toestenbord en browser tilt

[STVN]

de problemen, opgedoken sinds vandaag:
firefox gaat automatisch in volledigschermmodus, ook als je die afzet komt die weer terug als ik op een van de pijltjes op het toetsenbord druk
soms begint firefox te flikkeren en verschijnen alle openstaande programmas heel snel achter elkaar op het scherm. als ik firefox afzet stopt dit (en momenteel is het eventjes heel normaal - ik krijg er grijs haar van)

toetsenbord:
een van mijntwee enter-toetsen reageert niet meer
de pijltjestoetsen reageren niet meer of geven bizarre effecten
bij de bovenste rij toetsen (getallen en speciale tekens) reageren de toetsen een tot en met vier en zeven en acht meer
als ik de letter a intikt komt er automtatisch a:, bij q wordt het ql (maar dat is ondertussen al gestopt)

ik heb er MBAM op losgelaten (zie log onderaan), die heeft een en ander verwijderd maar het probleem blijft.


de hijacktis-log:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:56:47, on 17/11/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)

FIREFOX: 25.0.1 (nl)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\spotify .exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyWebHelper.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyHelper.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyHelper.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyHelper.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyHelper.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\gebruiker\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [googletalk] C:\Users\gebruiker\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Spotify] "C:\Users\gebruiker\AppData\Roaming\Spotify\Spotif y.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\gebruiker\AppData\Roaming\Spotify\Data\S potifyWebHelper.exe"
O4 - Startup: Dropbox.lnk = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pbox.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lxdr_device - Unknown owner - C:\Windows\system32\lxdrcoms.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9864 bytes



de MBAM-log:

Registersleutels gedetecteerd: 6
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} (PUP.Optional.SilentInstall.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} (PUP.Optional.SilentInstall.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnpp fjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Slecht: (http://www.delta-search.com/?affID=1...CC1E85DE305A70) Goed: (http://www.google.com) -> Succesvol in quarantaine geplaatst en gerepareerd.

Mappen gedetecteerd: 3
C:\Users\gebruiker\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\gebruiker\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\gebruiker\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 7
C:\$Recycle.Bin\S-1-5-21-1886480655-3987779-1919293100-1002\$RM9VS1Z.exe (PUP.Optional.GoForFiles.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\BBrowse22save\uninstall.exe (PUP.Optional.SilentInstall.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Seaarcch-NewTaib\uninstall.exe (PUP.Optional.SilentInstall.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\gebruiker\Downloads\BitLordInstall.exe (PUP.Optional.InstallCore.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\gebruiker\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\gebruiker\AppData\Roaming\Babylon\log_fil e.txt (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\gebruiker\AppData\Roaming\BabSolution\CR\ Delta.crx (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

alvast bedankt voor tips en hulp

[Rosty]

Download AdwCleaner by Xplode naar het bureaublad.

• Sluit alle openstaande vensters.
• Dubbelklik op AdwCleaner om hem te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Klik vervolgens op Scan.
• Klik vervolgens op Clean als er items zijn gevonden.
• Klik bij Herstarten Noodzakelijk op OK

Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[S0].txt

[STVN]

Ik heb het bovenstaande toegepast, maar met zeer beperkt resultaat. De browser blijft vreemd doen (gaatna een minuut of zo automatisch in fullscreenmodus) en bepaalde toetsen blijven niet werken (de enter-toets werkt wel weer, net als de pijltjes naar boven en beneden. De cijfers 123489 doen het nog niet, net als de pijtljes naar links en rechts (boven en benden zijn wel ok).

Zijn er nog tips?
Groeten,
Steven

Hier drie opeenvolgende logs:
# AdwCleaner v3.012 - Report created 19/11/2013 at 00:03:14
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : gebruiker - ASUS
# Running from : C:\Users\gebruiker\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Seaarcch-NewTaib
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seaarcch-NewTaib
Folder Deleted : C:\Program Files (x86)\BitLord 2
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Users\gebruiker\AppData\Roaming\BitLord
Folder Deleted : C:\Users\gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\BitLord
Folder Deleted : C:\Users\gebruiker\Documents\BitLord
Folder Deleted : C:\Users\gebruiker\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\eooncjejnppfjjklapaamhcdmj bilmde
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\nto5tsia.default\searchplugins\delta.xml
File Deleted : C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\nto5tsia.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagoc gkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\de8d8ab56ded45
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v25.0.1 (nl)

[ File : C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\nto5tsia.default\prefs.js ]

Line Deleted : user_pref("extensions.514605f0694c3.scode", "(function(){try{if('aol.com,mail.google.com,premi umreports.info,search.babylon.com,search.gboxapp.c om'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.id", "f8cc1a140000000000001e85de305a70");
Line Deleted : user_pref("extensions.delta.instlDay", "15781");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.019:21:46");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\gebruiker\AppData\Local\Google\Chrome\Use r Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5100 octets] - [19/11/2013 00:01:38]
AdwCleaner[S0].txt - [4700 octets] - [19/11/2013 00:03:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4760 octets] ##########


# AdwCleaner v3.012 - Report created 19/11/2013 at 00:12:58
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : gebruiker - ASUS
# Running from : C:\Users\gebruiker\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\gebruiker\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\eooncjejnppfjjklapaamhcdmj bilmde

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v25.0.1 (nl)

[ File : C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\nto5tsia.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\gebruiker\AppData\Local\Google\Chrome\Use r Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5100 octets] - [19/11/2013 00:01:38]
AdwCleaner[R1].txt - [1125 octets] - [19/11/2013 00:11:30]
AdwCleaner[S0].txt - [4852 octets] - [19/11/2013 00:03:14]
AdwCleaner[S1].txt - [1049 octets] - [19/11/2013 00:12:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1109 octets] ##########

# AdwCleaner v3.012 - Report created 19/11/2013 at 00:26:54
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : gebruiker - ASUS
# Running from : C:\Users\gebruiker\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v25.0.1 (nl)

[ File : C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\nto5tsia.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\gebruiker\AppData\Local\Google\Chrome\Use r Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5100 octets] - [19/11/2013 00:01:38]
AdwCleaner[R1].txt - [1125 octets] - [19/11/2013 00:11:30]
AdwCleaner[R2].txt - [1120 octets] - [19/11/2013 00:24:55]
AdwCleaner[S0].txt - [4852 octets] - [19/11/2013 00:03:14]
AdwCleaner[S1].txt - [1190 octets] - [19/11/2013 00:12:58]
AdwCleaner[S2].txt - [1042 octets] - [19/11/2013 00:26:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1102 octets] ##########

[Rosty]

Heb je dit ook met een ander toetsenbord?

