Zoek.exe v5.0.0.0 Updated 09-August-2014 Tool run by Koen on zo 10/08/2014 at 20:32:24,71. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Koen\Desktop\zoek (4).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-08-10-174802.log 25585 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Windows\SysNative\tasks\BitGuard not found C:\Windows\SysNative\tasks\ASP not found C:\Program Files (x86)\RegClean Pro not found C:\Windows\SysNative\tasks\Express FilesUpdate not found C:\Program Files (x86)\ExpressFiles not found C:\Windows\SysNative\tasks\GoforFilesUpdate not found C:\Program Files (x86)\GoforFiles not found C:\Windows\SysNative\tasks\Optimizer Pro Schedule not found C:\Program Files (x86)\Optimizer Pro not found C:\Windows\SysNative\tasks\pennybee Runner deleted C:\Windows\SysNative\tasks\Tempo Runner deleted C:\PROGRA~2\GoforFiles Updater deleted C:\Users\Koen\AppData\Local\avgchrome deleted C:\Users\Seppe\AppData\Local\avgchrome deleted C:\Users\Koen\Searches deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted "C:\Windows\tasks\pennybee Runner.job" deleted "C:\Windows\tasks\Tempo Runner.job" deleted "C:\PROGRA~3\Package Cache" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Koen\AppData\Local\Temp ==== 2014-08-10 16:36:31 E073F2C0217B84223CD5CD2790AA93D3 16340144 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw51356_30259\plugins\NPSWF32_13_0_0_168.dll 2014-08-10 16:36:02 7A84009415827C6FC764B00F501654E8 402432 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw51356_30259\node_modules\goldengate\build\Release\goldengate.dll 2014-08-10 16:36:00 DE3DD2C419C7B383E6FD7997A782D5D1 95232 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw51356_30259\node_modules\gameo_utils\build\Release\gameo_utils.dll 2014-08-09 14:08:04 E073F2C0217B84223CD5CD2790AA93D3 16340144 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw13832_27285\plugins\NPSWF32_13_0_0_168.dll 2014-08-09 14:07:31 3713B47AA43B4967DD0ACB34A21093C8 385536 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw13832_27285\node_modules\goldengate\build\Release\goldengate.dll 2014-08-09 14:07:30 DE3DD2C419C7B383E6FD7997A782D5D1 95232 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw13832_27285\node_modules\gameo_utils\build\Release\gameo_utils.dll 2014-08-08 20:18:38 E073F2C0217B84223CD5CD2790AA93D3 16340144 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw44712_31866\plugins\NPSWF32_13_0_0_168.dll 2014-08-08 20:18:21 3713B47AA43B4967DD0ACB34A21093C8 385536 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw44712_31866\node_modules\goldengate\build\Release\goldengate.dll 2014-08-08 20:18:20 DE3DD2C419C7B383E6FD7997A782D5D1 95232 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw44712_31866\node_modules\gameo_utils\build\Release\gameo_utils.dll 2014-08-06 15:48:25 42EC539D183CB43BCFF89E72585902D5 384485 ----a-w- C:\Users\Koen\AppData\Local\Temp\Quarantine.exe 2014-08-04 15:19:00 E073F2C0217B84223CD5CD2790AA93D3 16340144 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw14576_5633\plugins\NPSWF32_13_0_0_168.dll 2014-08-03 17:33:09 C181E9BBC059EA05A95BD0E72CFE5F1F 35682960 ----a-w- C:\Users\Seppe\AppData\Local\Temp\virtualdj.exe 2014-08-03 17:33:07 AB2C0FA2F5106B68C5C27A0983774A42 33936 ----a-w- C:\Users\Seppe\AppData\Local\Temp\VirtualDJ New Version.exe 2014-08-03 17:04:44 0E771375445E13429E68CAE720A48B72 35224 ----a-w- C:\Users\Seppe\AppData\Local\Temp\e4jAC23.tmp_dir1407085484\i4jdel.exe 2014-08-02 17:43:28 D8BE96BC224FB9A6034A01156A527271 43008 ------w- C:\Users\Koen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1jnp0q.dll 2014-08-02 15:00:18 E073F2C0217B84223CD5CD2790AA93D3 16340144 