Zoek.exe v5.0.0.0 Updated 16-June-2014 Tool run by LisanneH on do 19-06-2014 at 7:10:23,35. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\LisanneH\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 19-6-2014 7:12:06 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Convar deleted successfully C:\PROGRA~2\Mio deleted successfully C:\PROGRA~3\Hitman Pro deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\LisanneH\AppData\Local\Avg2013 deleted successfully C:\Users\LisanneH\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1670573222-3266817119-1213147368-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-4300-76A7-7A786E7484D7} deleted successfully HKEY_USERS\S-1-5-21-1670573222-3266817119-1213147368-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E1343B76-E423-4F1C-AD34-E0E3E5699065} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{4F524A2D-5637-4300-76A7-7A786E7484D7} deleted successfully ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {4F524A2D-5637-4300-76A7-7A786E7484D7}=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"=- "Uninstall C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"=- "Uninstall C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"=- "Uninstall C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP deleted C:\Program Files (x86)\Enigma Software Group deleted C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-06-13 19:55:30 E185BDA84E5F03F4E1D8DCA30E209277 1912 ----a-w- C:\Windows\epplauncher.mif ====== C:\Users\LisanneH\AppData\Local\Temp ==== 2014-06-18 13:17:46 98ADA896D51610D3412EEEAA5F12A53F 10971424 ----a-w- C:\Users\LisanneH\AppData\Local\Temp\HitmanPro.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-06-15 19:58:23 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll 2014-06-15 08:57:06 204882085A7D984D455AA4DE7B7074C6 5694464 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2014-06-13 20:08:58 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll 2014-06-13 20:08:58 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll 2014-06-13 20:08:58 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2014-06-13 20:08:58 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-06-13 20:08:57 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll 2014-06-13 20:08:31 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll 2014-06-13 19:47:23 AAB5D8C5ABE71873DC19ED004EF25009 792576 ----a-w- C:\Windows\SysWOW64\TSWorkspace.dll 2014-06-13 19:47:08 33B26FA5DBEB69FFAB703EDCB4E6DE4A 514560 ----a-w- C:\Windows\SysWOW64\qdvd.dll 2014-06-12 19:09:01 E227B810296AA27E6C69307A7B6456E5 1389056 ----a-w- C:\Windows\SysWOW64\msxml6.dll 2014-06-12 19:09:00 8B8D1CEF498678CAB9DF17145D34BC64 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-06-12 19:09:00 2E673E776136354ECFB57BFD62E7EC3D 2048 ----a-w- C:\Windows\SysWOW64\msxml6r.dll 2014-06-12 19:09:00 0789F82BAE171323F74B8F175D406AB8 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2014-06-12 19:08:58 A5F833506BF6A1B5D693E1499DEE2444 626688 ----a-w- C:\Windows\SysWOW64\usp10.dll 2014-06-12 19:08:55 D5ECBB3BFDC73A59440D9CA79AB3A342 17271296 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-06-12 19:08:55 C1F5812F355D0C9495C1B2E7165DA2AF 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-12 19:08:55 BB9BADED14F0963498855AC28446CED5 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-12 19:08:55 8DF06ACA017949D37C38B6A0EF747D4E 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-06-12 19:08:55 7E27FB6AB8976897A530FB30F5FF7691 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-06-12 19:08:55 6D8E6A9A524FFAAFA4D2F6C8EF38D0BB 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-06-12 19:08:55 0AFCE8EEF3751810FE2101FD608FB8B3 1143296 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-06-12 19:08:55 017B99D09904DCA35D5F66AD79084B5F 368128 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-06-12 19:08:53 D9F5B424C307B195E16A9B0A21E53BCC 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-06-12 19:08:53 C69FDD49AB9E8BCF2BAAC469CE0CC756 1964544 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-06-12 19:08:53 9EAAB4305536829D6B7D9C3A47E92861 2179072 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-06-12 19:08:52 E0EA58834CD19FDFCD1BC37B22E1D3D8 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-06-12 19:08:52 D36574C287D0764C95AC777DFF367715 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-06-12 19:08:52 814E0D53EF020BD93097F26B53B573F0 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-06-12 