[STVN]

De computer is een laptop, en ik heb geen reserve toetsenbord. Ook de browser blijft vreemd doen, daarom denk ik niet aan een hardware-probleem.

[Rosty]

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
• Dubbelklik op Zoek.exe om de tool te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  
  Code:

  startupall;
  filesrcm;

• Vink nu de onderstaande opties aan.
  
  • 
    
    
  • Standaard Search
  • Auto Clean
  • Running processes
  • Empty All Temp
  • Recently Created
  • Firefox Look
  • Chrome Look
  • Reset Chrome
  • Reset Hosts
  • emptyclsid
    
    
• Klik nu op de knop "Run script".
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
• Post nu de inhoud van het geopende logje in het volgende bericht.

[/

[STVN]

Voorlopig niet gelukt: de optie 'emptyclsid' vond ik niet. ik heb zoek.exe opgestart, het heeft een hele nacht gedraaid en was vanmorgen nog 'bezig', en ik kon het ook niet afzetten: elke keer als ik het venster sloot kwam er een nieuw - heb de computer moeten heropstarten om er van af te raken, en er verscheen dan ook geen logbestand.
Vanavond zal ik het nog eens opnieuw proberen.

Steven

[Rosty]

Hoi,
probeer volgende eens, als er iets niet tussenstaat moet je je geen zorgen maken hoor!

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
• Dubbelklik op Zoek.exe om de tool te starten.
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  
  Code:

  startupall;
  filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
  • Running processes
  • Recently Created
  • Startup Information
  • Installed Programs
  • HijackThis Log
  • Firefox Look
  • Chrome Look
  • System Specs
  • Silent Runners
  • Firefox Defaults
  • Reset Chrome
  • Reset IE proxy
  • Empty Temp Folders
  • System Restore Point
  • System Restore Info
  • Reset System Restore
  • Shortcut Fix
  • IE Defaults
  • Reset Hosts
  • Auto Clean
• Klik daarna op de knop "Run script".
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
• Post nu de inhoud van het geopende logje in het volgende bericht.

[STVN]

hier is de log. ik ben niet zeker of de AVGdeze keer nog uitstond, anders probeer ik het vanavond nog eens

Zoek.exe Version 4.0.0.5 Updated 14-November-2013
Tool run by gebruiker on wo 20/11/2013 at 23:18:09,60.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

20/11/2013 23:19:20 System Restore is disabled.
enable_system_restore_reboot;Launched: C:\Users\gebruiker\Desktop\zoek\zoek.exe [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2013-11-19-214724.log 4755 bytes

==== Running Processes ======================

C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\lxdrcoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler. exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler6 4.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\igfxpers.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\spotify .exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyWebHelper.exe
C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pbox.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyHelper.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyHelper.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyHelper.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wwahost.exe
C:\Windows\System32\CredentialUIBroker.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyHelper.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyHelper.exe
C:\Users\gebruiker\AppData\Roaming\Spotify\Data\Sp otifyHelper.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\gebruiker\Desktop\zoek\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05) - Nederlands
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Instant Connect
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS Tutor
ASUS WebStorage Sync Agent
AsusVibe2.0
ATK Package
AVG 2014
Bandizip
BitLord 2.3
Bonjour
CCleaner
Compatibiliteitspakket voor het 2007 Microsoft Office system
CutePDF Writer 3.0
Dropbox
eMusic Download Manager 6
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel© Trusted Connect Service Client
iTunes
Malwarebytes Anti-Malware versie 1.75.0.1300
Microsoft Office
Microsoft Office Standard Editie 2003
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MozBackup 1.5.1
Mozilla Firefox 25.0.1 (x86 nl)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.8 (x86 nl)
Pixum Fotoboek
Qualcomm Atheros Client Installation Program
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Shared C Run-time for x64
SketchUp 8
SkypeT 6.9
Spotify
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.5
Windows-stuurprogrammapakket - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
WinFlash

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\nto5tsia.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "https://www.google.be");
user_pref("browser.search.order.1", "");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\nto5tsia.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\nto5tsia.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ----

prefs_20132011_2338_.backup

==== Deleting Files \ Folders ======================

C:\ProgramData\BBrowse22save deleted
C:\ProgramData\InstallMate deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBrowse22save deleted
C:\Users\gebruiker\Downloads\avg_free_stb_all_2013 _2805_cnet.exe deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\L ocalLow\AVG Secure Search deleted
C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\nto5tsia.default\jetpack deleted
C:\Users\gebruiker\Downloads\HBO.Girls.S01.Season. 1.BDRip.XviD-DEMAND.exe deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3980 MB
CPU Info: Intel(R) Celeron(R) CPU B830 @ 1.80GHz
CPU Speed: 1797,9 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Realtek PCIe GBE Family Controller | Qualcomm Atheros AR9485 Wireless Network Adapter
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C: 186,3GB | D: 258,5GB
Hard Disks - Free: C: 61,4GB | D: 204,9GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | | _ASUS_ - 1072009
Time Zone: West-Europa (standaardtijd)
Motherboard *: ASUSTeK COMPUTER INC. X501A1
Country: Belgi‰
Language: NLB