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw2148_1914\plugins\NPSWF32_13_0_0_168.dll 2014-08-02 14:59:57 3713B47AA43B4967DD0ACB34A21093C8 385536 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw2148_1914\node_modules\goldengate\build\Release\goldengate.dll 2014-08-02 14:59:56 DE3DD2C419C7B383E6FD7997A782D5D1 95232 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw2148_1914\node_modules\gameo_utils\build\Release\gameo_utils.dll 2014-07-28 20:30:59 E073F2C0217B84223CD5CD2790AA93D3 16340144 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw9052_6784\plugins\NPSWF32_13_0_0_168.dll 2014-07-28 20:30:22 3713B47AA43B4967DD0ACB34A21093C8 385536 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw9052_6784\node_modules\goldengate\build\Release\goldengate.dll 2014-07-28 20:30:19 DE3DD2C419C7B383E6FD7997A782D5D1 95232 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw9052_6784\node_modules\gameo_utils\build\Release\gameo_utils.dll 2014-07-27 20:29:31 E073F2C0217B84223CD5CD2790AA93D3 16340144 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw8056_10120\plugins\NPSWF32_13_0_0_168.dll 2014-07-27 20:29:11 3713B47AA43B4967DD0ACB34A21093C8 385536 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw8056_10120\node_modules\goldengate\build\Release\goldengate.dll 2014-07-27 20:29:10 DE3DD2C419C7B383E6FD7997A782D5D1 95232 ----a-w- C:\Users\Seppe\AppData\Local\Temp\nw8056_10120\node_modules\gameo_utils\build\Release\gameo_utils.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-08-10 18:20:43 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll 2014-08-03 12:21:21 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2014-08-03 12:21:21 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\Windows\SysWOW64\wuwebv.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-08-10 16:48:00 D5DA9A31C341DF754DBD109B7AF1B6CA 436696 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT 2014-08-03 12:22:13 E76F105AD039B9E4DA9ECE839298C4A2 44512 ----a-w- C:\Windows\Sysnative\wups2.dll 2014-08-03 12:22:12 EAD9E413A6CEB9FD8E2AD9DC0716C061 58336 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2014-08-03 12:22:12 6335F8B4B89F002A3801473C1A799237 2620928 ----a-w- C:\Windows\Sysnative\wucltux.dll 2014-08-03 12:22:12 61FF576450CCC80564B850BC3FB6713A 2477536 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2014-08-03 12:21:21 45D4BDEA136E72E75CF008D3C38D949A 198600 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2014-08-03 12:21:20 29FE783F75362AD6D2D9C0555BA83BD2 36864 ----a-w- C:\Windows\Sysnative\wuapp.exe ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== 2014-08-10 17:59:13 5654FD8E5EAC80FBEE7624F35B6FAB92 5024 ----a-w- C:\Windows\Sysnative\Tasks\Microsoft Office 15 Sync Maintenance for Koen-PC-Koen Koen-PC 2014-07-21 12:49:27 1286A3FE09E9F6A54C0698000F42FB58 3416 ----a-w- C:\Windows\Sysnative\Tasks\Apple Diagnostics 2014-07-18 08:44:41 7539422CDFD2596998FE41CB9AE72B12 3286 ----a-w- C:\Windows\Sysnative\Tasks\{8AC1D133-1F98-4B01-9880-C5B815A1B41B} 2014-07-18 08:10:32 2DC439F01B6091EC397C3E3E7ABD6937 3702 ----a-w- C:\Windows\Sysnative\Tasks\AutoPico Daily Restart 2014-07-13 16:48:11 36B19ABDA571F418462FA9E21A8DE73A 3878 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater 2014-07-13 16:48:10 2620F343675E5D62B1EC7BEC0BF6A79B 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-10 09:26:15 -------- d-----w- C:\Program Files\trend micro 2014-07-21 12:37:14 -------- d-----w- C:\Program Files\iPod 2014-07-21 12:37:12 -------- d-----w- C:\Program Files\iTunes 2014-07-18 08:10:15 -------- d-----w- C:\Program Files\KMSpico ======= C:\PROGRA~2 ===== 2014-08-09 09:11:52 -------- d-----w- C:\PROGRA~2\SoulseekQt 2014-08-03 16:59:32 -------- d-----w- C:\PROGRA~2\VirtualDJ 2014-07-21 12:37:12 -------- d-----w- C:\PROGRA~2\iTunes 2014-07-18 08:07:58 -------- d-----w- C:\PROGRA~2\WinRAR ======= C: ===== ====== C:\Users\Koen\AppData\Roaming ====== 2014-08-10 17:48:08 -------- d-----w- C:\Users\Koen\AppData\Local\VirtualStore 2014-08-10 16:52:56 -------- d-----w- C:\Users\Koen\AppData\Roaming\unpacked30216 2014-08-10 16:52:49 -------- d-----w- C:\Users\Koen\AppData\Local\tmp30200 2014-08-09 19:20:38 AA04669AE41F2B93AE22C6F6962CBEFE 111520 ----a-w- C:\Users\Koen\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-09 11:31:33 -------- d-----w- C:\Users\Koen\AppData\Local\ElevatedDiagnostics 2014-08-09 09:25:08 -------- d-----w- C:\Users\Koen\AppData\Local\SoulseekQt 2014-08-09 09:12:01 -------- d-----w- C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoulseekQt 2014-08-05 05:36:59 -------- d-----w- C:\Users\Koen\AppData\Roaming\unpacked27130 2014-08-05 05:36:47 -------- d-----w- C:\Users\Koen\AppData\Local\tmp27104 2014-08-04 09:49:50 -------- d-----w- C:\Users\Koen\AppData\Roaming\unpacked23919 2014-08-04 09:49:49 -------- d-----w- C:\Users\Koen\AppData\Local\tmp23915 2014-08-03 16:59:39 -------- d-----w- C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ 2014-08-02 15:02:45 -------- d-----w- C:\Users\Seppe\AppData\Roaming\unpacked12454 2014-08-02 15:02:39 -------- d-----w- C:\Users\Seppe\AppData\Local\tmp12438 2014-08-01 15:33:56 -------- d-----w- C:\Users\Koen\AppData\Roaming\GoodGameEmpire 2014-08-01 15:33:55 -------- d-----w- C:\Users\Koen\AppData\Local\GGEmpire 2014-07-27 20:32:41 -------- d-----w- C:\Users\Koen\AppData\Roaming\Soldiers135 2014-07-27 20:32:39 -------- d-----w- C:\Users\Koen\AppData\Local\Soldiers 2014-07-27 20:29:50 -------- d--h--w- C:\Users\Seppe\AppData\Roaming\GoldenGate 2014-07-27 20:29:04 -------- d-----w- C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo 2014-07-27 20:29:04 -------- d-----w- C:\Users\Seppe\AppData\Local\Gameo 2014-07-27 20:28:52 -------- d-----w- C:\Users\Seppe\AppData\Roaming\Gameo 2014-07-26 22:29:27 -------- d-----w- C:\Users\Koen\AppData\Roaming\unpacked25497 2014-07-26 22:29:21 -------- d-----w- C:\Users\Koen\AppData\Local\tmp25484 2014-07-26 22:28:42 -------- d--h--w- C:\Users\Koen\AppData\Roaming\GoldenGate 2014-07-26 22:27:37 -------- d-----w- C:\Users\Koen\AppData\Local\Gameo 2014-07-26 22:27:09 -------- d-----w- C:\Users\Koen\AppData\Roaming\sparta111 2014-07-26 16:47:43 -------- d-----w- C:\Users\Seppe\AppData\Roaming\WinRAR 2014-07-18 08:09:48 -------- d-----w- C:\Users\Koen\AppData\Roaming\WinRAR 2014-07-18 08:08:06 -------- d-----w- C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ====== C:\Users\Koen ====== 2014-08-10 18:18:59 9D46D72131D0E36A79D4819F08EA0E0B 1366203 ----a-w- C:\Users\Koen\Desktop\adwcleaner_3.304.exe 2014-08-10 09:25:51 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Koen\Downloads\RSITx64 (2).exe 2014-08-10 09:16:43 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Koen\Downloads\RSITx64 (1).exe 2014-08-10 09:13:38 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Koen\Downloads\RSITx64.exe 2014-08-01 15:31:29 EC260D0C8BEAB73A083A818232F81C14 733096 ----a-w- C:\Users\Seppe\Downloads\CR_Downloader_voor_pokemon-soulsilver (3).exe 2014-08-01 15:31:00 3AF35C68B580EC2C918493A4D51D6B06 733096 ----a-w- C:\Users\Seppe\Downloads\CR_Downloader_voor_pokemon-soulsilver (2).exe 2014-08-01 15:28:46 744D29EC13E5B7E5E873DD5AFC417013 170646 ----a-w- C:\Users\Seppe\Desktop\NO$GBA.EXE 2014-07-27 20:32:02 D2B0EBE12E13D53A00D9AAB79936C15B 733096 ----a-w- C:\Users\Seppe\Downloads\CR_Downloader_voor_pokemon-soulsilver (1).exe 2014-07-27 20:27:45 6EB9CD3BA3E1EB8E87D6E406DE9B33F7 733096 ----a-w- C:\Users\Seppe\Downloads\CR_Downloader_voor_pokemon-firered.exe 2014-07-21 12:39:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-07-21 12:31:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-07-18 08:10:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico 2014-07-18 08:08:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR ====== C: exe-files == 2014-08-10 18:35:12 633C69FAF004F42B55A3CBC7F213F1DA 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2043100165-3502898724-762426204-1000\$IIB61HM.exe 2014-08-10 18:35:12 0DF1D6AE14AD82D5E84B4A7975D9EBA0 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2043100165-3502898724-762426204-1000\$IE9I9MO.exe 2014-08-10 18:35:12 03D1D079E3715F8C89C4620ED7194BDF 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2043100165-3502898724-762426204-1000\$IS4MAC2.exe 2014-08-10 18:35:05 248677F8B2B10242DA68D418847C54AE 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2043100165-3502898724-762426204-1000\$IM64WKT.exe 2014-08-10 18:18:59 9D46D72131D0E36A79D4819F08EA0E0B 1366203 ----a-w- C:\Users\Koen\Desktop\adwcleaner_3.304.exe 2014-08-10 16:52:58 E1BAA9DFA9C4B80597B09FCF09112B45 203776 ----a-w- C:\Users\Koen\AppData\Roaming\unpacked30216\wpennybeed.exe 2014-08-10 16:52:57 738B47DC30A3FF8814FA2473A49C250D 484352 ----a-w- C:\Users\Koen\AppData\Roaming\unpacked30216\pennybee.exe 2014-08-10 16:52:52 FCA65EC780B49E13B9983FCB2E54BF9B 825344 ----a-w- C:\Users\Koen\AppData\Local\tmp30200\dag30200.exe 2014-08-10 16:44:21 C1D2EBEBC40491FD3C7E757A5AF27EAD 1288704 ----a-w- C:\$Recycle.Bin\S-1-5-21-2043100165-3502898724-762426204-1000\$RM64WKT.exe 2014-08-10 16:39:30 C1D2EBEBC40491FD3C7E757A5AF27EAD 1288704 ----a-w- C:\$Recycle.Bin\S-1-5-21-2043100165-3502898724-762426204-1000\$RIB61HM.exe 2014-08-10 16:37:39 C1D2EBEBC40491FD3C7E757A5AF27EAD 1288704 ----a-w- C:\$Recycle.Bin\S-1-5-21-2043100165-3502898724-762426204-1000\$RS4MAC2.exe 2014-08-10 16:37:11 C1D2EBEBC40491FD3C7E757A5AF27EAD 1288704 ----a-w- C:\$Recycle.Bin\S-1-5-21-2043100165-3502898724-762426204-1000\$RE9I9MO.exe 2014-08-10 09:26:18 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Koen.exe 2014-08-10 09:25:51 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Koen\Downloads\RSITx64 (2).exe 2014-08-10 09:16:43 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Koen\Downloads\RSITx64 (1).exe 2014-08-10 09:13:38 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Koen\Downloads\RSITx64.exe 2014-08-09 09:12:01 42D74912D388017E156BF31889980FBC 35700 ----a-w- C:\Program Files (x86)\SoulseekQt\uninstall.exe 2014-08-06 15:48:25 42EC539D183CB43BCFF89E72585902D5 384485 ----a-w- C:\Users\Koen\AppData\Local\Temp\Quarantine.exe 2014-08-05 08:11:41 E1BAA9DFA9C4B80597B09FCF09112B45 203776 ----a-w- C:\Users\Koen\AppData\Roaming\unpacked27130\wpennybeed.exe 2014-08-05 05:37:00 738B47DC30A3FF8814FA2473A49C250D 484352 ----a-w- C:\Users\Koen\AppData\Roaming\unpacked27130\pennybee.exe 2014-08-05 05:36:47 FCA65EC780B49E13B9983FCB2E54BF9B 825344 ----a-w- C:\Users\Koen\AppData\Local\tmp27104\dag27104.exe 2014-08-04 09:49:51 E1BAA9DFA9C4B80597B09FCF09112B45 203776 ----a-w- C:\Users\Koen\AppData\Roaming\unpacked23919\wpennybeed.exe 2014-08-04 09:49:50 738B47DC30A3FF8814FA2473A49C250D 484352 ----a-w- C:\Users\Koen\AppData\Roaming\unpacked23919\pennybee.exe 2014-08-04 09:49:49 FCA65EC780B49E13B9983FCB2E54BF9B 825344 ----a-w- C:\Users\Koen\AppData\Local\tmp23915\dag23915.exe === C: other files == 2014-08-10 16:35:23 F5412F8F0D1DFAD14046C3F557DE8FAA 119 ----a-w- C:\Users\Seppe\AppData\Roaming\Gameo\hide.vbs 2014-08-10 16:35:23 D678721580C8037C16BDA76489648978 159 ----a-w- C:\Users\Seppe\AppData\Roaming\Gameo\restart.bat 2014-08-10 16:34:28 4D70DB4FB71842754D617BD7C04DF9FA 34262002 ----a-w- C:\Users\Seppe\AppData\Roaming\Gameo\gameo.zip 2014-08-07 14:30:08 6DD8590E4F5EBDDB68CF2273BBDD16BB 7701166 ----a-w- C:\Users\Koen\Downloads\fotos.