Zoek.exe v5.0.0.0 Updated 22-05-2014 Tool run by User on ma 26/05/2014 at 18:01:05,61. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2013-03-10-130557.log 21574 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2638237857-1681130518-3809974609-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_USERS\S-1-5-21-2638237857-1681130518-3809974609-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_USERS\S-1-5-21-2638237857-1681130518-3809974609-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully HKEY_USERS\S-1-5-21-2638237857-1681130518-3809974609-1002\Software\Microsoft\Internet Explorer\SearchScopes\{1D58C352-0C23-448B-BDDC-FD8A97119E0F} deleted successfully HKEY_CLASSES_ROOT\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DefaultTabSearch deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DefaultTabSearch deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\ProgramData\Partner deleted C:\Program Files (x86)\DefaultTab deleted C:\Users\User\AppData\Local\genienext deleted C:\Users\User\daemonprocess.txt deleted C:\Users\User\.android deleted C:\PROGRA~2\Mobogenie deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~2\Advanced System Protector deleted C:\PROGRA~2\Optimizer Pro deleted C:\PROGRA~2\GreenTree Applications deleted C:\PROGRA~2\Wise\Wise Registry Cleaner deleted C:\PROGRA~2\AskPartnerNetwork deleted C:\Users\User\AppData\Roaming\newnext.me deleted C:\Users\User\AppData\Roaming\DefaultTab deleted C:\Users\User\AppData\Roaming\Systweak deleted C:\Users\User\AppData\Roaming\Optimizer Pro deleted C:\Users\User\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\Systweak deleted C:\PROGRA~3\Ask deleted C:\PROGRA~3\AskPartnerNetwork deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\YTD Video Downloader deleted C:\Users\User\AppData\Local\Mobogenie deleted C:\Users\User\AppData\Local\cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader deleted C:\Windows\SysNative\roboot64.exe deleted C:\Windows\Syswow64\sho606C.tmp deleted C:\Windows\Syswow64\sho9DFF.tmp deleted C:\Windows\Syswow64\shoE42E.tmp deleted C:\Windows\Syswow64\shoF413.tmp deleted C:\Windows\Syswow64\shoF7EF.tmp deleted C:\Windows\Syswow64\shoF9AD.tmp deleted C:\Users\User\Documents\Optimizer Pro deleted C:\Users\User\Documents\Mobogenie deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-05-08 16:22:03 0B5A0005C0BDF4A05174576AF80DEA04 43152 ----a-w- C:\Windows\avastSS.scr 2014-04-28 06:15:21 9CA6D0AC4DD53D642FC8023CB3217046 563004761 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\User\AppData\Local\Temp ==== 2014-05-24 15:04:55 FE447D1CD38CECAC2331FA932078D9A0 271360 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\SmiProvider.dll 2014-05-24 15:04:55 FC2DB5842190C6E78A40CD7DA483B27C 435712 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\DmiProvider.dll 2014-05-24 15:04:55 FC00A05639494779002682A9B965EF9C 471040 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\WimProvider.dll 2014-05-24 15:04:55 F2B0771A7CD27F20689E0AB787B7EB7C 289792 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\DismCore.dll 2014-05-24 15:04:55 E7CAED467F80B29F4E63BA493614DBB1 127488 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\OSProvider.dll 2014-05-24 15:04:55 C9D74156913061BE6C51D8FC3ACF8E93 53760 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\FolderProvider.dll 2014-05-24 15:04:55 BBB9E4FA2561F6A6E5CCF25DA069AC1B 313344 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\IntlProvider.dll 2014-05-24 15:04:55 9A821D8D62F4C60232B856E98CBA7E4F 96768 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\DismHost.exe 2014-05-24 15:04:55 8D3855B133E21143E8B4BFADB9FB14A3 302080 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\UnattendProvider.dll 2014-05-24 15:04:55 8CA117CB9338C0351236939717CB7084 186368 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\DismProv.dll 2014-05-24 15:04:55 7B38D7916A7CD058C16A0A6CA5077901 271360 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\wdscore.dll 2014-05-24 15:04:55 739968678548BA15F6B9372E8760C012 444416 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\TransmogProvider.dll 2014-05-24 15:04:55 6A4BD682396F29FD7DF5AB389509B950 183296 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\CompatProvider.dll 2014-05-24 15:04:55 5488E381238FF19687FDD7AB2F44CFCC 111616 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\DismCorePS.dll 2014-05-24 15:04:55 45FF4FA5CA5432BFCCDED4433FE2A85B 216576 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\MsiProvider.dll 2014-05-24 15:04:54 EFCB002ABC3529D71B61E6FB6434566C 762368 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\CbsProvider.