==== System Specs (Software) ======================

Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated)
Default Browser: Firefox 25.0.1
Internet Explorer Version: 10.0.9200.16736
Mozilla Firefox version: 25.0.1 (x86 nl)
Google Chrome version: 31.0.1650.57
Adobe Reader version: 11.0.04.63
Flash Player version: 11.9.900.117

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\GEBRUI~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-11-16 19:06:25 EDEEF62DC791001AE98E7AC0F2F33A69 694232 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-16 19:06:25 CC432560003B0F89F79A7B946459CDDA 78296 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-13 16:56:30 5F96687B87B35AB996FE125DC0288544 1711616 ----a-w- C:\Windows\SysWOW64\d3d11.dll
2013-11-13 16:56:14 EDC410DA14DCACF4C42E09F1EB45E125 2035712 ----a-w- C:\Windows\SysWOW64\authui.dll
2013-11-13 13:31:22 20DEAA3798E24F2568D13E59854B86BA 10799104 ----a-w- C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 13:31:15 E5022C5E268209367A186DF3F8705AEA 914432 ----a-w- C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 13:31:06 10C3BE99D42B256C73A4982E9680B81C 628736 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2013-11-13 13:31:04 94AE186C279DD59E8D9F4E735CB81525 247296 ----a-w- C:\Windows\SysWOW64\ubpm.dll
2013-11-13 13:31:02 ABB989EF246D554A6D166B9D2C8AB36C 656896 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2013-11-13 13:31:02 98AC5B3A987A7698B070D39AC88B7ED7 485376 ----a-w- C:\Windows\SysWOW64\WSDApi.dll
2013-11-13 13:31:01 4D85933D2F0819320DD1FF0B8CF191AC 84992 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2013-11-13 13:31:00 FE5AD5F1E79B411F0B9E7027F2AD496A 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2013-11-13 13:31:00 17752E897BC17C13E5CAEA71D376C96A 126976 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
2013-11-13 13:30:33 23787853DA559818AC593D470E27441E 1022976 ----a-w- C:\Windows\SysWOW64\gdi32.dll
2013-11-13 13:30:20 8EF66E7F4CEE23A30917D27C460CDB8D 1569280 ----a-w- C:\Windows\SysWOW64\crypt32.dll
2013-11-13 13:30:03 2A2AD16DC708EF09B79604CEE9FF4722 323072 ----a-w- C:\Windows\SysWOW64\schannel.dll
2013-11-13 13:28:07 02A04841906A8892AD6CC7BDBCB5F61D 14355968 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-11-13 13:27:51 1191434BB424F18C2609AB5C955DD14E 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-11-13 13:27:49 D42525513055C0A65FD4BEFAFACEB134 2877952 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-11-13 13:27:47 A5897063A4B6796EFB7B34CEC5BC739F 1138176 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-11-13 13:27:45 DA5374911037841F81072A4DCBB02D93 2049024 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-11-13 13:27:45 5FD4335DCD343D0FEA9FA6B18ED408D9 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-11-13 13:27:44 AD6639EF2BD655C7E630B6BCF7203463 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 13:27:44 6AD683FF326836EB6AE63B1F144A4F9D 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-11-17 15:28:03 954070F36FDC31AB19C4A49DDD70263E 300744 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT
2013-11-13 16:56:30 BEB9FF627ACB97F10D0B65D404D62C7A 2062848 ----a-w- C:\Windows\Sysnative\d3d11.dll
2013-11-13 16:56:14 97F8694D6CDD8A3BBDF0A24D9B321C7B 2304512 ----a-w- C:\Windows\Sysnative\authui.dll
2013-11-13 13:31:29 B37AF4CB7C5BBE8ABF0CD7E796AB1EB3 13661696 ----a-w- C:\Windows\Sysnative\Windows.UI.Xaml.dll
2013-11-13 13:31:17 5EE919B9C3056B399E488A9B253E258A 3279360 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2013-11-13 13:31:16 58FE249FBABBA09A98EBAF28B0E0C382 1173504 ----a-w- C:\Windows\Sysnative\UIAutomationCore.dll
2013-11-13 13:31:07 11F1BA1F5D9D63DA9332FB48E316CF20 773120 ----a-w- C:\Windows\Sysnative\wuapi.dll
2013-11-13 13:31:06 16C7029B1FBD1F80B2337933E66BF793 328192 ----a-w- C:\Windows\Sysnative\ubpm.dll
2013-11-13 13:31:05 510A64BC84EA509337AAA67A888F101C 817152 ----a-w- C:\Windows\Sysnative\kerberos.dll
2013-11-13 13:31:05 4AF9E996881DD382EF34C094FFF26670 1622016 ----a-w- C:\Windows\Sysnative\wucltux.dll
2013-11-13 13:31:04 05238CE241F616ECFE061C3363FFD8F7 252928 ----a-w- C:\Windows\Sysnative\WUSettingsProvider.dll
2013-11-13 13:31:03 DA041324BA6417672F464BCCD7B4028F 59416 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2013-11-13 13:31:03 96486A251B78FFBD9C559C78054BAD59 599040 ----a-w- C:\Windows\Sysnative\WSDApi.dll