19:08:52 688227D38A6FF6403B293D0C50B454B9 11725312 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-06-12 19:08:52 5B5815477A53ED92B89955FFE7EDCB2E 242688 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-06-12 19:08:51 4D3074AA172DCFD5D56BE764B671085A 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-06-12 19:08:50 EB960643DC62832C88272573204B6DBA 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-06-12 19:08:50 CC0077F9C7ACD7E97707DFC763A4EA99 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-06-12 19:08:50 C58E97EEB1CB80CE91D5E7FD5E78794F 4244992 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-06-12 19:08:50 771CDBC3D62437D6DB070820BB1EDCCF 1790976 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-06-12 19:08:50 22D7FFA4B94916F18EB1F1D107B86839 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-06-12 19:08:50 0AC4E3C93D49E37D5B008ED99092115C 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-12 19:08:50 09771ABC896D2A88370F3AB8BADC242E 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-06-15 09:06:15 C9AAF7BD56AE4473FD65A619B32FF715 132046 ----a-w- C:\Windows\Sysnative\.crusader 2014-06-15 08:57:12 EF2D8BBA6E077559B675513BC0EE5FC2 3178496 ----a-w- C:\Windows\Sysnative\rdpcorets.dll 2014-06-15 08:57:12 2147C5330F983D76A36B73F4A804F778 16384 ----a-w- C:\Windows\Sysnative\RdpGroupPolicyExtension.dll 2014-06-15 08:57:05 879A3F94118D686E63041A386FE91EBE 6574592 ----a-w- C:\Windows\Sysnative\mstscax.dll 2014-06-13 20:09:00 DDED7C5558B3AE09F568945281A9A6D1 44544 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll 2014-06-13 20:08:59 FEC6178962DFF33074D39CA907971405 12800 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll 2014-06-13 20:08:59 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe 2014-06-13 20:08:58 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\Sysnative\mstsc.exe 2014-06-13 20:08:58 7BD2E6E2458A5B95F8341244C7FC7DD4 18944 ----a-w- C:\Windows\Sysnative\wksprtPS.dll 2014-06-13 20:08:58 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\Sysnative\wksprt.exe 2014-06-13 20:08:58 5289A00E2D21BB3A7D6761646543ED5C 62976 ----a-w- C:\Windows\Sysnative\tsgqec.dll 2014-06-13 20:08:58 149A388C17F04AD1F99B477A43BE1A9F 56832 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll 2014-06-13 20:08:58 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe 2014-06-13 20:08:57 A4420969E5AB94856E5C0C02E6099D3F 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll 2014-06-13 20:08:31 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\Windows\Sysnative\rdpendp_winip.dll 2014-06-13 20:08:31 AD4D0AEDB5993EDA31EB80A54EDBC344 243200 ----a-w- C:\Windows\Sysnative\rdpudd.dll 2014-06-13 19:47:23 9E2EDE952A3EC44754A829F048CE93A0 1030144 ----a-w- C:\Windows\Sysnative\TSWorkspace.dll 2014-06-13 19:47:08 973131EB99BE1E19DAC502CB724E72A5 366592 ----a-w- C:\Windows\Sysnative\qdvd.dll 2014-06-12 19:09:01 ECA6AC33BD9E441F7B47D173D715D268 1882112 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-06-12 19:09:01 0E3A7EC2B9590EA7767BBB1823630DEA 2002432 ----a-w- C:\Windows\Sysnative\msxml6.dll 2014-06-12 19:09:00 3408DD8081DC22858AE2E6ABD2594C02 2048 ----a-w- C:\Windows\Sysnative\msxml6r.dll 2014-06-12 19:09:00 0465A8CFDDB4FFDB569802A70B9443D5 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2014-06-12 19:08:58 088CF6AFCD5CDD44E40C0ACDE3C1A5E0 801280 ----a-w- C:\Windows\Sysnative\usp10.dll 2014-06-12 19:08:55 DA7AAB5D4E5F7160E906C0D2EB9A2B9F 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-06-12 19:08:55 3ED5C9055F7A635399FC12892F565287 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-06-12 19:08:54 D5C446B14DC667B7B9FBB30EA1701D92 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-06-12 19:08:53 3A1AB9DE852F2BC1ECE6403BDD01B9F0 1398272 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-06-12 19:08:52 DFD834E89B819B5ECE8E251C56B5A3CE 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-06-12 19:08:52 BFD3178735D97C858FFA467F8199700C 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-06-12 19:08:52 867DD52B23D3B0390B88F3D7AD1E600C 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-06-12 19:08:52 12BA419E27DBC5DBF9262C8A885FA361 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-06-12 19:08:51 EAAA62F272858695814A1F42D5E59BD3 608768 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-06-12 19:08:51 B34D3F303769E65CE7EFBD4E6FB62B25 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-06-12 19:08:51 3FC3828E8820D1C93DBFBAD4BE456D85 2040832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-06-12 