaveStudio 7 D3DX10 DAMN NFO Viewer 2.10.0031 RC3 Diablo III DiRT 3 DolbyFiles Dropbox eReg ESN Sonar F1 2012 File Renamer - Basic FileZilla Client 3.7.3 Firebird 2.5.0.26074 (Win32) FMW 1 Freeplayer3 Full Tilt Poker Full Tilt Poker.Eu Google Chrome Google Earth Google Update Helper Grand Theft Auto IV Half-Life 2 HijackThis 2.0.2 HitmanPro 3.6 Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HP Officejet 6500 E710n-z Haelp HP USB Disk Storage Format Tool HydraVision I-Doser Premium ImagXpress ImgBurn Intel A/V Codecs V2.0 IrfanView (remove only) iTunes Java 8 Update 65 Java Auto Updater Java SE Development Kit 7 Update 7 (64-bit) JavaFX 2.1.1 JetBrains PhpStorm 3.0.1 Junk Mail filter update Logitech Gaming Software 5.10 Logitech SetPoint 6.15 Logitech Touch Mouse Server 1.0 Malwarebytes Anti-Malware versie 1.65.1.1000 ManiaPlanet Max Payne 3 Menu Templates - Starter Kit Messenger Plus 5 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended NLD Language Pack Microsoft Application Error Reporting Microsoft Corporation Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft LifeCam Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Movie Templates - Starter Kit Mozilla Firefox 26.0 (x86 nl) Mozilla Maintenance Service MSI to redistribute MS VS2005 CRT libraries MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyFreeCodec MySQL Tools for 5.0 Nero 9 Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero DiscSpeed Nero DriveSpeed Nero InfoTool Nero Installer Nero Live Nero PhotoSnap Nero Recode Nero Rescue Agent Nero ShowTime Nero StartSmart Nero Vision Nero WaveEditor NeroBurningROM NeroExpress NeroLiveGadget neroxml NetBeans IDE 7.2 NVIDIA PhysX OpenAL OpenOffice.org 3.4.1 Origin Painkiller Hell and Damnation Painkiller Redemption 1.0 PDF Settings CS6 Photo Common PokerStars QuickPar 0.9 QuickTime Rapture3D 2.4.8 Game Razer Game Booster Rockstar Games Social Club RollerCoaster Tycoon 2 SABnzbd 0.7.20 SAM Broadcaster v4 Samsung Kies SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870) setup version 1.0 Skype Click to Call SkypeT 6.14 Software Updater SopCast 3.5.0 SoundCloud Downloader SoundTrax Speccy SpeedFan (remove only) Spotify Steam Switch Sound File Converter Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD Taalpakket voor Microsoft .NET Framework 4 Extended - NLD TeamSpeak 3 Client TeamViewer 8 The Lord of the Rings FREE Trial Tombraider Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition VC9RunTime VC9RunTimeX64 Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables Vuze WampServer 2.2 WD Anywhere Backup Winamp Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live OneCare safety scanner Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinRAR 5.01 (64-bit) XMedia Recode version 3.1.1.8 ==== Running Processes ====================== C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\Niek Limpens\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Users\Niek Limpens\AppData\Local\Dropbox\Update\DropboxUpdate.exe C:\Users\Niek Limpens\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\AVG\Av\avgui.exe C:\Program Files (x86)\AVG\Framework\Common\avguix.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Users\Niek Limpens\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\NIEKLI~1\AppData\Roaming\Mozilla\Firefox\Profiles\lhz2h9e2.default user.js not found ---- Lines finder removed from prefs.js ---- user_pref("extensions.bootstrappedAddons", "{\"brokenimagefinder@jetpack\":{\"version\":\"1.1.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\ user_pref("extensions.brokenimagefinder@jetpack.commentedOut", false); user_pref("extensions.brokenimagefinder@jetpack.doNotify", true); user_pref("extensions.brokenimagefinder@jetpack.firstRun", true); ---- Lines finder modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\":{\"descriptor\":\"C:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_11-11-2015_2100_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\HanaMobile not found C:\PROGRA~2\TVersity not found C:\PROGRA~2\ubi.com not found C:\ProgramData\Avg_Update_0915av not found C:\PROGRA~2\AppName deleted C:\Users\Niek Limpens\AppData\Roaming\PC-Gizmos deleted C:\ProgramData\Avg_Update_0415av deleted C:\ProgramData\Avg_Update_1015av deleted C:\ProgramData\Avg_Update_1214av deleted