
Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by Steven on ma 29/09/2014 at 18:40:54,21.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Steven\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

29/09/2014 18:42:13 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Nokia deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\Nokia deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Steven\AppData\Roaming\31541 deleted successfully
C:\Users\Steven\AppData\Roaming\Nokia Suite deleted successfully
C:\Users\Steven\AppData\Roaming\Vso deleted successfully
C:\Users\Steven\AppData\Local\CutePDF Writer deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2812157726-630460334-3368706933-1002\Software\Microsoft\Internet Explorer\SearchScopes\{65F0EC5D-F99A-402D-996D-64ED8BC4F56B} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2812157726-630460334-3368706933-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\892cc6a3 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\892cc6a3 deleted successfully

==== Deleting Files \ Folders ======================

C:\Program Files\TotalSystemCare deleted
C:\ProgramData\GetDiscountApp deleted
C:\PROGRA~3\347ede71620b9bf deleted
C:\PROGRA~2\Lavasoft\AdAware SecureSearch Toolbar deleted
C:\PROGRA~2\MyFree Codec deleted
C:\found.000 deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\defaulttab deleted
C:\PROGRA~3\DriverGenius deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Steven\AppData\Local\nsmC7C4.tmp deleted
C:\Users\Steven\AppData\Local\com deleted
C:\Users\Steven\AppData\Local\adawarebp deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
C:\Users\Steven\Downloads\TheLastGhosts Bundle.zip deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\windows\SysNative\drivers\jamgudln.sys" deleted
"C:\Program Files (x86)\Salus\CrashMon.exe" deleted
"C:\Program Files (x86)\Salus\libeay32.dll" deleted
"C:\Program Files (x86)\Salus\nfapi.dll" deleted
"C:\Program Files (x86)\Salus\ProtocolFilters.dll" deleted
"C:\Program Files (x86)\Salus\Salus.exe" deleted
"C:\Program Files (x86)\Salus\ssleay32.dll" deleted
"C:\PROGRA~2\Salus\CrashMon.exe" deleted
"C:\PROGRA~2\Salus\libeay32.dll" deleted
"C:\PROGRA~2\Salus\nfapi.dll" deleted
"C:\PROGRA~2\Salus\ProtocolFilters.dll" deleted
"C:\PROGRA~2\Salus\Salus.exe" deleted
"C:\PROGRA~2\Salus\ssleay32.dll" deleted
"C:\Program Files (x86)\Salus" deleted
"C:\PROGRA~2\Salus" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Steven\AppData\Local\Temp ====
2014-09-29 15:48:02	4E566FEA83FCEEAF2873702806B55006	43008	----a-w-	C:\Users\Steven\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppg4jyj.dll
2014-09-27 17:43:49	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Steven\AppData\Local\Temp\is45637729\261018475_stp.EXE
2014-09-27 16:09:55	8536D0C307DF12CD37E29A12B8E72504	4877352	----a-w-	C:\Users\Steven\AppData\Local\Temp\4055tmp\totalsystemcare-setup.exe
2014-09-27 16:09:55	00AF4E2A481E39E9E2380335722CE76C	285323	----a-w-	C:\Users\Steven\AppData\Local\Temp\4042tmp\vopackage.exe
2014-09-27 16:09:54	CD5E46297DE66DFF69EDC00499068EA8	5601864	----a-w-	C:\Users\Steven\AppData\Local\Temp\BackupSetup.exe
2014-09-27 16:09:54	C8B0C09BEF4C1BD264C3334308D597DA	13090364	----a-w-	C:\Users\Steven\AppData\Local\Temp\4040tmp\fastplayersetup.exe