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2043100165-3502898724-762426204-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\Koen\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FlashPlayerUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="FlashPlayerUpdate" "hkey"="HKCU" "command"="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe -update activex" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GarminExpressTrayApp" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Koen\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Koen\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Koen\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Koen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "item"="Dropbox" "path"="C:\\Users\\Koen\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Koen\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/07/2014 18:48] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2043100165-3502898724-762426204-1000Core.job --a------ C:\Users\Koen\AppData\Local\Facebook\Update\FacebookUpdate.exe [09/11/2013 19:58] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2043100165-3502898724-762426204-1000UA.job --a------ C:\Users\Koen\AppData\Local\Facebook\Update\FacebookUpdate.exe [09/11/2013 19:58] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/10/2013 18:40] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/10/2013 18:40] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe] "C:\Windows\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2043100165-3502898724-762426204-1000Core" [C:\Users\Koen\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2043100165-3502898724-762426204-1000UA" [C:\Users\Koen\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Chrome Look ====================== Google Wallet - Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Docs - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AdBlock - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Wallet - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - seppe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - seppe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - seppe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - seppe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - seppe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - seppe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="https://www.google.com/search?q={searchTerms}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Koen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Koen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Seppe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Seppe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\seppe2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Seppe\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\seppe2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=83 folders=39 188649466 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Koen\AppData\Local\Temp will be emptied at reboot C:\Users\Seppe\AppData\Local\Temp will be emptied at reboot C:\Users\seppe2\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Koen\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Seppe\AppData\Local\Temp\nw2148_1914" not found "C:\Users\Seppe\AppData\Local\Temp\nw44712_31866" not found "C:\Users\Seppe\AppData\Local\Temp\nw8056_10120" not found "C:\Users\Seppe\AppData\Local\Temp\nw9052_6784" not found ==== EOF on zo 10/08/2014 at 21:16:50,41 ======================