Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Pol on vr 19/06/2015 at 10:56:27,67. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Pol\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 19/06/2015 11:25:07 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\Citrix deleted successfully C:\Program Files\Lavasoft deleted successfully C:\PROGRA~2\ioloGovernor deleted successfully C:\Users\Pol\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Pol\AppData\Local\EmieSiteList deleted successfully C:\Users\Pol\AppData\Local\EmieUserList deleted successfully C:\Users\Pol\AppData\Local\PDFCreator deleted successfully C:\windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully C:\windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3740741272-41367026-2587978378-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000} deleted successfully HKEY_USERS\S-1-5-21-3740741272-41367026-2587978378-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CE7C3CF0-4B15-11D1-ABED-709549C10000} deleted successfully HKEY_USERS\S-1-5-21-3740741272-41367026-2587978378-1001\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully HKEY_CLASSES_ROOT\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully HKEY_CLASSES_ROOT\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3740741272-41367026-2587978378-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\videodownloadconverter_4zservice deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\videodownloadconverter_4zservice deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "VideoDownloadConverter EPM Support"=- "VideoDownloadConverter AppIntegrator 32-bit"=- ""=- ==== Batch Command(s) Run By Tool====================== De Winsock-catalogus is opnieuw ingesteld. De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien. ==== Deleting Files \ Folders ====================== C:\Program Files\Citrix not found C:\Program Files\Lavasoft not found C:\zoek_backup deleted C:\Program Files\Finale 2012 deleted C:\Users\Pol\AppData\Local\VideoDownloadConverter_4z deleted C:\Users\Pol\appdata\locallow\VideoDownloadConverter_4z deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipBtStackServer.1.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipBtStackServer.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipExplorer.1.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipExplorer.2.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipExplorer.3.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipExplorer.4.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipExplorer.5.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipExplorer.6.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipExplorer.7.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipExplorer.8.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipExplorer.9.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipExplorer.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipiexplore.1.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipiexplore.2.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipiexplore.3.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipiexplore.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipiMesh_V11_en_Setup.1.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipiMesh_V11_en_Setup.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipWScript.1.txt deleted C:\Users\Pol\AppData\Roaming\tracedll_ExpressZipWScript.txt deleted C:\Users\Pol\AppData\Roaming\pdfforge deleted C:\PROGRA~2\Lavasoft\Web Companion deleted C:\Users\Pol\AppData\Local\Lavasoft\WebCompanion.exe_Url_f5db2c2eotb405zbclgx4obr3tgwdj1t deleted C:\Users\Pol\AppData\Local\Lavasoft\AdBlockApprovedList.txt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted C:\windows\system32\config\systemprofile\Searches deleted C:\windows\system32\LavasoftTcpService.ini deleted C:\windows\system32\LavasoftTcpServiceOff.ini deleted "C:\windows\Installer\1e3f5d2.msi" deleted "C:\windows\Installer\1e3f5d9.msi" deleted "C:\windows\system32\LavasoftTcpService.dll" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\APPINTEGRATOR.EXE" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\APPINTEGRATORSTUB.