Zoek.exe v5.0.0.0 Updated 21-February-2015 Tool run by jonas on za 21/02/2015 at 2:49:02,63. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26I6MZHV\zoek (1).exe [Scan all users] [Quick Scan] [Auto Clean] ==== System Restore Info ====================== 21/02/2015 2:50:29 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\surf slide deleted successfully C:\Users\jonas\AppData\Roaming\rmi deleted successfully C:\Users\jonas\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3328793180-4141964508-2228772626-1001\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} deleted successfully HKEY_USERS\S-1-5-21-3328793180-4141964508-2228772626-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully HKEY_USERS\S-1-5-21-3328793180-4141964508-2228772626-1001\Software\Microsoft\Internet Explorer\SearchScopes\{88AA0C90-FC48-4EF8-A90D-AD5A2E5C8616} deleted successfully HKEY_USERS\S-1-5-21-3328793180-4141964508-2228772626-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AACB2CE6-469A-48AA-A169-3892DC0B9F3C} deleted successfully HKEY_USERS\S-1-5-21-3328793180-4141964508-2228772626-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully HKEY_USERS\S-1-5-21-3328793180-4141964508-2228772626-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8264587A-9106-4559-A87C-781EF42F7B2D} deleted successfully HKEY_USERS\S-1-5-21-3328793180-4141964508-2228772626-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2F3A571-BEF7-4622-AA3F-62CCDCFA5B48} deleted successfully HKEY_USERS\S-1-5-21-3328793180-4141964508-2228772626-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3328793180-4141964508-2228772626-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4F524A2D-5350-4500-76A7-7A786E7484D7} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHProtect Service deleted successfully ==== Deleting Files \ Folders ====================== C:\Program Files\surf slide not found C:\Program Files\Temp deleted C:\Program Files\Uninstall Information deleted C:\Program Files\Malwarebytes Anti-Malware deleted C:\Program Files\XTab deleted C:\Users\jonas\AppData\Roaming\RHEng deleted C:\Users\jonas\AppData\Roaming\ProductData deleted C:\PROGRA~2\IHProtectUpDate deleted C:\PROGRA~2\ProductData deleted C:\Users\jonas\AppData\Local\PriceFountain deleted C:\Users\jonas\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp deleted C:\Users\jonas\AppData\LocalLow\ADSRemoval deleted C:\windows\system32\Tasks\LaunchSignup deleted C:\windows\system32\tasks\ASP deleted C:\windows\system32\tasks\Wise Registry Cleaner Schedule Task deleted C:\windows\tasks\Wise Registry Cleaner Schedule Task.job deleted C:\windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb deleted C:\windows\System32\drivers\{aa2c8716-4fb1-4542-ac48-779c1c32a2a8}Gw.sys deleted C:\windows\system32\config\systemprofile\Searches deleted C:\windows\system32\GroupPolicy\Machine deleted C:\windows\system32\GroupPolicy\User deleted C:\windows\system32\GroupPolicy\gpt.ini deleted ==== Files Recently Created / Modified ====================== ====== C:\windows ==== ====== C:\Users\jonas\AppData\Local\Temp ==== 2015-02-19 15:46:18 712F20758FB7CBBC0E26C64E33C1C2D7 17205760 ----a-w- C:\Users\jonas\AppData\Local\Temp\BeidMW.msi ====== Java Cache ===== 2015-02-10 07:36:03 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\jonas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-721b7fb7 ====== C:\windows\system32 ===== 2015-02-12 06:59:06 DDE994E9159497D0D5AB2CDF66D1EAD6 76800 ----a-w- C:\windows\System32\wdi.dll 2015-02-12 06:59:06 A580CFFC56EE72550B803AED2EFD5442 27136 ----a-w- C:\windows\System32\powertracker.dll 2015-02-12 06:59:06 1115D5A98043254A0E787F888FC273C0 635904 ----a-w- C:\windows\System32\perftrack.dll 2015-02-12 06:41:00 4FD3763F3917201856B0CBCE310003EA 4300800 ----a-w- C:\windows\System32\jscript9.dll 2015-02-12 06:41:00 01BD2653F2185218837CF4A175617F8A 620032 ----a-w- C:\windows\System32\jscript9diag.dll 2015-02-11 07:29:22 F2A743912D404A8866362836CFE7A648 686080 ----a-w- C:\windows\System32\adtschema.dll 2015-02-11 07:29:22 F29BC66CE4A5507A49FB20744A056E61 22016 ----a-w- C:\windows\System32\secur32.dll 2015-02-11 07:29:22 CEFE50761B7681715C66AE3488363985 100352 ----a-w- C:\windows\System32\sspicli.dll 2015-02-11 07:29:22 BF08DE8E4FA1F143D41B3241F7FCE5F6 22528 ----a-w- C:\windows\System32\lsass.exe 2015-02-11 07:29:22 