2013-11-13 13:31:01 7F77886AC6F915075DC0C37264B02713 142848 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2013-11-13 13:31:01 71966AEA65DCCE5A749B27D07DFA524E 99328 ----a-w- C:\Windows\Sysnative\wudriver.dll
2013-11-13 13:31:01 59A3F0EE45069600241CEF1A3A165000 175104 ----a-w- C:\Windows\Sysnative\storewuauth.dll
2013-11-13 13:31:00 C85F997D1BC04C5D0C8193183C70D6E4 40448 ----a-w- C:\Windows\Sysnative\wuapp.exe
2013-11-13 13:30:33 2299D30B0C3F41687127DDAC5B3CAC32 1300992 ----a-w- C:\Windows\Sysnative\gdi32.dll
2013-11-13 13:30:20 61EE56D354A5B425845F6A38CE401F92 1890816 ----a-w- C:\Windows\Sysnative\crypt32.dll
2013-11-13 13:30:08 E455C83E029121270BED73CDAC381F37 1160192 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL
2013-11-13 13:30:07 53AA55632B94622F2DC3695E86EF9363 723968 ----a-w- C:\Windows\Sysnative\BFE.DLL
2013-11-13 13:30:03 4F54EB37483A890F8C19478207FC5004 419328 ----a-w- C:\Windows\Sysnative\schannel.dll
2013-11-13 13:28:22 25C356A79B7002E0A20AAF592ED59DE4 19269632 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-11-13 13:27:56 9991ABD246ED906CF420B2CA08BF685A 15404544 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-11-13 13:27:53 90868BDD4047BF951E03620961945149 3959808 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-11-13 13:27:47 F13305A81317DDAEA3968D2D8EC0C0A4 1364992 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-11-13 13:27:47 9706C99DAEBE3FEAC811B239617E98C4 2241536 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-11-13 13:27:46 A96B3E9D360DE75B09EE77698A54412B 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-11-13 13:27:45 1E47964351EA38C20A8E28B413769C80 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-11-13 13:27:44 EFB4937249C7E4D57F69CC4B1986BC4B 855552 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-11-13 13:27:43 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
====== C:\Windows\Sysnative\drivers =====
2013-11-17 15:53:37 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-11-13 13:31:06 E94F7A7B48C7638D1F3F8089344C97B7 151896 ----a-w- C:\Windows\Sysnative\drivers\tpm.sys
2013-11-13 13:31:06 C1646A95EAC515F60CDB2A7A8A013C1E 465240 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys
2013-11-13 13:31:04 07C872F13ACC81A5F10DEC6CF37BF9A8 61784 ----a-w- C:\Windows\Sysnative\drivers\crashdmp.sys
2013-11-13 13:30:10 7C0E0EDF18D6CC565D7BFBB451709FA5 576512 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2013-11-13 13:30:07 44BB9C31E6242C4BD1CE7C2B440C2533 96600 ----a-w- C:\Windows\Sysnative\drivers\wfplwfs.sys
====== C:\Windows\Tasks ======
2013-10-27 20:31:56 F4DBC1FCC64F4F4FA4B3DE6974560EA4 1072 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-27 20:31:56 8E77F9A9A87B9A2D73452CFD9364B0A9 4044 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachine UA
2013-10-27 20:31:53 26E60593A3B13ED81C1CAFE1077135AE 3808 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachine Core
2013-10-27 20:31:52 9CB7AEB8BD177C2B817C27BDFCCA4618 1068 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2013-11-16 08:54:16 -------- d-----w- C:\PROGRA~2\x264 Video Codec
======= C: =====
====== C:\Users\gebruiker\AppData\Roaming ======
2013-11-17 15:53:24 -------- d-----w- C:\Users\gebruiker\AppData\Local\Programs
2013-11-16 14:05:49 8DE9F588DFB1641F2C0EA05BD4B60605 218 ----a-w- C:\Users\gebruiker\AppData\Local\recently-used.xbel
2013-11-16 08:54:26 -------- d-----w- C:\Users\gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\x264 Video Codec
2013-10-27 20:34:44 -------- d-----w- C:\Users\gebruiker\AppData\Locallow\Google
====== C:\Users\gebruiker ======
2013-11-18 20:07:04 9812917FE2FCDEA2FD800573D7842E5D 1085542 ----a-w- C:\Users\gebruiker\Desktop\adwcleaner.exe
2013-11-17 16:29:47 76B1717148C114D3A47147B1A5CCFFEA 4379048 ----a-w- C:\Users\gebruiker\Downloads\ccsetup407.exe
2013-11-17 15:52:32 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\gebruiker\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-29 20:35:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager 6
2013-10-27 20:34:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2013-10-27 20:32:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