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\ASSISTMONITOR.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\HiddenToolbarReminder.dll" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\TOOLBARGUARD.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\APA\ARBITER.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\ie_enable\ARBITER.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\APPINTEGRATOR.EXE" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\APPINTEGRATORSTUB.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\ASSISTMONITOR.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\HiddenToolbarReminder.dll" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\TOOLBARGUARD.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\APA\ARBITER.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\ie_enable\ARBITER.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\APPINTEGRATOR.EXE" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\APPINTEGRATORSTUB.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\ASSISTMONITOR.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\HiddenToolbarReminder.dll" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\TOOLBARGUARD.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\APA\ARBITER.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\ie_enable\ARBITER.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z" not deleted "C:\Program Files\VideoDownloadConverter_4z" not deleted "C:\Program Files\VideoDownloadConverter_4z" not deleted "C:\Program Files\VideoDownloadConverter_4z\bar" not deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin" not deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\APA" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\ie_default_search_provider" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\ie_enable" deleted "C:\Program Files\VideoDownloadConverter_4z\bar" not deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin" not deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\APA" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\ie_default_search_provider" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\ie_enable" deleted "C:\Program Files\VideoDownloadConverter_4z\bar" not deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin" not deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\APA" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\ie_default_search_provider" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\assists\ie_enable" deleted ==== Files Recently Created / Modified ====================== ====== C:\windows ==== ====== C:\Users\Pol\AppData\Local\Temp ==== 2015-06-19 08:59:22 D9348DB92AB4E5B94F005F0F651DE2B1 43008 -c--a-w- C:\Users\Pol\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdzotr3.dll 2015-06-19 08:42:50 D9348DB92AB4E5B94F005F0F651DE2B1 43008 -c--a-w- C:\Users\Pol\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz06pn8.dll ====== Java Cache ===== ====== C:\windows\system32 ===== 2015-06-11 14:58:51 FB034DE7F0D706EBA9513D8ED7478ACB 580712 ------w- C:\windows\System32\HPDiscoPMa011.dll 2015-06-10 07:58:56 C842601A18BA4D9058E7C0EFA5683513 102912 ----a-w- C:\windows\System32\ieetwcollector.exe 2015-06-10 07:58:56 8C3A03295F56D1FFB51D9D05DA42B12D 47616 ----a-w- C:\windows\System32\ieetwproxystub.dll 2015-06-10 07:58:56 185490A6C3BEDAC5EF547314F68AB07B 60416 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll 2015-06-10 07:58:55 FA628D79E5FD267039A2F7637BA10754 667648 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe 2015-06-10 07:58:55 C93AE4D14AEF5169791B35D97AE7C9FC 47104 ----a-w- C:\windows\System32\jsproxy.dll 2015-06-10 07:58:55 AD2726E4A53EC118D88CCA40260E1AE0 342728 ----a-w- C:\windows\System32\iedkcs32.dll 2015-06-10 07:58:55 ABE3B4B605499D726C27ACB6F756BC11 