19:08:51 063EF4239479F52DAF9F4849B0B304F1 2768384 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-06-12 19:08:50 CE6109C73C3A04CC2B8C6110B0F0FEF9 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-06-12 19:08:50 790FD40601502C5FE8213D4F335DA0BD 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-06-12 19:08:49 CB8A91074AE1B5051E240B50A328DCF5 295424 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-06-12 19:08:49 B2C037F50A02D6C057B1E0791BBF41A5 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-06-12 19:08:49 2DBB9127794BC30BC31D26FA088F8BAB 13522944 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-06-12 19:08:48 CC603EF96BA456D4BCD9FF849ED07A2A 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-06-12 19:08:48 AB3FA3D9B1F1D0571CBC43D1487CCD6F 5782528 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-06-12 19:08:48 A4A58E3171C03A1145D1C3EC488D1B4F 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-06-12 19:08:48 770F067D833DC017CEB8A36A2A1EC942 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-06-12 19:08:48 6B9925F498D4E91FB57576CC3776D428 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-06-12 19:08:47 9013D5BBE1B6D3A060F54B4B5BB2C3A3 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-06-12 19:08:47 8E3C6008250A904C06943BCEA585E344 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-06-12 19:08:47 40BFD9D6EC8E174145F012246CA73CCD 2266112 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-06-12 19:08:47 2F474D40626B0C694400589F3FBB9AA9 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-06-12 19:08:46 F343ECB3C683EBD7E3990C03AD680855 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-06-12 19:08:46 56803B20D168C1B740D12CE0BE4588F5 23414784 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-06-12 19:08:22 84A13AB118F433898B5ABA36E8D7CA91 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-06-12 19:08:22 2C053C9B2A8249F1F9B38ED1AE455771 506368 ----a-w- C:\Windows\Sysnative\aepdu.dll ====== C:\Windows\Sysnative\drivers ===== 2014-06-13 20:08:59 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys 2014-06-13 20:08:32 AD64450A4ABE076F5CB34CC08EEACB07 30208 ----a-w- C:\Windows\Sysnative\drivers\TsUsbGD.sys 2014-06-13 20:08:32 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys 2014-06-12 19:09:00 17F685B67C74B8F7BFED4308790B71DE 288192 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2014-06-12 19:09:00 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E 1903552 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-18 13:22:05 -------- d-----w- C:\Program Files\trend micro 2014-06-15 08:53:48 -------- d-----w- C:\Program Files\HitmanPro ======= C:\PROGRA~2 ===== 2014-06-18 20:00:24 -------- d-----w- C:\PROGRA~2\AVG 2014-06-15 19:30:36 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard ======= C: ===== ====== C:\Users\LisanneH\AppData\Roaming ====== 2014-06-18 20:02:44 -------- d-----w- C:\Users\LisanneH\AppData\Roaming\AVG2014 2014-06-18 20:02:27 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014 2014-06-18 20:01:59 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014 2014-06-18 20:00:25 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2014 2014-06-18 19:56:23 -------- d-----w- C:\Users\LisanneH\AppData\Local\Avg2014 ====== C:\Users\LisanneH ====== 2014-06-18 20:01:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-06-18 20:01:12 -------- d-----w- C:\ProgramData\AVG2014 2014-06-18 13:21:43 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\LisanneH\Downloads\RSITx64.exe 2014-06-15 08:53:35 -------- d-----w- C:\ProgramData\HitmanPro 2014-05-20 16:35:15 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Searches ====== C: exe-files == 2014-06-18 20:01:02 79043F73D96E1DC49AEBC4FFF5F7355C 328208 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgndisa.exe 2014-06-18 13:22:06 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\LisanneH.exe 2014-06-18 13:21:43 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\LisanneH\Downloads\RSITx64.exe 2014-06-18 13:17:46 98ADA896D51610D3412EEEAA5F12A53F 10971424 ----a-w- C:\Users\LisanneH\AppData\Local\Temp\HitmanPro.exe 2014-06-15 08:53:48 98ADA896D51610D3412EEEAA5F12A53F 10971424 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe 2014-06-13 20:08:59 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2014-06-13 20:08:58 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\System32\mstsc.exe 2014-06-13 20:08:58 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\System32\wksprt.exe 