C:\windows\SysNative\Tasks\0415avUpdateInfo deleted C:\windows\SysNative\Tasks\0915avUpdateInfo deleted C:\windows\SysNative\Tasks\1015avUpdateInfo deleted C:\windows\SysNative\Tasks\1214avUpdateInfo deleted C:\Windows\tasks\0415avUpdateInfo.job deleted C:\Windows\tasks\0915avUpdateInfo.job deleted C:\Windows\tasks\1015avUpdateInfo.job deleted C:\Windows\tasks\1214avUpdateInfo.job deleted C:\PROGRA~2\SopCast deleted C:\Temporary deleted C:\Users\Niek Limpens\AppData\Roaming\uninstall.bat deleted C:\Users\Niek Limpens\AppData\Roaming\Rim.Desktop.Exception.log deleted C:\Users\Niek Limpens\AppData\Roaming\Rim.Desktop.HttpServerSetup.log deleted C:\Users\Niek Limpens\AppData\Roaming\GetRightToGo deleted C:\Users\Niek Limpens\AppData\Local\Unity deleted C:\Users\Niek Limpens\AppData\Local\cache deleted C:\Users\Niek Limpens\AppData\Local\CrashRpt deleted C:\Users\Public\sdelevURL.tmp deleted C:\Users\Niek Limpens\AppData\LocalLow\Unity deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Users\Niek Limpens\Documents\Add-in Express deleted C:\Users\NIEKLI~1\AppData\Roaming\Mozilla\Firefox\Profiles\lhz2h9e2.default\extensions\staged deleted C:\Users\Niek Limpens\AppData\Local\TempFullTiltPokerEuSetup.exe deleted "C:\Users\NIEKLI~1\AppData\Roaming\Mozilla\Firefox\Profiles\lhz2h9e2.default\extensions\brokenimagefinder@jetpack.xpi" deleted "C:\Users\Niek Limpens\AppData\Roaming\Temp" deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4095 MB CPU Info: AMD Phenom(tm) II X4 920 Processor CPU Speed: 2835.1 MHz Sound Card: Headset Earphone (3- Logitech U | Digital Audio Interface (SB X-F | Speakers (SB X-Fi Xtreme Audio) | Digital Audio (S/PDIF) (High De | Display Adapters: ATI Radeon HD 4800 Series | ATI Radeon HD 4800 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Linksys AE3000 | Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) CD / DVD Drives: 2x (D: | F: | ) D: PIONEER DVD-RW DVR-112D | F: YPY QVOD2VO5 Ports: COM1 LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 931.5GB Hard Disks - Free: C: 145.7GB Manufacturer *: Award Software International, Inc. BIOS Info: AT/AT COMPATIBLE | 03/05/09 | HPQOEM - 42302e31 Time Zone: West-Europa (standaardtijd) Motherboard *: Gigabyte Technology Co., Ltd. GA-MA790X-UD4 Country: Netherlands Language: NLD ==== System Specs (Software) ====================== AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE} Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: 26.0 (x86 nl) Google Chrome version: 46.0.2490.80 Adobe Reader version: 10.1.0.534 Sun Java version: 1.8.0_65 (32-bit) Sun Java version: 1.8.0_65 (64-bit) Flash Player version: 19.0.0.226 Shockwave Player version: 11.5.6r606 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\NIEKLI~1\AppData\Local\Temp ==== 2015-11-11 19:31:51 A560DBA4BC0D93CE2CB25FD68C5D191E 71168 ----a-w- C:\Users\Niek Limpens\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1jlrym.dll 2015-11-10 18:35:00 7F92442A54DC0BCA5863AA65ED0F6DD3 43334736 ----a-w- C:\Users\Niek Limpens\AppData\Local\Temp\{F5BC5194-3BE2-4564-B0A3-F8A3471B5AF2}-46.0.2490.86_chrome_installer.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-10-21 15:16:48 D2E83AA008426FC9408272035E50D40B 284080 ----a-w- C:\Windows\Sysnative\drivers\avgldx64.sys 2015-10-21 15:15:02 0D853D9B288298D3C61D7FC94A659DB2 255408 ----a-w- C:\Windows\Sysnative\drivers\avgmfx64.sys 2015-10-19 07:03:24 788FA68A9319CC73413AFE97EFD642A1 313776 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-11-10 17:53:21 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-11-11 19:40:36 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Niek Limpens\AppData\Roaming ====== 2015-11-11 19:40:10 -------- d-----w- C:\Users\Niek Limpens\AppData\Roaming\Sun 2015-10-26 09:42:38 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\AvgSetupLog 2015-10-26 09:40:58 9440BBB02BC5C70070A6CAA892191F48 6188680 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2015-10-26 08:05:52 -------- d-----w- C:\Users\Niek Limpens\AppData\Local\AvgSetupLog 2015-10-26 07:31:33 -------- d-----w- C:\Users\Niek Limpens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ====== C:\Users\Niek Limpens ====== 2015-11-11 19:41:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2015-11-11 19:40:03 -------- d-----w- C:\Users\Niek Limpens\.oracle_jre_usage 