ACF312F6CCFC9249F739BF439DD4B80C 15872 ----a-w- C:\windows\System32\sspisrv.dll 2015-02-11 07:29:22 4E6934926B4C923CC0FF61C6D77814EF 50176 ----a-w- C:\windows\System32\auditpol.exe 2015-02-11 07:29:22 4775E1A0E15BF148098C35A19135F881 1061376 ----a-w- C:\windows\System32\lsasrv.dll 2015-02-11 07:29:22 43791D2F736C4E9BE9FE0B33A1E92A5D 60416 ----a-w- C:\windows\System32\msobjs.dll 2015-02-11 07:29:22 36F152AE2F64B12771A44EA77124332B 146432 ----a-w- C:\windows\System32\msaudite.dll 2015-02-11 07:28:39 15E13FB1C22A47A128965287194D1906 2380288 ----a-w- C:\windows\System32\win32k.sys 2015-02-11 07:28:03 B0F7BD3492C2D60A70F15AEADCE1E2A6 47616 ----a-w- C:\windows\System32\ieetwproxystub.dll 2015-02-11 07:28:03 94B1F7CE1AAA5542923E0AD63C4D0050 60416 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll 2015-02-11 07:28:03 71189E2787179666BDCD1374AE92BF62 102912 ----a-w- C:\windows\System32\ieetwcollector.exe 2015-02-11 07:28:02 E1A4D24281526DDFEA418F729CDA9DC6 30720 ----a-w- C:\windows\System32\iernonce.dll 2015-02-11 07:28:02 C4F2424A0671907FD3AC44EBE43C3C66 667648 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe 2015-02-11 07:28:02 8E8137569741D3693F88DDF94CC38C20 1307136 ----a-w- C:\windows\System32\urlmon.dll 2015-02-11 07:28:02 74EA6C792F57E453261DA210C1BCEB53 342712 ----a-w- C:\windows\System32\iedkcs32.dll 2015-02-11 07:28:02 73AFBF165241EB4502CD15107AA12CBA 684544 ----a-w- C:\windows\System32\ie4uinit.exe 2015-02-11 07:28:02 55A84600EAAF8F1D3F0E6206E2EF6D48 47104 ----a-w- C:\windows\System32\jsproxy.dll 2015-02-11 07:28:01 FD6AF61AF029B9BC2CF4EFF57CDD5821 710144 ----a-w- C:\windows\System32\ieapfltr.dll 2015-02-11 07:28:01 EF05E63ACC834470A07A2E73D519B5FA 418304 ----a-w- C:\windows\System32\dxtmsft.dll 2015-02-11 07:28:01 8FBC9680719ACDA9351B67D906C682F4 688640 ----a-w- C:\windows\System32\msfeeds.dll 2015-02-11 07:28:01 47B26D89EF9973E2DD586D0C827F61A9 2724864 ----a-w- C:\windows\System32\mshtml.tlb 2015-02-11 07:28:01 28B2D3CB1B4306D476200D80AF7D87AD 115712 ----a-w- C:\windows\System32\ieUnatt.exe 2015-02-11 07:28:00 AD3F5926EC2C1F21FB45D1CDED6E2A47 2052608 ----a-w- C:\windows\System32\inetcpl.cpl 2015-02-11 07:27:59 F285D499EC42969D963CA49EADA63218 1888256 ----a-w- C:\windows\System32\wininet.dll 2015-02-11 07:27:59 6F10743069DFFC56DEE079204960844E 168960 ----a-w- C:\windows\System32\msrating.dll 2015-02-11 07:27:59 5FB7E9786F70F4072663746072C9E6CE 62464 ----a-w- C:\windows\System32\iesetup.dll 2015-02-11 07:27:59 44791AA90DF93DD79E63ED3A38657964 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll 2015-02-11 07:27:57 994E7459260D315573DD72783D1B78A7 478208 ----a-w- C:\windows\System32\ieui.dll 2015-02-11 07:27:57 6FA05244FD2E40A3DC08337146B3C425 285696 ----a-w- C:\windows\System32\dxtrans.dll 2015-02-11 07:27:56 78A1A938D51D4F83A772123B93EE1612 12829184 ----a-w- C:\windows\System32\ieframe.dll 2015-02-11 07:27:50 D87759889FE7BCAE4461439139E62BAA 76288 ----a-w- C:\windows\System32\mshtmled.dll 2015-02-11 07:27:49 3B9EF1B8E154D202D32A7765E2F33554 64000 ----a-w- C:\windows\System32\MshtmlDac.dll 2015-02-11 07:27:49 180168942E4A133C55E7BBF17DA3C142 1155072 ----a-w- C:\windows\System32\mshtmlmedia.dll 2015-02-11 07:27:48 9A91F9B5035F54C2D0BA92CF9B16EE34 2277888 ----a-w- C:\windows\System32\iertutil.dll 2015-02-11 07:27:47 61C74D794C14E9FC94D93F5F0F72A3F9 19740160 ----a-w- C:\windows\System32\mshtml.dll 2015-02-11 07:27:46 9DEE691C8FDBC2DE6957F1AE873C78FC 503296 ----a-w- C:\windows\System32\vbscript.dll 2015-02-11 07:27:33 48D5B4FC2235E069A444C105B65D40BD 767488 ----a-w- C:\windows\System32\appraiser.dll 2015-02-11 07:27:32 EEA1C649DBE9628150207BC563DA77F2 482304 ----a-w- C:\windows\System32\generaltel.dll 2015-02-11 07:27:31 76293EF1A6BFCCBD901107E514E48624 886784 ----a-w- C:\windows\System32\aeinv.dll 2015-02-11 07:27:31 1C562DF669A412EF40A9871C8856AEE4 621056 ----a-w- C:\windows\System32\invagent.dll 2015-02-11 07:27:30 F57E1D225AE5C2C8F475A99BFDF018F4 1167520 ----a-w- C:\windows\System32\aitstatic.exe 2015-02-11 07:27:30 048FD5432E4C2B42EE39FD9F54ED162F 325632 ----a-w- C:\windows\System32\devinv.dll 2015-02-11 07:27:29 EE0759179FC7EB0012AF1A69C8AAE185 202752 ----a-w- C:\windows\System32\aepdu.dll 2015-02-11 07:27:29 0389CAF21A50D13A90D2699750D499B5 159744 ----a-w- C:\windows\System32\aepic.dll 2015-02-11 07:27:16 0C96A745A76C7DD75C5503E86D968E49 1174528 ----a-w- C:\windows\System32\crypt32.dll 2015-02-11 07:27:06 6D227897A458DA8A9518DACDC88F1947 3917760 ----a-w- C:\windows\System32\ntoskrnl.exe 2015-02-11 07:27:06 62C93E47A424A8EC79F3CF1719A2DCC6 3972544 ----a-w- C:\windows\System32\ntkrnlpa.exe 2015-02-11 07:26:54 B3BC38B886CA53C92D52EF724A9F0D45 308224 ----a-w- C:\windows\System32\scesrv.dll 2015-02-11 07:26:17 A208DAC2932649CFF82A6A684D8BB1F6 571904 ----a-w- C:\windows\System32\oleaut32.dll 2015-02-11 07:26:13 7C893DBA0A58855A99DA68B751FD223B 248832 ----a-w- C:\windows\System32\schannel.dll 2015-02-11 07:26:12 F3F6BE20A03215209B61CA85B4A83E1F 65536 ----a-w- C:\windows\System32\TSpkg.dll 2015-02-11 07:26:12 B63A6FF4339C9B701A93D3973C7FB6D2 550912 ----a-w- C:\windows\System32\kerberos.dll 2015-02-11 07:26:12 A12D64A94EC57079C2D96A741CB4FF53 172032 ----a-w- C:\windows\System32\wdigest.dll 2015-02-11 07:26:12 7D94A9161E8432B8521E60E064B1D737 259584 ----a-w- C:\windows\System32\msv1_0.dll 2015-02-11 07:26:12 3BB446DE24501FEA5FDB9A9DB23A22AE 221184 ----a-w- C:\windows\System32\ncrypt.dll 2015-02-11 07:26:11 C256EFD3655EC782F8094E96094E8F9E 17408 ----a-w- C:\windows\System32\credssp.dll 2015-02-11 07:26:04 793F6658ED65839FDB2957A4884CB63C 1230336 ----a-w- C:\windows\System32\WindowsCodecs.dll ====== C:\windows\system32\drivers ===== 2015-02-11 07:29:22 F516F1167EFBBC5ABC90687C94497869 369968 ----a-w- C:\windows\System32\drivers\cng.sys 2015-02-11 07:29:22 EF88BAC2B489D9C46F4E41ACF0219CD0 67520 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2015-02-11 07:29:22 49D70660EE8266988C1F99A0297A1430 136640 ----a-w- C:\windows\System32\drivers\ksecpkg.sys ====== C:\windows\Tasks ====== 2015-02-10 16:29:10 BDE732E79EEBCEF9090A9BFA9E6EAA72 3280 ----a-w- C:\windows\system32\Tasks\{0120B3E8-9A99-4675-8DB9-C69DA4B4698F} 2015-02-09 15:21:52 17F64940075B4DDD1D39EF6D38D39117 3282 ----a-w- C:\windows\system32\Tasks\{B7D0C3CB-0C28-417F-B08A-4DD600E3C0FE} 2015-01-26 08:26:28 9581B4A4843315837E853C44BD27D0C7 3878 ----a-w- C:\windows\system32\Tasks\Adobe Flash Player Updater 2015-01-26 08:26:28 0986F39713915BC29047152614660ACA 940 ----a-w- C:\windows\Tasks\Adobe Flash Player Updater.job ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2015-02-19 16:20:50 -------- d-----w- C:\Program Files\BeID Minidriver 2015-02-19 16:20:49 -------- d-----w- C:\Program Files\Belgium Identity Card ======= C: ===== ====== C:\Users\jonas\AppData\Roaming ====== 2015-02-10 14:48:32 -------- d-----w- C:\Users\jonas\AppData\Local\Apple 2015-01-26 08:14:27 -------- d-----w- C:\Users\jonas\AppData\Local\Adobe ====== C:\Users\jonas ====== 2015-02-19 16:21:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID 2015-02-10 14:48:27 -------- d-----w- C:\ProgramData\Apple 2015-01-27 08:05:09 5450D20FF9C7A30463EBCF6DAEA829F9 19968 --sha-w- C:\Users\jonas\Thumbs.db ====== C: exe-files == 2015-02-20 17:59:30 A1CF92651A2274E887189DABD2929DEF 82944 ----a-w- C:\Windows\Temp\7E239D63-851D-4B67-8E4D-B54EC1E631A4\DismHost.exe 2015-02-20 13:48:44 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK1UAFWI\RSIT.exe 2015-02-19 16:20:01 FEC2F27B4177267AE6CD92D71A42FCC1 45874680 ----a-w- C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26I6MZHV\eID-QuickInstaller-407-7466-signed_tcm227-258853.exe 2015-02-19 07:30:30 5F30C738D01AD4875DA46409FE07A2A2 28939668 ----a-w- C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K0NRYV8W\SafariSetup[1].exe === C: other files == 2015-02-17 13:47:44 3315140254247E248C3531F159C79109 14130 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3328793180-4141964508-2228772626-1001\$RFFSQYG.0_31\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3328793180-4141964508-2228772626-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "EPSON SX100 Series"="C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU C:\windows\TEMP\E_SF4D9.tmp /EF HKCU" "Google Update"="C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "IgfxTray"="C:\windows\system32\igfxtray.exe" "HotKeysCmds"="C:\windows\system32\hkcmd.exe" "Persistence"="C:\windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "EPSON SX100 Series"="C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU C:\windows\TEMP\E_SF4D9.tmp /EF HKCU" "Google Update"="C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe /c" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APLangApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APLangApp" "hkey"="HKLM" "command"="\"C:\\Program Files\\AnyPC Client\\APLangApp.