685568 ----a-w- C:\windows\System32\ie4uinit.exe 2015-06-10 07:58:55 96837E5864777688477AF6DE2332C06D 503808 ----a-w- C:\windows\System32\vbscript.dll 2015-06-10 07:58:55 81C1182A9EE7AC4D21187811DE66A7D0 30720 ----a-w- C:\windows\System32\iernonce.dll 2015-06-10 07:58:55 53E9614ADFA6A40A452BA014CEF6F261 1309696 ----a-w- C:\windows\System32\urlmon.dll 2015-06-10 07:58:54 E21AE910DF0C5CB7D46D8FA17A4567DE 115712 ----a-w- C:\windows\System32\ieUnatt.exe 2015-06-10 07:58:54 B6D8148C1C697A7BF04EE0FE82408B6A 710144 ----a-w- C:\windows\System32\ieapfltr.dll 2015-06-10 07:58:54 8C8B8C78C0CCD5D36ABCB115B0B581E1 2724864 ----a-w- C:\windows\System32\mshtml.tlb 2015-06-10 07:58:54 7DBCBB1647B7CD71E2039C1B50A12717 620032 ----a-w- C:\windows\System32\jscript9diag.dll 2015-06-10 07:58:54 2DED8A99E45053C42DD21D6937D3960C 689152 ----a-w- C:\windows\System32\msfeeds.dll 2015-06-10 07:58:54 17B0852D8202A872C3E6D01B518B6A4E 418304 ----a-w- C:\windows\System32\dxtmsft.dll 2015-06-10 07:58:53 4ABEEF30EA5B9F4718312DCB60B6C9BC 2052608 ----a-w- C:\windows\System32\inetcpl.cpl 2015-06-10 07:58:52 FB5C9234E4BF6BDAF4A954763A4582BA 168960 ----a-w- C:\windows\System32\msrating.dll 2015-06-10 07:58:52 5C06EE62F06E990E9521EA80B8D4D4B8 62464 ----a-w- C:\windows\System32\iesetup.dll 2015-06-10 07:58:51 E4EB138060BAE0DBAB1A3B71A3141FE7 1950720 ----a-w- C:\windows\System32\wininet.dll 2015-06-10 07:58:51 C27C8CACEBC712BE2AD791715E9734EC 664064 ----a-w- C:\windows\System32\jscript.dll 2015-06-10 07:58:51 AD392013A39DE951627EE402002E800C 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll 2015-06-10 07:58:50 F26680AF396F89F7ABFDA1D1D6B62011 285696 ----a-w- C:\windows\System32\dxtrans.dll 2015-06-10 07:58:49 DB254D50B4527C2821C537E0587B44E8 12829696 ----a-w- C:\windows\System32\ieframe.dll 2015-06-10 07:58:49 1A628C1F5470F0AF21E37E425026F27A 478208 ----a-w- C:\windows\System32\ieui.dll 2015-06-10 07:58:48 EF853EA2A6A7BD891CCF31B0C2915352 341504 ----a-w- C:\windows\System32\html.iec 2015-06-10 07:58:47 6B7210618D7E2CE0404ECF748701253A 76288 ----a-w- C:\windows\System32\mshtmled.dll 2015-06-10 07:58:46 9F6066005D8B8620598085C7499E9B70 64000 ----a-w- C:\windows\System32\MshtmlDac.dll 2015-06-10 07:58:46 85E21CCF38166E0D6DE2E42D9D3823BD 1155072 ----a-w- C:\windows\System32\mshtmlmedia.dll 2015-06-10 07:58:45 3FD7E6DB5D81FE400DB4D81D278596E6 4305920 ----a-w- C:\windows\System32\jscript9.dll 2015-06-10 07:58:44 975421AC32F9F6E27A58F75DAB4B5871 19607040 ----a-w- C:\windows\System32\mshtml.dll 2015-06-10 07:58:43 927E38A35E4DFC4E294BD130BAA6F759 2278912 ----a-w- C:\windows\System32\iertutil.dll 2015-06-10 07:52:03 BCD4C37A7043E75131111EA447210DE7 2384384 ----a-w- C:\windows\System32\win32k.sys 2015-06-10 07:48:18 7AB2DE012C88870C9274E966EC88AB61 853504 ----a-w- C:\windows\System32\diagtrack.dll 2015-06-10 07:48:17 9E68E1BDEBD85FC8803707370BE0FC6E 641536 ----a-w- C:\windows\System32\advapi32.dll 2015-06-10 07:48:17 8DF4BACE3A14DA53F787631839C9A400 1061376 ----a-w- C:\windows\System32\lsasrv.dll 2015-06-10 07:48:17 2CA16814DA3C5B2D8C7E70DC47A45ED1 551424 ----a-w- C:\windows\System32\kerberos.dll 2015-06-10 07:48:16 7EBEA2FD2CA9200B18BC8252AF018797 1307648 ----a-w- C:\windows\System32\ntdll.dll 2015-06-10 07:48:16 6D4B495554B49F5221A946F4DA3A6A74 400896 ----a-w- C:\windows\System32\srcore.dll 2015-06-10 07:48:16 641A14E6AC492ED45BC68815E2E2F566 3989440 ----a-w- C:\windows\System32\ntkrnlpa.exe 2015-06-10 07:48:16 3C1BE79C3CE6EB378108B11D94CA1072 364544 ----a-w- C:\windows\System32\tracerpt.exe 2015-06-10 07:48:15 EA141596564AE0C670EDD0F2636EC29C 259584 ----a-w- C:\windows\System32\msv1_0.dll 2015-06-10 07:48:15 CA2628766DC1DFAF7D993C1E33391478 262656 ----a-w- C:\windows\System32\rstrui.exe 2015-06-10 07:48:15 BBABC6702529CFADAC0EC2B28168A288 248832 ----a-w- C:\windows\System32\schannel.dll 2015-06-10 07:48:15 9A50B2567918BF7DDD600ECE5DB5ED76 221184 ----a-w- C:\windows\System32\ncrypt.dll 2015-06-10 07:48:15 583FFF12D2F0D6E1A8746462C433895F 3934144 ----a-w- C:\windows\System32\ntoskrnl.exe 2015-06-10 07:48:15 4238391DE3E3FDCD2C731C1E4E0F402C 635392 ----a-w- C:\windows\System32\tdh.dll 2015-06-10 07:48:15 3B5DA649BF7B7D07510C06DE0AEEB4EB 82944 ----a-w- C:\windows\System32\logman.exe 2015-06-10 07:48:14 FCA6EFFEE6D7D42E794F0E538297026C 43008 ----a-w- C:\windows\System32\srclient.dll 2015-06-10 07:48:14 F85FA29340A536C8E0A16151B9B03923 50176 ----a-w- C:\windows\System32\auditpol.exe 2015-06-10 07:48:14 D2967F6D4205A227AAA7D094C12F7141 22528 ----a-w- C:\windows\System32\lsass.exe 2015-06-10 07:48:14 C5C99A03FD48D39B6D36D46682A93B7D 38912 ----a-w- C:\windows\System32\csrsrv.dll 2015-06-10 07:48:14 ABD1DC994FD40C5F74F7DFDCEEB64599 69632 ----a-w- C:\windows\System32\smss.exe 2015-06-10 07:48:14 A9E8F961F7FE1EDEEF8F46EEB800F2D8 172032 ----a-w- C:\windows\System32\wdigest.dll 2015-06-10 07:48:14 65A5E27C2217D606E212B6088CCD6104 92160 ----a-w- C:\windows\System32\sechost.dll 2015-06-10 07:48:14 629AD3FDA168D82D459164044A29F9BB 40448 ----a-w- C:\windows\System32\typeperf.exe 2015-06-10 07:48:14 5643A88C6DA8AAEC9CE2845431942650 65536 ----a-w- C:\windows\System32\TSpkg.dll 2015-06-10 07:48:14 3E6731BF36A7D6C62D09671B427B6B67 37888 ----a-w- C:\windows\System32\relog.exe 2015-06-10 07:48:13 FB224B0A63B8F58E91FE8A314AD295AD 17408 ----a-w- C:\windows\System32\diskperf.exe 2015-06-10 07:48:13 87BCBD110BB804C8AB3632CEB3B8DA32 15872 ----a-w- C:\windows\System32\sspisrv.dll 2015-06-10 07:48:13 7A9F94E0F53C8F6E09405351AC104A3C 17408 ----a-w- C:\windows\System32\credssp.dll 2015-06-10 07:48:13 769E395FF48802E1276FB615466E38C9 100352 ----a-w- C:\windows\System32\sspicli.dll 2015-06-10 07:48:13 52C869A640B8169D7C8460FB1646ABF5 6656 ----a-w- C:\windows\System32\apisetschema.dll 2015-06-10 07:48:13 2E65BF3D85BB2C831669FBCBDE6C9879 686080 ----a-w- C:\windows\System32\adtschema.dll 2015-06-10 07:48:13 2D23A10FBFA09DC1B61799128BBA91A2 22016 ----a-w- C:\windows\System32\secur32.dll 2015-06-10 07:48:12 911B76808EB28284B7395E62C8645319 36864 ----a-w- C:\windows\System32\UtcResources.dll 2015-06-10 07:48:12 7E7933E63BBE2BE71CC908EF140458EF 60416 ----a-w- C:\windows\System32\msobjs.dll 2015-06-10 07:48:12 619D5101114C71E1A4A585C5E68301B7 146432 ----a-w- C:\windows\System32\msaudite.dll 2015-06-10 07:47:34 A98E8F79C738CAF23C152DBCABD978FE 11411456 ----a-w- C:\windows\System32\wmp.dll 2015-06-10 07:47:33 605E9B2CFA3445ED7716D0B345EE21EC 8192 ----a-w- C:\windows\System32\spwmp.dll 2015-06-10 07:47:33 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\windows\System32\msdxm.ocx 2015-06-10 07:47:33 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\windows\System32\dxmasf.dll 2015-06-10 07:47:32 DA27A4EA7B7C77FAFDB3F94D83E310C1 12625408 ----a-w- C:\windows\System32\wmploc.DLL 2015-06-10 07:47:30 957655757F43858692289B96F73716D8 868352 ----a-w- C:\windows\System32\kernel32.dll 2015-06-10 07:47:29 A83DD77AC941A8B1B2652035EA589149 169984 ----a-w- C:\windows\System32\winsrv.dll 2015-06-10 07:47:29 87A703DECCDC1BFCAC67E1D4686F67B6 293376 ----a-w- C:\windows\System32\KernelBase.dll 2015-06-10 07:47:29 015E337ABA03750D890A035819688FE1 271360 ----a-w- C:\windows\System32\conhost.exe 2015-06-10 07:47:24 58788565442368B0615DDAF1D452B843 530432 ----a-w- C:\windows\System32\comctl32.dll 2015-06-05 12:12:15 E14C37DFCEDAD75474570C1E650D2EBC 901120 ----a-w- C:\windows\System32\aeinv.dll 2015-06-05 12:12:15 A3F7329F6D8EA371316F019EF19F2551 879104 ----a-w- C:\windows\System32\appraiser.dll 2015-06-05 12:12:15 9BA4FB5EA245A26D5FC1E061DAF29647 571392 ----a-w- C:\windows\System32\generaltel.dll 2015-06-05 12:12:15 05335321524A70C5520CBFAEE13B702E 621568 ----a-w- C:\windows\System32\invagent.dll 2015-06-05 12:12:15 047146E831EA517A1B65AD6646FF4909 163840 ----a-w- C:\windows\System32\aepic.dll 2015-06-05 12:12:14 94706C6DD2660039B4D193512C2CE8C2 333824 ----a-w- C:\windows\System32\devinv.dll 2015-06-05 12:12:14 8F24AB8081EBA455A5FDF5990CC318C0 202752 ----a-w- C:\windows\System32\aepdu.dll 2015-06-05 12:12:14 4C889CD7AB77ABAAF86AA0956EFDC840 