2015-11-11 19:36:39 461A1FEB2BE3C9AD35CD9206470BDA89 584288 ----a-w- C:\Users\Niek Limpens\Downloads\chromeinstall-8u65.exe 2015-11-10 17:52:52 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Niek Limpens\Desktop\RSITx64.exe ====== C: exe-files == 2015-11-11 19:38:27 FAE99E011922F5BE4CB2160E316D057B 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\rmiregistry.exe 2015-11-11 19:38:27 FA5E33B54BD044F489BA4281B3D6ED95 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\servertool.exe 2015-11-11 19:38:27 CC0CF93D2BF12A423DA4134FFB9C324D 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssvagent.exe 2015-11-11 19:38:27 BBC68E5519B11A74B8208AA7B85F3B80 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\rmid.exe 2015-11-11 19:38:27 B61623580A304714A4E2FE6A5E73327F 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\pack200.exe 2015-11-11 19:38:27 AA79E5830F4B6C29A5A976891ED0E86B 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\jjs.exe 2015-11-11 19:38:27 940EE00C074A46D638A756723964D65D 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\orbd.exe 2015-11-11 19:38:27 857117663B1F28ABBA4E1C6110A09282 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\policytool.exe 2015-11-11 19:38:27 6211595DD15306DFD8E07B95E6F2984D 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\tnameserv.exe 2015-11-11 19:38:27 56DCBCE6CF84B5F12185AF6DB7B85EB2 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\keytool.exe 2015-11-11 19:38:27 4D2DDC988E4F67E7E07E78954FBEED2D 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\unpack200.exe 2015-11-11 19:38:27 2AA43B8A44341F90DCCFAE38107BA484 76896 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2launcher.exe 2015-11-11 19:38:27 1A859E08A65ECBA7B687ACAED5EA5080 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\ktab.exe 2015-11-11 19:38:27 1933BBD87F9759CC2D7DC2909C4CA0CD 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\klist.exe 2015-11-11 19:38:27 0AD21325149141252F05B32F7809F441 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\kinit.exe 2015-11-11 19:38:26 B6DBE62611DA178B2CA578BC2B7BBA30 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe 2015-11-11 19:38:26 A53E431775DF91EA016AF5817DF26B41 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\javaw.exe 2015-11-11 19:38:26 8ED50DA4BAE0046E05BEC0110CF20B17 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\java-rmi.exe 2015-11-11 19:38:26 66B01DCB41FBE8C3CAB13D3F8ED4FA58 30816 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\jabswitch.exe 2015-11-11 19:38:26 50CC4A65F784A51813A169EA33CF319A 278624 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\javaws.exe 2015-11-11 19:38:26 4547FB479010206D8BEA10B2694C5C6D 191072 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\bin\java.exe 2015-11-10 17:53:21 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Niek Limpens.exe 2015-11-09 09:44:25 881DE7AA23DDE0A2B8E37FAE38979A31 1143872 ----a-w- C:\Program Files (x86)\AVG\Av\Notification\Launcher.exe === C: other files == 2015-11-11 19:38:29 577B724A8DB4380F8B8F0098D1C9A722 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_65\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3887351716-307149313-405428169-1001\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Spotify Web Helper"="C:\Users\Niek Limpens\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Dropbox Update"="C:\Users\Niek Limpens\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "AVG_UI"="C:\Program Files (x86)\AVG\Av\avgui.exe /TRAYONLY" "AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguix.exe /fmw.trayonly" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Spotify Web Helper"="C:\Users\Niek Limpens\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Dropbox Update"="C:\Users\Niek Limpens\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming" "Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "AdobeBridge"="" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "ATICustomerCare"="\"C:\\Program Files (x86)\\ATI\\ATICustomerCare\\ATICustomerCare.