====== C: exe-files ==
2013-11-18 20:07:04 9812917FE2FCDEA2FD800573D7842E5D 1085542 ----a-w- C:\Users\gebruiker\Desktop\adwcleaner.exe
2013-11-17 16:29:47 76B1717148C114D3A47147B1A5CCFFEA 4379048 ----a-w- C:\Users\gebruiker\Downloads\ccsetup407.exe
2013-11-17 15:52:32 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\gebruiker\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-17 09:37:09 1A7C91AC6F14EBB22688704A13DC8D17 12598112 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\31.0.1650.57\31.0.1650.57_30.0.1599. 101_chrome_updater.exe
2013-11-16 08:54:32 98C41AB0F6C05B0DEC773EC74526EACC 371561 ----a-w- C:\Program Files (x86)\x264 Video Codec\Uninstall.exe
=== C: other files ==
2013-11-17 15:53:37 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\Drivers\mbam.sys

======== System Restore Points ========

RP51: 31/10/2013 8:47:58 - Gepland controlepunt
RP52: 8/11/2013 21:33:36 - Gepland controlepunt
RP53: 13/11/2013 17:09:30 - Windows Update
RP54: 19/11/2013 22:46:42 - zoek.exe restore point

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1886480655-3987779-1919293100-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"googletalk"="C:\Users\gebruiker\AppData\Roaming\G oogle\Google Talk\googletalk.exe /autostart"
"Spotify"="C:\Users\gebruiker\AppData\Roaming\Spot ify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\gebruiker\AppData\Roaming\Spotif y\Data\SpotifyWebHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ASUSWebStorage"="C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"googletalk"="C:\Users\gebruiker\AppData\Roaming\G oogle\Google Talk\googletalk.exe /autostart"
"Spotify"="C:\Users\gebruiker\AppData\Roaming\Spot ify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\gebruiker\AppData\Roaming\Spotif y\Data\SpotifyWebHelper.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"ACMON"="C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"

==== Startup Folders ======================

2013-01-15 12:46:16 1017 ----a-w- C:\Users\gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\Dropbox.lnk
2012-09-20 17:59:34 2058 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [08/10/2013 19:03]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/10/2013 21:31]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/10/2013 21:31]
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job --a-------- C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe []
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job --a-------- C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe []
C:\Windows\tasks\ROC_JAN2013_TB_rmv.job --a-------- C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe]
"C:\Windows\SysNative\tasks\ASUS InstantOn Config" [C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe]
"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe]
"C:\Windows\SysNative\tasks\ASUS Touchpad Launcher (x64)" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\FGRun" [C:\Users\gebruiker\AppData\Roaming\pack.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachin eCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachin eUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe]
"C:\Windows\SysNative\tasks\ROC_JAN2013_TB_rmv " [C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpd ate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions ======================

ProfilePath: C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\nto5tsia.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- BitComet Download Helper - %ProfilePath%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\nto5tsia.default
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_90 0_117.dll - Shockwave Flash


==== Chrome Look ======================

Google Docs - gebruiker - Default\Extensions\aohghmighlieiainnegkcijnfilokak e
Google Drive - gebruiker - Default\Extensions\apdfllckaahabafndbhieahigkjlhal f
YouTube - gebruiker - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbe o
Google Search - gebruiker - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjp f
Google Wallet - gebruiker - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmied a
Gmail - gebruiker - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedi a

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\gebruiker\AppData\Local\Google\Chrome\Use r Data\Default\Preferences was reset successfully
C:\Users\gebruiker\AppData\Local\Google\Chrome\Use r Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\gebruiker\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\gebruiker\Desktop\BitLord.lnk - C:\Program Files (x86)\BitLord 2\Bitlord files\bitlord.exe
C:\Users\gebruiker\Desktop\eMusic Download Manager 6.lnk - C:\Program Files (x86)\eMusic Download Manager 6\emusic-dlm.exe
C:\Users\gebruiker\Desktop\Spotify.lnk - C:\Users\gebruiker\AppData\Roaming\Spotify\spotify .exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Fotoshow.lnk - C:\Program Files (x86)\Pixum\Pixum Fotoboek\Fotoshow.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\MozBackup.lnk - C:\Program Files (x86)\MozBackup\MozBackup.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\Pixum Fotoboek.lnk - C:\Program Files (x86)\Pixum\Pixum Fotoboek\Pixum Fotoboek.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Public\Desktop\ASUS\Business tool\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\ASUS\Entertainment\Build-a-lot 4 - Power Source.lnk -
C:\Users\Public\Desktop\ASUS\Entertainment\Delicio us Emily's Childhood Memories.lnk -
C:\Users\Public\Desktop\ASUS\Entertainment\Jewel Quest Mysteries 2.lnk -
C:\Users\Public\Desktop\ASUS\Entertainment\LifeFra me.lnk - C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe
C:\Users\Public\Desktop\ASUS\Entertainment\Snark Busters - Welcome to the Club.lnk -
C:\Users\Public\Desktop\ASUS\Entertainment\The Treasures of Montezuma 3.lnk -
C:\Users\Public\Desktop\ASUS\System tool\ASUS On-Screen Display.lnk - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSDMgr.exe
C:\Users\Public\Desktop\ASUS\System tool\Power4Gear Hybrid.lnk - C:\Windows\Installer\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}\_A1AB703A028E391D0E1CDC.exe
C:\Users\Public\Desktop\ASUS\System tool\Splendid Utility.Lnk - C:\Program Files (x86)\ASUS\Splendid\Backbone.exe

==== shortcuts in Users Start Menu ======================

C:\Users\gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\zoek.lnk - C:\Users\gebruiker\Desktop\zoek
C:\Users\gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\x264 Video Codec\Uninstall.lnk - C:\Program Files (x86)\x264 Video Codec\Uninstall.exe
C:\Users\gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\x264 Video Codec\Filters\FFDShow Audio Decoder Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\x264 Video Codec\Filters\FFDShow\ffdshow.ax",configureAudio
C:\Users\gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\x264 Video Codec\Filters\FFDShow VFW Codec Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\x264 Video Codec\Filters\FFDShow\ff_vfw.dll",configureVFW
C:\Users\gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\x264 Video Codec\Filters\FFDShow Video Decoder Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\x264 Video Codec\Filters\FFDShow\ffdshow.ax",configure
C:\Users\gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\x264 Video Codec\Filters\Haali Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\x264 Video Codec\Filters\Haali\Splitter.ax",Configure
C:\Users\gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\x264 Video Codec\Filters\VSFilter Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\x264 Video Codec\Filters\vsfilter.dll",DirectVobSub