37888 ----a-w- C:\windows\System32\acmigration.dll ====== C:\windows\system32\drivers ===== 2015-06-10 07:48:32 575DF237408CA735631F7A0DC423D873 54656 ----a-w- C:\windows\System32\drivers\stream.sys 2015-06-10 07:48:15 3C9D9DFCF517103677D7B6255C727B48 67520 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2015-06-10 07:48:15 0DFC56491C8B56A35AD52EAF770752FE 137664 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2015-05-28 13:16:18 B993241FB104974D43F4260F4AE59E23 68280 ----a-w- C:\windows\System32\drivers\RapportHades.sys 2015-05-28 13:16:16 CD11BED366796C1E26E484103E0B867D 218008 ----a-w- C:\windows\System32\drivers\RapportKELL.sys ====== C:\windows\Tasks ====== 2015-06-18 13:51:08 7F4452EBF071B09A9CD6BC348D7E32F6 1016 ----a-w- C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3740741272-41367026-2587978378-1001UA.job 2015-06-18 13:51:08 763753197C462D6C6E456638D519EC16 3982 ----a-w- C:\windows\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-3740741272-41367026-2587978378-1001UA 2015-06-18 13:51:05 D45434817FD93DC28439B964E0BCB82F 3586 ----a-w- C:\windows\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-3740741272-41367026-2587978378-1001Core 2015-06-18 13:51:04 E2138B74B1667B961FAA9258C90D539B 964 ----a-w- C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3740741272-41367026-2587978378-1001Core.job 2015-06-11 15:08:36 5437EC5C61F0374E949187284C8DC687 2974 ----a-w- C:\windows\system32\Tasks\HPCustPartic.exe_{D5B682D9-EFC5-4F29-A71F-7D1338C813C5} 2015-06-11 14:59:20 48C1D3C9AB69895E0171E5F53F1E08DF 3618 ----a-w- C:\windows\system32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series 2015-06-11 13:32:31 92F9BDFDF6818D78372503AA7EB517DF 3942 ----a-w- C:\windows\system32\Tasks\Registration ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2015-06-10 22:42:20 -------- d-----w- C:\Program Files\Common Files\AV 2015-05-26 10:30:05 -------- d-----w- C:\Program Files\VideoDownloadConverter_4z ======= C: ===== 2015-06-19 08:48:12 8DFD1A1F381E56B5FBCB08572E038A7E 454 -c--a-w- C:\scipt.txt ====== C:\Users\Pol\AppData\Roaming ====== 2015-06-18 13:53:18 -------- d-----w- C:\Users\Pol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-06-18 13:50:58 -------- d-----w- C:\Users\Pol\AppData\Local\Dropbox 2015-06-06 08:09:05 -------- d-----w- C:\Users\Pol\AppData\Local\GWX ====== C:\Users\Pol ====== 2015-06-18 17:13:50 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Pol\Desktop\RSIT.exe 2015-06-18 13:50:58 -------- d-----w- C:\ProgramData\Dropbox 2015-06-04 13:25:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync ====== C: exe-files == === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3740741272-41367026-2587978378-1001\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" "GoogleChromeAutoLaunch_579742569BC839997C43F7836E24B15F"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "NokiaSuite.exe"="C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray" "HP Deskjet 3050A J611 series (NET)"="C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe -deviceID CN34K1CK6P05WK:NW -scfn HP Deskjet 3050A J611 series (NET) -AutoStart 1" "Google Update"="C:\Users\Pol\AppData\Local\Google\Update\GoogleUpdate.exe /c" "MusicManager"="C:\Users\Pol\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [HKEY_USERS\S-1-5-21-3740741272-41367026-2587978378-1001\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "NetPanel"="C:\Program Files\NetPanel\Starter.exe /path=C:\Program Files\NetPanel" "HotKeysCmds"="C:\windows\system32\hkcmd.exe" "WirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" "IgfxTray"="C:\windows\system32\igfxtray.