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPDLR.exe Run" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AMD AVT] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AMD AVT" "hkey"="HKLM" "command"="Cmd.exe /c start \"AMD Accelerated Video Transcoding device initialization\" /min \"C:\\Program Files (x86)\\AMD AVT\\bin\\kdbsync.exe\" aml" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesAirMessage] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesAirMessage" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesAirMessage.exe -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesHelper" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesHelper.exe /s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPDLR] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPDLR" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPreload" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LifeCam] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LifeCam" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft LifeCam\\LifeExp.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PlusService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PlusService" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Yuna Software\\Messenger Plus!\\PlusService.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RGSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RGSC" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony Ericsson PC Suite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sony Ericsson PC Suite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Sony Ericsson\\Sony Ericsson PC Suite\\SEPCSuite.exe\" /systray /nologon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VX6000] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VX6000" "hkey"="HKLM" "command"="C:\\Windows\\vVX6000.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WD Anywhere Backup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WD Anywhere Backup" "hkey"="HKLM" "command"="C:\\Program Files\\WD\\WD Anywhere Backup\\MemeoLauncher2.exe --silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WinampAgent" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Winamp\\winampa.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Apache Web Server Monitor.lnk] "item"="Apache Web Server Monitor" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Apache Web Server Monitor.lnk" "backup"="C:\\Windows\\pss\\Apache Web Server Monitor.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\Zend\\Apache2\\bin\\APACHE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Zend Controller.lnk] "item"="Zend Controller" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Zend Controller.lnk" "backup"="C:\\Windows\\pss\\Zend Controller.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\Zend\\ZENDSE~1\\bin\\ZENDCO~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Niek Limpens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "item"="Dropbox" "path"="C:\\Users\\Niek Limpens\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\NIEKLI~1\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe" ==== Startup Folders ====================== 2015-05-12 10:05:45 1118 ----a-w- C:\Users\Niek Limpens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11-11-2015 20:27] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3887351716-307149313-405428169-1001Core.job --a------ :C:\Users\Niek Limpens\AppData\Local\Dropbox\Update\DropboxUpdate.exC:Niek LimpensXHoud de Dropbox-software bijgewerkt. Als deze taak wordt uitgeschakeld of gestopt wordt je Dropbox-software niet meer bijgewerkt waardoor er kwetsbaarheden kunnen optreden die niet kunnen worden gerepareerd of waardoor functies niet meer werken. Deze taak wordt vanzelf verwijderd wanneer er geen Dropbox-software is die ervan gebruikmaakt.0: [] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3887351716-307149313-405428169-1001UA.job --a------ C:EC:\Users\Niek Limpens\AppData\Local\Dropbox\Update\DropboxUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-09-2015 19:28] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-09-2015 19:28] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files (x86)\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3887351716-307149313-405428169-1001Core" [C:\Users\Niek Limpens\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3887351716-307149313-405428169-1001UA" [C:\Users\Niek Limpens\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java(TM) Platform SE Auto