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CLMLServer" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\Power2Go\\CLMLSvc.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\emsisoft anti-malware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="emsisoft anti-malware" "hkey"="HKLM" "command"="\"C:\\Program Files\\Emsisoft Anti-Malware\\a2guard.exe\" /d=60" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX100 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EPSON SX100 Series" "hkey"="HKCU" "command"="C:\\windows\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIEDE.EXE /FU \"C:\\windows\\TEMP\\E_S3ADD.tmp\" /EF \"HKCU\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\jonas\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSC" "hkey"="HKLM" "command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkyDrive] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SkyDrive" "hkey"="HKCU" "command"="\"C:\\Users\\jonas\\AppData\\Local\\Microsoft\\SkyDrive\\SkyDrive.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateLBPShortCut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdateLBPShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\LabelPrint\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\LabelPrint\" UpdateWithCreateOnce \"Software\\CyberLink\\LabelPrint\\2.5\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateP2GoShortCut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdateP2GoShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\Power2Go\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\Power2Go\" UpdateWithCreateOnce \"SOFTWARE\\CyberLink\\Power2Go\\6.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePDRShortCut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdatePDRShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDirector\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\PowerDirector\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerDirector\\7.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePPShortCut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdatePPShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerProducer\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\PowerProducer\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerProducer\\5.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePSTShortCut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdatePSTShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\DVD Suite\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\DVD Suite\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerStarter\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^jonas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] "item"="OneNote 2007 Schermopname en Snel starten" "backup"="C:\\windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup" "backupExtension"=".Startup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "Google Update"="\"C:\\Users\\jonas\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Task Scheduler Jobs ====================== C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/02/2015 16:46] C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [16/10/2014 08:23] C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [16/10/2014 08:23] C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3328793180-4141964508-2228772626-1001Core.job --a------ C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe [19/02/2013 06:55] C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3328793180-4141964508-2228772626-1001UA.job --a------ C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe [19/02/2013 06:55] ==== Other Scheduled Tasks ====================== "C:\windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\windows\system32\tasks\Adobe Flash Player Updater" [C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\windows\system32\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\windows\system32\tasks\advSRS4" ["C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe"] "C:\windows\system32\tasks\APSchedulerC" [C:\Program Files\AnyPC Client\APLanMgrC.exe] "C:\windows\system32\tasks\BatteryLifeExtender" [C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe] "C:\windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\windows\system32\tasks\Driver