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files (x86)\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager 6\eMusic Download Manager 6.lnk - C:\Program Files (x86)\eMusic Download Manager 6\emusic-dlm.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager 6\LICENSE.lnk - C:\Program Files (x86)\eMusic Download Manager 6\LICENSE.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager 6\Release notes.lnk - C:\Program Files (x86)\eMusic Download Manager 6\NOTES.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager 6\Uninstall.lnk - C:\Program Files (x86)\eMusic Download Manager 6\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in DirectX-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setDX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in OpenGL-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setOGL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth verwijderen.lnk - C:\Windows\SysWOW64\msiexec.exe /x {96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Interne t Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Interne t Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\gebruiker\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\gebruiker\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\gebruiker\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\gebruiker\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\gebruiker\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\gebruiker\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\gebruiker\AppData\Roaming\Microsoft\Windo ws\Libraries
C:\Users\gebruiker\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\gebruiker\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\TaskBar\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\gebruiker\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Excel 2003.lnk - C:\Windows\Installer\{90120413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
C:\Users\gebruiker\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2003.lnk - C:\Windows\Installer\{90120413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
C:\Users\gebruiker\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\gebruiker\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Windows\CurrentVersion\Uninstall\{B5AED8A1-7D00-D896-A895-E560B4F6BE7A} deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [googletalk] C:\Users\gebruiker\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Spotify] "C:\Users\gebruiker\AppData\Roaming\Spotify\Spotif y.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\gebruiker\AppData\Roaming\Spotify\Data\S potifyWebHelper.exe"
O4 - Startup: Dropbox.lnk = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pbox.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lxdr_device - Unknown owner - C:\Windows\system32\lxdrcoms.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [Skype Technologies S.A.]
googletalk = C:\Users\gebruiker\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [Google]
Spotify = "C:\Users\gebruiker\AppData\Roaming\Spotify\Spotif y.exe" /uri spotify:autostart [Spotify Ltd]
Spotify Web Helper = "C:\Users\gebruiker\AppData\Roaming\Spotify\Data\S potifyWebHelper.exe" [Spotify Ltd]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
ACMON = C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [ASUS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Run\ {++}
ASUSWebStorage = C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S [null data]
AVG_UI = "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\

AsusWSShellExt_B\(Default) = {6D4133E5-0742-4ADC-8A8C-9303440F7190}
-> {HKLM...CLSID} = AsusWSShellExt_B64 Class
\InProcServer32\(Default) = C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [ASUS Cloud Corporation.]

AsusWSShellExt_O\(Default) = {64174815-8D98-4CE6-8646-4C039977D808}
-> {HKLM...CLSID} = AsusWSShellExt_O64 Class
\InProcServer32\(Default) = C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [ASUS Cloud Corporation.]

AsusWSShellExt_U\(Default) = {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}
-> {HKLM...CLSID} = AsusWSShellExt_U64 Class
\InProcServer32\(Default) = C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [ASUS Cloud Corporation.]

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt64.19.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt64.19.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt64.19.dll [Dropbox, Inc.]

DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt64.19.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...Wow...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt.19.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...Wow...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt.19.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...Wow...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt.19.dll [Dropbox, Inc.]

HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt64.19.dll [Dropbox, Inc.]

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt64.19.dll [Dropbox, Inc.]

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt64.19.dll [Dropbox, Inc.]

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt64.19.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\

{b1b96b20-da1d-4a3c-92c1-7229b32f2325} = BackupContextMenuExtension
-> {HKLM...CLSID} = ASUSWSContextMenu.FileSystemBrowser.BackupContextM enuExtension.BackupContextMenuExtension
\InProcServer32\(Default) = mscoree.dll [MS]

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension
-> {HKLM...CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2014\avgsea.dll [AVG Technologies CZ, s.r.o.]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
-> {HKLM...CLSID} = iTunes
\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Shell Extensions\Approved\

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension
-> {HKLM...Wow...CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2014\avgse.dll [AVG Technologies CZ, s.r.o.]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\OFFICE11\msohev.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dl l [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dl l [MS]

{0561EC90-CE54-4f0c-9C55-E226110A740C} = Haali Column Provider
-> {HKLM...Wow...CLSID} = Haali Column Provider
\InProcServer32\(Default) = C:\Program Files (x86)\x264 Video Codec\Filters\Haali\mmfinfo.dll [null data]

{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} = Haali Matroska Shell Property Page
-> {HKLM...Wow...CLSID} = Haali Matroska Shell Property Page
\InProcServer32\(Default) = C:\Program Files (x86)\x264 Video Codec\Filters\Haali\mmfinfo.dll [null data]

{327669A0-59A7-4be9-B99E-1C9F3A57611A} = Haali Matroska Thumbnail Extractor
-> {HKLM...Wow...CLSID} = Haali Matroska Thumbnail Extractor
\InProcServer32\(Default) = C:\Program Files (x86)\x264 Video Codec\Filters\Haali\mmfinfo.dll [null data]

HKCU\Software\Classes\*\shellex\ContextMenuHandler s\

AABdzCtx\(Default) = {5B69A6B4-393B-459C-8EBB-214237A9E7AC}
-> {HKCU...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKCU...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]
-> {HKLM...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKLM...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt64.19.dll [Dropbox, Inc.]
-> {HKCU...Wow...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt.19.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\

AABdzCtx\(Default) = {5B69A6B4-393B-459C-8EBB-214237A9E7AC}
-> {HKCU...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKCU...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]
-> {HKLM...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKLM...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]

AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
-> {HKLM...CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2014\avgsea.dll [AVG Technologies CZ, s.r.o.]
-> {HKLM...Wow...CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2014\avgse.dll [AVG Technologies CZ, s.r.o.]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\

BackupContextMenuExtension\(Default) = {b1b96b20-da1d-4a3c-92c1-7229b32f2325}
-> {HKLM...CLSID} = ASUSWSContextMenu.FileSystemBrowser.BackupContextM enuExtension.BackupContextMenuExtension
\InProcServer32\(Default) = mscoree.dll [MS]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

HKCU\Software\Classes\Directory\shellex\ContextMen uHandlers\

AABdzCtx\(Default) = {5B69A6B4-393B-459C-8EBB-214237A9E7AC}
-> {HKCU...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKCU...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]
-> {HKLM...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKLM...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt64.19.dll [Dropbox, Inc.]
-> {HKCU...Wow...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt.19.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMen uHandlers\