2014-06-13 20:08:58 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2014-06-13 20:08:58 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe 2014-06-12 19:08:55 4F2AA3E7BD7257E4937E071E3700819E 810200 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-06-12 19:08:55 4AFAE8BAF6E85311AD78395C47351A1D 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-06-12 19:08:54 60F88F6CA6303E8273AF7AAA9AAFECAC 812248 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-06-12 19:08:53 50989AAF09CDCEBC0FD8EB0FE79C2A98 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-06-12 19:08:53 4076E62E061769E42186AE860007FA08 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-06-12 19:08:52 BFD3178735D97C858FFA467F8199700C 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-06-12 19:08:51 EAAA62F272858695814A1F42D5E59BD3 608768 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-06-12 19:08:51 159C5979C61F51EEFC84D9AB17C4E0E7 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-06-12 19:08:50 CC0077F9C7ACD7E97707DFC763A4EA99 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-06-12 19:08:48 770F067D833DC017CEB8A36A2A1EC942 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-06-12 19:08:46 F343ECB3C683EBD7E3990C03AD680855 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-06-12 19:08:22 EF15B0554634BD981BB718E9BF6EE891 46784 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-06-12 19:08:22 511E0519B437C263E95EA46330312B7F 172224 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-06-12 14:38:20 56EF221594C5EE9EEA8BB8C5594E003C 5961264 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgcrema.exe === C: other files == 2014-06-13 20:08:59 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2014-06-13 20:08:32 AD64450A4ABE076F5CB34CC08EEACB07 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys 2014-06-13 20:08:32 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys 2014-06-12 19:09:00 17F685B67C74B8F7BFED4308790B71DE 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2014-06-12 19:09:00 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1670573222-3266817119-1213147368-1001\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Spotify Web Helper"="C:\Users\LisanneH\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "SkyDrive"="C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-21-1670573222-3266817119-1213147368-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" "Uninstall C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" "Uninstall C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" "Uninstall C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" "EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d" "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "ArcadeMovieService"="C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Spotify Web Helper"="C:\Users\LisanneH\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "SkyDrive"="C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" "Uninstall C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" "Uninstall C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" "Uninstall C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\LisanneH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-09-2012 22:47] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-09-2012 22:47] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe ARM" ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe Reader Speed Launcher" ["C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"] "C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 1510 series" ["C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\{8B69D45E-BD0B-47CC-A621-EA4EF23843BD}" [C:\Program Files (x86)\Mio\MioMore Desktop 7.50\MioMore.exe] "C:\Windows\SysNative\tasks\{D56253FD-2CC8-4267-B18C-4E47F44E5977}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.73.105.456/nl/abandoninstall?page=tsProgressBar] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\LisanneH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\LisanneH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MK4WJ0L will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=8 folders=7 323209 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\LisanneH\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\LisanneH\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\LisanneH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MK4WJ0L" not found ==== EOF on do 19-06-2014 at 7:31:35,79 ======================