Booster SkipUAC (jonas)" [C:\Program Files\IObit\Driver Booster\DriverBooster.exe] "C:\windows\system32\tasks\EasyDisplayMgr" ["C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe"] "C:\windows\system32\tasks\Google Updater and Installer" [C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3328793180-4141964508-2228772626-1001Core" [C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3328793180-4141964508-2228772626-1001UA" [C:\Users\jonas\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\Java Update Scheduler" [C:\Program Files\Common Files\Java\Java Update\jusched.exe] "C:\windows\system32\tasks\SamsungSupportCenter" [%programfiles%\Samsung\Samsung Support Center\SSCKbdHk.exe] "C:\windows\system32\tasks\Soluto-Diagnostics" [C:\ProgramData\Soluto\Diag\SolutoDiag.exe] "C:\windows\system32\tasks\SUPBackground" ["%ProgramFiles%\Samsung\Samsung Update Plus\SUPBackground.exe"] "C:\windows\system32\tasks\User_Feed_Synchronization-{DB0944BC-C24F-44BC-A2A4-C757F52DEE53}" [C:\windows\system32\msfeedssync.exe] "C:\windows\system32\tasks\{08F03B23-BD80-4C67-9B43-41ADD3E4CA0C}" [C:\Program Files\Samsung Casual Games\Farm Frenzy 2\Launch.exe] "C:\windows\system32\tasks\{09160203-C21F-4840-B238-B63902F77B03}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.6.73.106.456/nl/abandoninstall?page=tsPlugin] "C:\windows\system32\tasks\{D542E14B-73CD-417F-B5CA-CE25AF57EEB4}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.1.73.129.456/nl/abandoninstall?page=tsMain] "C:\windows\system32\tasks\{E04A7F9B-D172-403A-A240-424A57AD13D3}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.3.0.116/nl/abandoninstall?source=lightinstaller&page=tsOptions&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault] "C:\windows\system32\tasks\{F3280E2D-B54D-4765-9E9B-BDABE82E03FA}" [C:\Program Files\Belgium Identity Card\EidViewer\eID Viewer.exe] "C:\windows\system32\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe] "C:\windows\system32\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe] "C:\windows\system32\tasks\Norton Management\Norton Error Analyzer" [C:\Program Files\Norton Management\Engine\3.2.2.12\SymErr.exe] "C:\windows\system32\tasks\Norton Management\Norton Error Processor" [C:\Program Files\Norton Management\Engine\3.2.2.12\SymErr.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\r2ananfj.default user_pref("browser.search.defaultenginename", "Yahoo!"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{F04D2D30-776C-4d02-8627-8E4385ECA58D}"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn" [21/02/2015 01:38] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== Profilepath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\r2ananfj.default BBF0479C2D30519A2E746D12CAE54B43 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U71 1ED046D972B98E0ADEC4D4D61BF37695 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.710.14 6C3E34E303DBDCB9F7EC1F7A7F6B1629 - C:\Users\jonas\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer 2D684F0DDF782C73847BED9503250991 - C:\Users\jonas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin 893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In 9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin 7ABA2EAB736F7E9EB0E03ACAA42CCB51 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox 8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions iikflkcanblccfahdhdonehdalibjnif - No path found[] nfengeggddojhakldhlpjdlddgkkjkdd - No path found[] nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx[20/09/2014 09:52] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://www.google.com" "SearchAssistant"="http://www.google.com" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\363FB0CBBA367FF4E81FEAD0F717B142 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26I6MZHV will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\jonas\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=609 folders=74 133830914 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\jonas\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\jonas\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26I6MZHV" not found "C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on za 21/02/2015 at 3:19:02,66 ======================