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-05-15 22:08:28 41F1636BDCF4D06D716DC77E436677E1 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 22:08:28 202F1B15130E696EA7F31E0F52BFF621 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 22:08:26 0E468A0C51460D8DA3DF9B782275F1DB 12347392 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-05-15 02:07:45 E9D88493FBDB36D4B65C6F2F7F122C95 12874240 ----a-w- C:\Windows\SysWOW64\shell32.dll 2014-05-15 02:07:29 9DE19EA21DF99AF15BA5A947E5317F9E 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2014-05-15 02:07:29 4D59F470985D08139E42D15842816C47 3969984 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 02:07:28 ED195AC76E10F17F6DD60C49666F2A83 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 02:07:28 31FA2485DFC773F1E718A4D19F443FA9 3914176 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 02:07:26 FBC78B5D12A4F5A62D9C91E0E0E46D46 49664 ----a-w- C:\Windows\SysWOW64\adprovider.dll 2014-05-15 02:07:26 995B39A08421C7725D1DF8DACEBBFC89 538112 ----a-w- C:\Windows\SysWOW64\objsel.dll 2014-05-15 02:07:26 828185688FDAAE6C7959B884ABED1766 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2014-05-15 02:07:26 62C0798CC68EBF42F29C92E6CD6DC3D6 36864 ----a-w- C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 02:07:26 541BB9B4C899ADCC5D3DB89208C1F409 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 02:07:26 461B713DE7F353C6447B744F1A049930 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2014-05-15 02:07:26 3A1ABE045A3E30799576E83A2D012B43 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2014-05-15 02:07:26 335FA669FC952BC4888CEDBDB42607E2 51200 ----a-w- C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 02:07:25 C94CE65AE7701E9FDBA889045543E27C 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2014-05-15 02:07:25 834A859BB331B0B2CCAE25BB1986F80D 47616 ----a-w- C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 02:07:25 75878492F2B33405EEF900F8C16C6D08 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2014-05-15 02:07:25 5E11C55CC4D9330E55CCB22B1F20BB33 35328 ----a-w- C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 02:07:25 38A30B8E4216BE24D30F766EF3BAC2C7 48128 ----a-w- C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 02:07:25 2A86C18CE6869C77FCEB62F3B47D4D5B 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2014-05-14 17:49:13 76E7383ABED6D75B3111D770E272E59E 17938608 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-05-15 22:08:28 6E2670180EEBD1507EE0350D32097EEA 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-05-15 22:08:26 01FA6D239237350EC45B4B12727B8E00 17847808 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-05-15 22:08:24 14B9C349F0DD71A533814BFE93695CC9 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-05-15 02:07:48 427015D56DF17241F634611557146C57 14175744 ----a-w- C:\Windows\Sysnative\shell32.dll 2014-05-15 02:07:45 4A795989DF0043973711B666D36D2678 477184 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-05-15 02:07:44 485FB1F3792FF7B5D5EBB99AB870E588 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-05-15 02:07:30 9358149234A4F3FE00CF5C2096DC1652 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2014-05-15 02:07:29 B19C8390A1D641B9AC4490D4828A7B5E 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2014-05-15 02:07:28 E2A483E796D5FC7E447725FD01D98FA0 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2014-05-15 02:07:28 89EF1CE0CE43AB8F55247D746739A321 722944 ----a-w- C:\Windows\Sysnative\objsel.dll 2014-05-15 02:07:27 6B47CF5C27865DDF6680E4D834FBE34F 5550016 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2014-05-15 02:07:26 CF13522172342AD8196B329C15D68E23 44544 ----a-w- C:\Windows\Sysnative\dimsroam.dll 2014-05-15 02:07:26 B6D8C1202DACA028AD94BDA2795CBBE9 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-05-15 02:07:26 9D942180B5B6CE1C882B9CC54EA1F275 57344 ----a-w- C:\Windows\Sysnative\cngprovider.dll 2014-05-15 02:07:26 851BB346CD59D9B3BC8854384C7DD5C3 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2014-05-15 02:07:26 692E9886B2A475684F7E3294BF66E97D 56832 ----a-w- C:\Windows\Sysnative\adprovider.dll 2014-05-15 02:07:26 481F70241D4EA038BB02590A30F15A23 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2014-05-15 02:07:26 26AF184300C0868D854D5A3092234E24 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2014-05-15 02:07:25 C072064F95579C0D6D86AF5B3DC53192 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2014-05-15 02:07:25 BDA8B14AFE99A0C52BFEA64C5AC62171 52736 ----a-w- C:\Windows\Sysnative\dpapiprovider.dll 2014-05-15 02:07:25 9A3C6D8593F29A9F66744A3D4E6309B2 39936 ----a-w- C:\Windows\Sysnative\wincredprovider.dll 2014-05-15 02:07:25 82A72E99AA1CF0B04D3B9843CBA3AEC1 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-05-15 02:07:25 8098627D0AA1706D69C5AF3F74332ABB 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2014-05-15 02:07:25 4959DE74643CBC4B83E5BC99486A4FC9 53760 ----a-w- C:\Windows\Sysnative\capiprovider.dll 2014-05-15 02:07:25 39312B37C5FE5138F99680A49ACD3AEA 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2014-05-15 02:07:25 204F3F58212B3E422C90BD9691A2DF28 31232 ----a-w- C:\Windows\Sysnative\lsass.exe ====== C:\Windows\Sysnative\drivers ===== 2014-05-15 02:07:26 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2014-05-15 02:07:25 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2014-05-08 16:22:09 340B0467E98A8C92697D73034DB4BCB7 29208 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-05-25 14:50:38 -------- d-----w- C:\Program Files\trend micro 2014-05-10 19:02:54 -------- d-----w- C:\Program Files\iPod 