2014-09-27 16:09:54	AF37247590F4E4B8A8A214A091EA6067	73816	----a-w-	C:\Users\Steven\AppData\Local\Temp\4041tmp\cloud_backup_setup.exe
2014-09-27 15:23:54	A03F755B22CBD5641281A213146ABBFD	173987	------w-	C:\Users\Steven\AppData\Local\Temp\is45637729\261017575_stp\Generic_vo.exe
2014-09-27 13:51:22	DE884F4BFFA8C35CD225AFB419DE023C	173351	------w-	C:\Users\Steven\AppData\Local\Temp\is45637729\259690499_stp\Generic_vo.exe
2014-09-27 13:51:22	DE884F4BFFA8C35CD225AFB419DE023C	173351	------w-	C:\Users\Steven\AppData\Local\Temp\is45637729\257307671_stp\Generic_vo.exe
2014-09-27 13:51:22	DE884F4BFFA8C35CD225AFB419DE023C	173351	------w-	C:\Users\Steven\AppData\Local\Temp\is45637729\256089102_stp\Generic_vo.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-09-29 15:41:22	0DC5AF80D059DEC792B665ED598C6567	536576	----a-w-	C:\Windows\SysWOW64\sqlite3.dll
2014-09-24 10:50:38	C263F3E7E0523556964D661BC7CB9565	2048	----a-w-	C:\Windows\SysWOW64\tzres.dll
2014-09-18 13:08:39	4B0C0A8C960AF22761FB6A25D8A50DF2	447752	----a-w-	C:\Windows\SysWOW64\vp6vfw.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-09-24 10:50:38	A8A87343CAE432677D82C0BCC753D905	2048	----a-w-	C:\Windows\Sysnative\tzres.dll
====== C:\Windows\Sysnative\drivers =====
2014-09-29 15:51:36	8A50D5304E6AE48664CF5838EC32F647	122584	----a-w-	C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-09-29 15:51:16	F92B0E478C0FAA6D6661E6E977247E60	25816	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2014-09-29 15:51:16	9D9ED48F841EA37AA5310D54B9E5D3C7	91352	----a-w-	C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-09-29 15:51:16	15E8ABC06843672955CE26A009533BAD	63704	----a-w-	C:\Windows\Sysnative\drivers\mwac.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-29 14:01:53	--------	d-----w-	C:\Program Files\trend micro
2014-09-02 13:24:51	--------	d-----w-	C:\Program Files\FileViewPro
======= C:\PROGRA~2 =====
2014-09-18 13:08:39	--------	d--h--w-	C:\PROGRA~2\COMMON~1\EAInstaller
2014-09-18 13:05:49	--------	d-----w-	C:\PROGRA~2\Origin Games
2014-09-18 12:52:06	--------	d-----w-	C:\PROGRA~2\Origin
2014-09-02 13:30:48	--------	d-----w-	C:\PROGRA~2\NetViewer
======= C: =====
====== C:\Users\Steven\AppData\Roaming ======
2014-09-27 17:45:33	4352D88A78AA39750BF70CD6F27BCAA5	4	----a-w-	C:\Users\Steven\AppData\Roaming\appdataFr2.bin
2014-09-18 13:05:25	--------	d-----w-	C:\Users\Steven\AppData\Roaming\Origin
2014-09-18 13:05:21	--------	d-----w-	C:\Users\Steven\AppData\Local\Origin
2014-09-13 09:25:33	EB69D5043381CDBF06F241ECAC4D1ED5	146744	----a-w-	C:\Users\Jill\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-13 09:25:33	--------	d-----w-	C:\Users\Jill\AppData\Roaming\Intel Corporation
2014-09-13 09:25:08	--------	d-----w-	C:\Users\Jill\AppData\Roaming\Apple Computer
2014-09-13 09:25:02	--------	d-----w-	C:\Users\Jill\AppData\Local\Power2Go
2014-09-13 09:24:51	--------	d-----w-	C:\Users\Jill\AppData\Roaming\Adobe
2014-09-13 09:24:50	--------	d-----w-	C:\Users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-13 09:24:50	--------	d-----w-	C:\Users\Jill\AppData\Local\Google
2014-09-13 09:24:49	--------	d-----r-	C:\Users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-09-13 09:24:49	--------	d-----r-	C:\Users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-09-13 09:24:41	--------	d-----w-	C:\Users\Jill\AppData\Roaming\Identities
2014-09-13 09:24:39	--------	d-s---w-	C:\Users\Jill\AppData\Locallow\Microsoft