Updater" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\Razer_Game_Booster_AutoUpdate" [C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe] "C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-3887351716-307149313-405428169-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-3887351716-307149313-405428169-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{BF6C1065-3624-4D02-A05C-12906FA8E688}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{848C532B-9C5F-4EBE-83B2-0F014ADAB168}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions ====================== ProfilePath: C:\Users\NIEKLI~1\AppData\Roaming\Mozilla\Firefox\Profiles\lhz2h9e2.default - SoundCloud Downloader - %ProfilePath%\extensions\{2b55ea1c-5d12-4fb5-bb9b-2067f8eda4ca}.xpi ExtDir: C:\Users\Niek Limpens\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - Torrent Handler - %ExtDir%\TorrentHandler@TorrentHandler.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Niek Limpens\AppData\Roaming\Mozilla\Firefox\Profiles\lhz2h9e2.default 8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Windows\SysWoW64\TVUAx\npTVUAx.dll - TVU Web Player for FireFox 32A783FE8D78DB883368CA851E274DBE - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director ==== Deleted Firefox Extensions ====================== C:\Users\Niek Limpens\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\TorrentHandler@TorrentHandler.com.xpi deleted ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions hphibigbodkkohoglgfkddblldpfohjl - C:\Program Files (x86)\TorrentHandler\TorrentHandler.crx[] jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[14-05-2013 12:27] Magic Actions for YouTube - Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif CookiesOK - Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Extensions\afmkbjoakcacgljcdccofbffloabfbni SoundCloud Downloader - Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoolhjdoobnmganipjlhchohpnoegobp YouTube - Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AdBlock - Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Window Top It - Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jheacplmldofkoakhdajanmdfephkbln Skype Click to Call - Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Copy as plain text - amaz.ing - Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkkcgjeddgdnikkeoinjgbocghokolck Chrome Web Store Payments - Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Transcribe transcribe audio/interviews fast - Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm ClickClean App - Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp Gmail - Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\Wow6432Node\SearchScopes "DefaultScope"="" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKCU\SearchScopes "DefaultScope"="{F2F858E0-9C9C-4931-A091-006422B0E8F0}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{F2F858E0-9C9C-4931-A091-006422B0E8F0} - http://www.google.nl/search?hl=nl&q={searchTerms} HKCU\Wow6432Node\SearchScopes "DefaultScope"="" ==== Reset Google Chrome ====================== C:\Users\Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hphibigbodkkohoglgfkddblldpfohjl deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Amnesia: A Machine for Pigs_is1 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite deleted successfully ==== HijackThis Entries ====================== O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Niek Limpens\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Niek Limpens\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Users\Niek Limpens\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - https://webmail.saxion.nl/dwa85W.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mcx1-NIEKLIMPENS-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Niek Limpens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Niek Limpens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Niek Limpens\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=245 folders=57 97754468 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Mcx1-NIEKLIMPENS-PC\AppData\Local\temp emptied successfully C:\Users\Niek Limpens\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\NIEKLI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Niek Limpens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on wo 11-11-2015 at 21:14:15,45 ======================