2014-05-10 19:02:53 -------- d-----w- C:\Program Files\iTunes ======= C:\PROGRA~2 ===== 2014-05-20 20:42:40 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2014-05-15 22:08:10 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER 2014-05-10 19:02:53 -------- d-----w- C:\PROGRA~2\iTunes ======= C: ===== ====== C:\Users\User\AppData\Roaming ====== ====== C:\Users\User ====== 2014-05-25 14:49:29 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\User\Desktop\RSITx64.exe 2014-05-16 11:28:52 FDEF6EDB0E919E518C907AF35EB70261 389120 ----a-w- C:\Windows\serviceprofiles\networkservice\NTUSER.rhk 2014-05-16 11:28:52 3A1A708A53566084E5B3779A6AFD90DC 253952 ----a-w- C:\Windows\serviceprofiles\Localservice\NTUSER.rhk 2014-05-10 19:03:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-10 19:02:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-10 10:50:07 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Searches ====== C: exe-files == 2014-05-25 14:50:38 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\User.exe 2014-05-25 14:49:29 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\User\Desktop\RSITx64.exe 2014-05-24 15:04:55 9A821D8D62F4C60232B856E98CBA7E4F 96768 ----a-w- C:\Users\User\AppData\Local\Temp\DA6F0554-5AC2-4A88-B669-8A0E59605B1C\DismHost.exe 2014-05-23 14:59:33 3AF5806AAB54D86CDA7AAA034FD2C35E 38382160 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\35.0.1916.114\35.0.1916.114_chrome_installer.exe 2014-05-23 05:36:48 29198D93029027C9BB4DA8E9C70AF13E 26832976 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\35.0.1916.114\35.0.1916.114_34.0.1847.137_chrome_updater.exe === C: other files == 2014-05-26 06:47:34 760834BF013F90D554EA0C5C1797E058 132 ---ha-w- C:\Program Files (x86)\Common Files\X10\Common\x10prod.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2638237857-1681130518-3809974609-1002\Software\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotkeyApp"="C:\Program Files (x86)\Launch Manager\HotkeyApp.exe" "LMgrVolOSD"="C:\Program Files (x86)\Launch Manager\OSD.exe" "Wbutton"="C:\Program Files (x86)\Launch Manager\Wbutton.exe" "NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "NSU_agent"="C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 " "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "VDownloader"="C:\Program Files\VDownloader\VDownloader.exe /silent" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" "hkey"="HKLM" "item"="APSDaemon" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" "hkey"="HKLM" "item"="iTunesHelper" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] "backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe" "item"="Bluetooth" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk" ==== Startup Folders ====================== 2013-06-01 17:47:57 1952 ----a-w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - .lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\Windows\tasks\HP Photo Creations Communicator.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Photosmart 5520 series" ["C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{5439952E-DA70-4AB0-A1DE-BE35AE186F84}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{198C5903-61BD-4D5E-8F6C-4BFFFA9D1BA5}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\{1EB07074-67F6-4FBA-B962-8FCB12A69F85}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08/05/2014 18:22] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/05/2014 18:21] kdidombaedgpfiiedeimiebkmbilgmlc - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46] avast Online Security - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Windows Media Player Extension for HTML5 - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak Skype Click to Call - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc ==== Chrome Fix ====================== C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage deleted successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.hotmail.com/" "Search Page"="http://www.google.com" "Default_Page_URL"="http://www.aldi.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.hotmail.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{1C8CDDBD-056A-41AA-A672-77A432297A48}" {1C8CDDBD-056A-41AA-A672-77A432297A48} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_nlBE506" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\189D1UW5 will be deleted at reboot C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1V6DU86 will be deleted at reboot C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBJBEZFR will be deleted at reboot C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=753 folders=253 271599142 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Users\User\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\User\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted "C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\189D1UW5" not found "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1V6DU86" not found "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBJBEZFR" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on ma 26/05/2014 at 18:22:38,33 ======================