2014-09-13 09:24:31	--------	d-----w-	C:\Users\Jill\AppData\Local\VirtualStore
2014-09-13 09:24:28	--------	d-----w-	C:\Users\Jill\AppData\Roaming\Intel
2014-09-13 09:24:26	--------	d-s---w-	C:\Users\Jill\AppData\Roaming\Microsoft
2014-09-13 09:24:26	--------	d-----w-	C:\Users\Jill\AppData\Roaming\Media Center Programs
2014-09-13 09:24:26	--------	d-----w-	C:\Users\Jill\AppData\Local\Temp
2014-09-13 09:24:26	--------	d-----w-	C:\Users\Jill\AppData\Local\Microsoft Help
2014-09-13 09:24:26	--------	d-----w-	C:\Users\Jill\AppData\Local\Microsoft
2014-09-13 09:24:26	--------	d-----r-	C:\Users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-13 09:24:26	--------	d-----r-	C:\Users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-02 13:30:48	--------	d-----w-	C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetViewer
2014-09-02 13:25:56	--------	d-----w-	C:\Users\Steven\AppData\Local\FileViewPro
2014-09-02 13:25:50	--------	d-----w-	C:\Users\Steven\AppData\Roaming\IsolatedStorage
====== C:\Users\Steven ======
2014-09-29 15:50:27	32A7154F9934CF3AA5D945D02D069D1F	17523384	----a-w-	C:\Users\Steven\Downloads\mbam-setup-2.0.0.1000.exe
2014-09-29 15:39:56	1B151CCE618BE06C22B55FD4B502B75E	1373475	----a-w-	C:\Users\Steven\Desktop\adwcleaner_3.310.exe
2014-09-29 15:39:46	1B151CCE618BE06C22B55FD4B502B75E	1373475	----a-w-	C:\Users\Steven\Downloads\adwcleaner_3.310.exe
2014-09-29 14:01:06	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Steven\Desktop\RSITx64.exe
2014-09-20 09:45:26	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\De Sims 4
2014-09-18 13:08:43	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\De Sims 4 Creëer-een-Sim Demo
2014-09-18 12:52:08	--------	d-----w-	C:\ProgramData\Origin
2014-09-18 12:52:07	--------	d-----w-	C:\ProgramData\Electronic Arts
2014-09-18 12:51:08	777A1775B4004209A0399F725509EA37	17088592	----a-w-	C:\Users\Steven\Downloads\OriginThinSetup.exe
2014-09-13 09:24:49	--------	d-----r-	C:\Users\Jill\Searches
2014-09-13 09:24:38	--------	d-----r-	C:\Users\Jill\Contacts
2014-09-13 09:24:28	C86E6FBDBE12ADD8FFEFAE8137D080A9	1238	--sha-r-	C:\Users\Jill\ntuser.pol
2014-09-13 09:24:27	6FC234AD3752E1267B34FB12BCD6718B	20	--sha-w-	C:\Users\Jill\ntuser.ini
2014-09-13 09:24:26	--------	d--h--w-	C:\Users\Jill\AppData
2014-09-13 09:24:26	--------	d-----w-	C:\Users\Jill\Roaming
2014-09-13 09:24:26	--------	d-----r-	C:\Users\Jill\Videos
2014-09-13 09:24:26	--------	d-----r-	C:\Users\Jill\Saved Games
2014-09-13 09:24:26	--------	d-----r-	C:\Users\Jill\Pictures
2014-09-13 09:24:26	--------	d-----r-	C:\Users\Jill\Music
2014-09-13 09:24:26	--------	d-----r-	C:\Users\Jill\Links
2014-09-13 09:24:26	--------	d-----r-	C:\Users\Jill\Favorites
2014-09-13 09:24:26	--------	d-----r-	C:\Users\Jill\Downloads
2014-09-13 09:24:26	--------	d-----r-	C:\Users\Jill\Documents
2014-09-13 09:24:26	--------	d-----r-	C:\Users\Jill\Desktop
2014-09-02 13:31:03	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\ProgramData\IpAndPort.fig
2014-09-02 13:31:02	46B847EC81B834B5761C3481D8544C88	155	----a-w-	C:\ProgramData\RmUserCfg.ini
2014-09-02 13:30:48	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetViewer
2014-09-02 13:25:50	--------	d-----w-	C:\ProgramData\IsolatedStorage
2014-09-02 13:24:54	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro

====== C: exe-files ==
2014-09-29 15:50:27	32A7154F9934CF3AA5D945D02D069D1F	17523384	----a-w-	C:\Users\Steven\Downloads\mbam-setup-2.0.0.1000.exe
2014-09-29 15:39:56	1B151CCE618BE06C22B55FD4B502B75E	1373475	----a-w-	C:\Users\Steven\Desktop\adwcleaner_3.310.exe
2014-09-29 15:39:46	1B151CCE618BE06C22B55FD4B502B75E	1373475	----a-w-	C:\Users\Steven\Downloads\adwcleaner_3.310.exe
2014-09-29 14:31:57	281C5000D585E31D17C56CE515311483	416632	----a-w-	C:\ProgramData\NVIDIA\Updatus\Download\6450\updatus.18927913_RUNASUSER.exe
2014-09-29 14:01:53	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Steven.exe
2014-09-29 14:01:06	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Steven\Desktop\RSITx64.exe
2014-09-27 17:43:49	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Steven\AppData\Local\Temp\is45637729\261018475_stp.EXE
2014-09-27 17:43:19	4690EC9951926A018464580914D8CFE3	590417	----a-w-	C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YADQ6K4S\Setup[1].exe
2014-09-27 17:21:33	AE5F36CB0F606616161BAE9FF7C46872	18520576	----a-w-	C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H2EM5VPE\AnyProtect[1].exe
2014-09-27 17:21:31	6DC662914737284554E5565280C08B0A	627560	----a-w-	C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7BXEDTT\Setup[1].exe
2014-09-27 17:21:13	182436661F2013865BABF1068A637A1A	590417	----a-w-	C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O228KCBI\Setup[1].exe
2014-09-27 16:09:55	8536D0C307DF12CD37E29A12B8E72504	4877352	----a-w-	C:\Users\Steven\AppData\Local\Temp\4055tmp\totalsystemcare-setup.exe
2014-09-27 16:09:55	8536D0C307DF12CD37E29A12B8E72504	4877352	----a-w-	C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T22HQ9L\TotalSystemCare-Setup[1].exe
2014-09-27 16:09:55	00AF4E2A481E39E9E2380335722CE76C	285323	----a-w-	C:\Users\Steven\AppData\Local\Temp\4042tmp\vopackage.exe
2014-09-27 16:09:55	00AF4E2A481E39E9E2380335722CE76C	285323	----a-w-	C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T22HQ9L\VOPackage[1].exe
2014-09-27 16:09:54	CD5E46297DE66DFF69EDC00499068EA8	5601864	----a-w-	C:\Users\Steven\AppData\Local\Temp\BackupSetup.exe
2014-09-27 16:09:54	C8B0C09BEF4C1BD264C3334308D597DA	13090364	----a-w-	C:\Users\Steven\AppData\Local\Temp\4040tmp\fastplayersetup.exe
2014-09-27 16:09:54	C8B0C09BEF4C1BD264C3334308D597DA	13090364	----a-w-	C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YADQ6K4S\FastPlayerSetup[1].exe
2014-09-27 16:09:54	AF37247590F4E4B8A8A214A091EA6067	73816	----a-w-	C:\Users\Steven\AppData\Local\Temp\4041tmp\cloud_backup_setup.exe
2014-09-27 16:09:54	AF37247590F4E4B8A8A214A091EA6067	73816	----a-w-	C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YADQ6K4S\Cloud_Backup_Setup[1].exe
2014-09-27 16:09:54	5DA341284A5CE209A340F9BD3250753B	723832	----a-w-	C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YADQ6K4S\lly_omiga-plus[1].exe
2014-09-27 16:09:54	22E2A72652F1600A157C9ED4C7DCA9B1	3568216	----a-w-	C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YADQ6K4S\salus_1_0_0_1[1].exe
2014-09-27 15:23:54	A03F755B22CBD5641281A213146ABBFD	173987	------w-	C:\Users\Steven\AppData\Local\Temp\is45637729\261017575_stp\Generic_vo.exe
2014-09-27 13:51:22	DE884F4BFFA8C35CD225AFB419DE023C	173351	------w-	C:\Users\Steven\AppData\Local\Temp\is45637729\259690499_stp\Generic_vo.exe
2014-09-27 13:51:22	DE884F4BFFA8C35CD225AFB419DE023C	173351	------w-	C:\Users\Steven\AppData\Local\Temp\is45637729\257307671_stp\Generic_vo.exe
2014-09-27 13:51:22	DE884F4BFFA8C35CD225AFB419DE023C	173351	------w-	C:\Users\Steven\AppData\Local\Temp\is45637729\256089102_stp\Generic_vo.exe
2014-09-24 14:28:18	F31038ECFF897B41BD64CDFC977F321C	415840	----a-w-	C:\ProgramData\NVIDIA\Updatus\Download\63F1\updatus.18914650_RUNASUSER.exe
2014-09-24 10:50:38	916CEC665A9879DEB15BBDD943B7350B	49664	----a-w-	C:\Windows\servicing\GC64\tzupd.exe
=== C: other files ==
2014-09-29 15:51:36	8A50D5304E6AE48664CF5838EC32F647	122584	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-29 15:51:16	F92B0E478C0FAA6D6661E6E977247E60	25816	----a-w-	C:\Windows\System32\drivers\mbam.sys