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" "QLBController"="C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start" "SignIn"="C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe /autorun" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [HKEY_USERS\S-1-5-21-3740741272-41367026-2587978378-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Google+ Auto Backup"="C:\Users\Pol\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart" "OneDrive"="C:\Users\Pol\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "GoogleChromeAutoLaunch_579742569BC839997C43F7836E24B15F"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window" "Google Update"="C:\Users\Pol\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Sync2"="C:\Program Files\4Team Corporation\Sync2\Sync2.exe /background" "HP Deskjet 3050A J611 series (NET)"="C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe -deviceID CN34K1CK6P05WK:NW -scfn HP Deskjet 3050A J611 series (NET) -AutoStart 1" "MusicManager"="C:\Users\Pol\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" "Dropbox Update"="C:\Users\Pol\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="C:\windows\system32\igfxpers.exe" "IsaKbcCertUpdate"="C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Google+ Auto Backup"="C:\Users\Pol\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart" "OneDrive"="C:\Users\Pol\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "GoogleChromeAutoLaunch_579742569BC839997C43F7836E24B15F"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window" "Google Update"="C:\Users\Pol\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Sync2"="C:\Program Files\4Team Corporation\Sync2\Sync2.exe /background" "HP Deskjet 3050A J611 series (NET)"="C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe -deviceID CN34K1CK6P05WK:NW -scfn HP Deskjet 3050A J611 series (NET) -AutoStart 1" "MusicManager"="C:\Users\Pol\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" "Dropbox Update"="C:\Users\Pol\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcSoft Connection Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcSoft Connection Service" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\beid] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="beid" "hkey"="HKLM" "command"="\"C:\\Program Files\\Belgium Identity Card\\beid35gui.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPAdvisorDock] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPAdvisorDock" "hkey"="HKCU" "command"="C:\\Program Files\\Hewlett-Packard\\HP Advisor\\Dock\\HPAdvisorDock.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LightScribe Control Panel" "hkey"="HKCU" "command"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyTomTomSA.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MyTomTomSA.exe" "hkey"="HKCU" "command"="C:\\Program Files\\MyTomTom 3\\MyTomTomSA.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaSuite.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NokiaSuite.exe" "hkey"="HKCU" "command"="C:\\Program Files\\Nokia\\Nokia Suite\\NokiaSuite.exe -tray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl11] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RemoteControl11" "hkey"="HKLM" "command"="C:\\Program Files\\CyberLink\\PowerDVD11\\PDVD11Serv.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Pol\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SysTrayApp" "hkey"="HKLM" "command"="C:\\Program Files\\IDT\\WDM\\sttray.exe" ==== Startup Folders ====================== 2015-06-18 15:11:16 1130 ----a-w- C:\Users\Pol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [15/06/2015 12:25] C:\windows\tasks\DropboxUpdateTaskUserS-1-5-21-3740741272-41367026-2587978378-1001Core.job --a------ C:\Users\Pol\AppData\Local\Dropbox\Update\DropboxUpdate.exe [18/06/2015 15:50] C:\windows\tasks\DropboxUpdateTaskUserS-1-5-21-3740741272-41367026-2587978378-1001UA.job --a------ C:\Users\Pol\AppData\Local\Dropbox\Update\DropboxUpdate.exe [18/06/2015 15:50] C:\windows\tasks\GoogleUpdateTaskMachineCore1d046058817a5fc.job --a------ [Undetermined Task] C:\windows\tasks\GoogleUpdateTaskMachineUA1d046058a9b25f8.