AABdzCtx\(Default) = {5B69A6B4-393B-459C-8EBB-214237A9E7AC}
-> {HKCU...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKCU...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]
-> {HKLM...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKLM...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]

HKCU\Software\Classes\Directory\shellex\DragDropHa ndlers\

AABdzCtx\(Default) = {5B69A6B4-393B-459C-8EBB-214237A9E7AC}
-> {HKCU...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKCU...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]
-> {HKLM...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKLM...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHa ndlers\

AABdzCtx\(Default) = {5B69A6B4-393B-459C-8EBB-214237A9E7AC}
-> {HKCU...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKCU...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]
-> {HKLM...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKLM...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]

HKCU\Software\Classes\Directory\Background\shellex \ContextMenuHandlers\

AABdzCtx\(Default) = {5B69A6B4-393B-459C-8EBB-214237A9E7AC}
-> {HKCU...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKCU...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]
-> {HKLM...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKLM...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt64.19.dll [Dropbox, Inc.]
-> {HKCU...Wow...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pboxExt.19.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex \ContextMenuHandlers\

AABdzCtx\(Default) = {5B69A6B4-393B-459C-8EBB-214237A9E7AC}
-> {HKCU...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKCU...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]
-> {HKLM...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl64 .dll [Bandisoft.com]
-> {HKLM...Wow...CLSID} = AABdzCtx Class
\InProcServer32\(Default) = C:\Users\gebruiker\AppData\Local\Bandizip\bdzshl32 .dll [Bandisoft.com]

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM...CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandler s\

{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = Haali Column Provider
-> {HKLM...Wow...CLSID} = Haali Column Provider
\InProcServer32\(Default) = C:\Program Files (x86)\x264 Video Codec\Filters\Haali\mmfinfo.dll [null data]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHa ndlers\

AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
-> {HKLM...CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2014\avgsea.dll [AVG Technologies CZ, s.r.o.]
-> {HKLM...Wow...CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2014\avgse.dll [AVG Technologies CZ, s.r.o.]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\

Enable Browser Extensions = (REG_SZ) yes
{Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel|Advanced Page|
Allow third-party browser extensions}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System\

EnableCursorSuppression = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox \Bureaubladachtergrond.bmp


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\AutoplayHandlers\Handlers\

Fotoimport12455-38\
Provider = Fotoimporteeder
InvokeProgID = Fotoimport12455-38
InvokeVerb = play
HKLM\SOFTWARE\Classes\Fotoimport12455-38\shell\play\command\(Default) = "C:\Program Files (x86)\Pixum\Pixum Fotoboek\Fotoimporteeder.exe" -startDirectory %1 [null data]

Fotoschau12455-38\
Provider = Fotoshow
InvokeProgID = Fotoschau12455-38
InvokeVerb = play
HKLM\SOFTWARE\Classes\Fotoschau12455-38\shell\play\command\(Default) = "C:\Program Files (x86)\Pixum\Pixum Fotoboek\Fotoshow.exe" -d %1 [null data]

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\com mand\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell \import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\p lay\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\s howsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MagicUSBCable\
Provider = @%windir%\system32\migwiz\wet.dll,-588
CLSID = {0C776A5A-FC42-4870-8D65-D62ADD9184FF}
-> {HKLM...CLSID} = Magic USB Cable Class ID
\LocalServer32\(Default) = "C:\Windows\System32\MigAutoPlay.exe" [MS]

MSFhConfigBackup\
Provider = @C:\Windows\system32\fhautoplay.dll,-100
InvokeProgID = FHConfig.AutoPlayHandler
InvokeVerb = config
HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\she ll\config\command\(Default) = fhmanagew -autoplay [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\comma nd\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\( Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\( Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\( Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPromptEachTime\
Provider = @C:\Windows\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTime
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Defaul t) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
-> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServe rRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSPromptEachTimeNoContent\
Provider = @C:\Windows\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTimeNoContent
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Defaul t) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
-> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServe rRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Comman d\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

MSWPDNetworkConfigHandler\
Provider = @C:\Windows\system32\wpdshext.dll,-503
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /NetworkConfig;%SystemRoot%\system32\xwizard.exe;Ru nWizard {34c219bd-85c1-4338-95e8-788a36901dc2} /z %s
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\comma nd\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]

VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\co mmand\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\comm and\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]

VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\co mmand\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\com mand\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\comm and\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\co mmand\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]


Startup items in "gebruiker" & "All Users" startup folders:
-----------------------------------------------------------

C:\Users\gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup {++}
Dropbox -> shortcut to: C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dro pbox.exe /systemstartup [Dropbox, Inc.]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp {++}
AsusVibeLauncher -> shortcut to: C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [ASUSTeK Computer Inc.]


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [Adobe Systems Incorporated]
ASUS InstantOn Config -> launches: C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [ASUS]
ASUS Live Update -> launches: C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [null data]
ASUS P4G -> launches: C:\Program Files\ASUS\P4G\BatteryLife.exe [ASUS]
ASUS Touchpad Launcher (x64) -> launches: C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [AsusTek]
CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]
FGRun -> launches: C:\Users\gebruiker\AppData\Roaming\pack.exe [file not found]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> launches: C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate [Intel Corporation]
ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> launches: C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate [Intel Corporation]
ROC_JAN2013_TB_rmv -> launches: C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe --uninstall=1 [file not found]

C:\Windows\System32\Tasks\Apple
AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]