2014-09-29 15:51:16	9D9ED48F841EA37AA5310D54B9E5D3C7	91352	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-29 15:51:16	15E8ABC06843672955CE26A009533BAD	63704	----a-w-	C:\Windows\System32\drivers\mwac.sys
2014-09-27 16:11:15	90C0C3AC102DC909D57E3104BB21D572	2930879	----a-w-	C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T22HQ9L\2[1].zip
2014-09-27 16:10:56	1E36A920E3FCE279BD021B4C72F2C9C1	394185	----a-w-	C:\Users\Steven\AppData\Local\Temp\scoped_dir_10220_2495\newtabv3.crx
2014-09-27 16:10:48	1E36A920E3FCE279BD021B4C72F2C9C1	394185	----a-w-	C:\Users\Steven\AppData\Local\Temp\scoped_dir_932_15155\newtabv3.crx
2014-09-27 16:10:02	2F491BFFA38CC8E5C84B6A55F96E27C2	2171677	----a-w-	C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28D3WT70\1[1].zip
2014-09-26 18:52:06	48958DFE35D638AFD38F4A06D732A5F8	717	----a-w-	C:\Users\Steven\Downloads\homecraft.zip
2014-09-23 15:57:31	A41DECE58F1B4FD27959528AD75DED28	556	----a-w-	C:\Users\Steven\Downloads\Minecraft Word Parkour(1.6.1).zip
2014-09-23 15:53:22	E0F85877013982B92E31749C9FAC444F	1886	----a-w-	C:\Users\Steven\Downloads\The Tombs Parkour.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2812157726-630460334-3368706933-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2812157726-630460334-3368706933-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Steven\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2812157726-630460334-3368706933-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"HotkeyApp"="C:\Program Files (x86)\Launch Manager\HotkeyApp.exe"
"LMgrVolOSD"="C:\Program Files (x86)\Launch Manager\OSD.exe"
"Wbutton"="C:\Program Files (x86)\Launch Manager\Wbutton.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"YouCam Mirage"="C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"YouCam Tray"="C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe /s"
"Dolby Home Theater v4"="C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe -autostart"
"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE"
"WD Quick View"="C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Steven\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IntelPROSet"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PROSet/Wireless"
"IntelPAN"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PAN Tray"
"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll"

==== Startup Folders ======================

2013-09-01 19:53:14	1052	----a-w-	C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [24/09/2014 21:02]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2013 19:32]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2013 19:32]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Ad-Aware Antivirus Scheduled Scan" [C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\{8822605E-86A9-48B2-AEA6-DED888654913}" ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
aaaaafeopjhkcolncjbedbhofpocmdbn - No path found[]

DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

==== Chromium Startpages ======================

C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M1A0A96E3-9C8F-4877-840D-2FDEC76C94A9&SearchSource=55&CUI=&UM=5&UP=SPCAA191E3-D242-4DE5-9731-7675AD34222C&SSPV=",
"startup_urls": [ "https://www.google.be/" ],


==== Chromium Fix ======================

C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{22FCE993-4EDC-4177-817B-0C3859F7FA63} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_nlBE554"
{4239CFE2-BDB6-4192-A3B3-1F4424C73EC9} Bing  Url="http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown  Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2812157726-630460334-3368706933-1002\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\aaaaafeopjhkcolncjbedbhofpocmdbn deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2882 folders=61 46397431 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jill\AppData\Local\Temp emptied successfully
C:\Users\Steven\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Steven\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on ma 29/09/2014 at 19:02:22,78 ======================