C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
.NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = mscoree.dll [MS]
.NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = mscoree.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\AppID
SmartScreenSpecific -> launches: {9f2b0085-9218-42a1-88b0-9f0e65851666}
-> {HKLM...CLSID} = Windows SmartScreen Task Handler
\InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS]
-> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler
\InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Applic ation Experience
AitAgent -> launches: aitagent /increment [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Applic ationData
CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTempora ryState [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autoch k
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Blueto oth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Certif icateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
ProactiveScan -> launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1}
-> {HKLM...CLSID} = Proactive Scan
\InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Custom er Experience Improvement Program
BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66}
-> {HKLM...CLSID} = BthSQM
\InProcServer32\(Default) = C:\Windows\System32\BthSQM.dll [MS]
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
-> {HKLM...CLSID} = Data Integrity Scan
\InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888}
-> {HKLM...CLSID} = DsmRefreshTask Class
\InProcServer32\(Default) = C:\Windows\System32\DeviceSetupManagerAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagno sis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\FileHi story
File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A}
-> {HKLM...CLSID} = FhTaskHandler Class
\InProcServer32\(Default) = C:\Windows\System32\fhtask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Locati on
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Mainte nance
WinSAT -> launches: A9A33436-678B-4c9c-A211-7CC38785E79D
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Memory Diagnostic
ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}
-> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
\InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS]
RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}
-> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
\InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts
MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Mobile PC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multim edia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg
BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3}
-> {HKLM...CLSID} = Binding Engine Task Handler
\InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS]
-> {HKLM...Wow...CLSID} = Binding Engine Task Handler
\InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTra ce
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\PI
Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]
Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209}
-> {HKLM...CLSID} = Device Installation Group Policy Task Handler
\InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS]
Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b}
-> {HKLM...CLSID} = Device Installation Reboot Dialog Task
\InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS]
Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: {927ea2af-1c54-43d5-825e-0074ce028eee}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Windows\System32\energytask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Regist ry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Remote Assistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Servic ing
StartComponentCleanup -> launches: 752073A1-23F2-4396-85F0-8FDB879ED0ED [InProcServer32 entry not found]

C:\Windows\System32\Tasks\Microsoft\Windows\Settin gSync
BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87}
-> {HKLM...CLSID} = Delayed Background Upload Task Handler
\InProcServer32\(Default) = C:\Windows\system32\SettingSyncInfo.dll [MS]
-> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler
\InProcServer32\(Default) = C:\Windows\system32\SettingSyncInfo.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Setup
Pre-staged GDR Notification -> launches: %windir%\system32\NotificationUI.exe /Applicability [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43}
-> {HKLM...CLSID} = Shell Create Object Task Delegate
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
-> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS]
FamilySafetyRefresh -> launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA}
-> {HKLM...CLSID} = FamilySafety.WebSync
\InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS]
IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}
-> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
\InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]
-> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
\InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideSh ow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM...CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Softwa reProtectionPlatform
SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
-> {HKLM...CLSID} = SppSvcRestartTaskHandler Class
\InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]
-> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class
\InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SpaceP ort
SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Sysmai n
WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\System Restore
SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TaskSc heduler
Maintenance Configurator -> launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8}
-> {HKLM...CLSID} = Maintenance Configurator
\InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]
Manual Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
-> {HKLM...CLSID} = Maintenance Launcher Handler
\InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]
Regular Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
-> {HKLM...CLSID} = Maintenance Launcher Handler
\InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextSe rvicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
-> {HKLM...CLSID} = Time Synchronization Task Handler
\InProcServer32\(Default) = C:\Windows\system32\TimeSyncTask.dll [MS]
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TPM
Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Window s Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Window s Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Window s Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Window sBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Window sUpdate
Scheduled Start -> launches: C:\Windows\system32\sc.exe start wuauserv [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Winine t
CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
-> {HKLM...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
-> {HKLM...Wow...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WS
Badge Update -> launches: {00CCDDF6-5107-424D-853D-3907AE5502DC}
-> {HKLM...CLSID} = WinStore Tile Badge Updater
\InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS]
License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS]
Sync Licenses -> launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E}
-> {HKLM...CLSID} = WinStore License Sync task
\InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS]
WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS]
WSTask -> launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Windows\System32\WSService.dll [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoek
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Onderzoek
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
-> {HKLM...Wow...CLSID} = &Onderzoek
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
ASLDR Service, ASLDRService, C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [ASUSTek Computer Inc.]
ASUS InstantOn Service, ASUS InstantOn, C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [ASUS]
ATKGFNEX Service, ATKGFNEXSrv, C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [ASUS]
AVG WatchDog, avgwd, "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.]
AVGIDSAgent, AVGIDSAgent, "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe" [AVG Technologies CZ, s.r.o.]
Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Intel(R) Capability Licensing Service Interface, Intel(R) Capability Licensing Service Interface, "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [Intel(R) Corporation]
Intel(R) Dynamic Application Loader Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [Intel Corporation]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel(R) ME Service, Intel(R) ME Service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [Intel Corporation]
iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
lxdr_device, lxdr_device, C:\Windows\system32\lxdrcoms.exe -service [ ]
MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation]
MBAMService, MBAMService, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [Malwarebytes Corporation]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Min imal\

<<!>> MCODS,
<<!>> PEVSystemStart, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Net work\

<<!>> McMPFSvc, Service
<<!>> MCODS,
<<!>> PEVSystemStart, Service


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\
4900 Series Port\Driver = lxdrlmpm.DLL [ ]
CutePDF Writer Monitor\Driver = cpwmon64.dll [null data]




==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\gebruiker\AppData\Local\Microsoft\Windows \Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\gebruiker\AppData\Local\Microsoft\Windows \Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\gebruiker\AppData\Local\Mozilla\Firefox\P rofiles\nto5tsia.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\gebruiker\AppData\Local\Google\Chrome\Use r Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== After Reboot ======================

==== System Restore Info ======================

21/11/2013 7:11:19 Zoek.exe System Restore Point Created Succesfully.

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

==== EOF on do 21/11/2013 at 7:11:21,92 ======================

[Rosty]

Hoi,

AVG stond uit hoor!! Hoe staan de zaken nu?