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [18/10/2014 20:03] C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3740741272-41367026-2587978378-1001Core.job --a------ C:\Users\Pol\AppData\Local\Google\Update\GoogleUpdate.exe [11/04/2014 10:55] C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3740741272-41367026-2587978378-1001UA.job --a------ C:\Users\Pol\AppData\Local\Google\Update\GoogleUpdate.exe [11/04/2014 10:55] C:\windows\tasks\HPCeeScheduleForPol.job --a------ C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [05/01/2010 12:53] ==== Other Scheduled Tasks ====================== "C:\windows\system32\tasks\4Team updater" [C:\Program Files\4Team Corporation\4Team-Updater\4Team-Updater.exe] "C:\windows\system32\tasks\Adobe Flash Player Updater" [C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\windows\system32\tasks\DropboxUpdateTaskUserS-1-5-21-3740741272-41367026-2587978378-1001Core" [C:\Users\Pol\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\windows\system32\tasks\DropboxUpdateTaskUserS-1-5-21-3740741272-41367026-2587978378-1001UA" [C:\Users\Pol\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskMachineCore1d046058817a5fc" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskMachineUA1d046058a9b25f8" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3740741272-41367026-2587978378-1001Core" [C:\Users\Pol\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3740741272-41367026-2587978378-1001UA" [C:\Users\Pol\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\HPCeeScheduleForPol" [C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\windows\system32\tasks\HPCustPartic.exe_{D5B682D9-EFC5-4F29-A71F-7D1338C813C5}" [C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe] "C:\windows\system32\tasks\HPCustParticipation HP Deskjet 3050A J611 series" ["C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe"] "C:\windows\system32\tasks\iolo Process Governor" [C:\Program Files\iolo\System Mechanic\iologovernor.exe] "C:\windows\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton 360\Engine\21.7.0.11\WSCStub.exe"] "C:\windows\system32\tasks\Opera scheduled Autoupdate 1419198961" [C:\Program Files\Opera\launcher.exe] "C:\windows\system32\tasks\Registration" ["C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\windows\system32\tasks\User_Feed_Synchronization-{95F51530-CDF6-47EE-95D7-EB8D604D46FD}" [C:\windows\system32\msfeedssync.exe] "C:\windows\system32\tasks\{5B6B9D14-6B8E-4C9B-96F7-9B3ACF641D5E}" [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] "C:\windows\system32\tasks\{8BB8C829-EFE3-420C-9084-230D325EED7C}" [C:\Program Files\Microsoft Office\Office12\WINWORD.EXE] "C:\windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\windows\system32\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files\Norton 360\Engine\21.7.0.11\SymErr.exe] "C:\windows\system32\tasks\Norton 360\Norton Error Processor" [C:\Program Files\Norton 360\Engine\21.7.0.11\SymErr.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Pol\AppData\Roaming\Mozilla\Firefox\Profiles\0pkevk53.default user_pref("browser.startup.homepage", "http://www.bing.com/?pc=COSP&ptag=D121114-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.bing.com/?pc=COSP&ptag=D121114-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Bing"); user_pref("browser.search.selectedEngine", "Bing"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn" [19/06/2015 10:43] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "gemgecko@gemius.com"="C:\Program Files\NetPanel\gemgecko_ext" [26/01/2015 16:47] ==== Firefox Extensions ====================== ExtDir: C:\Users\Pol\AppData\Roaming\Mozilla\Extensions - Undetermined - %ExtDir%\{1FD91A9C-410C-4090-BBCC-55D3450EF433} AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== Profilepath: C:\Users\Pol\AppData\Roaming\Mozilla\Firefox\Profiles\0pkevk53.default 9A6101F29E2E9D41B99CBCC8F106E8FE - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.124 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions iikflkcanblccfahdhdonehdalibjnif - No path found[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx[05/03/2015 10:45] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions bbjllphbppobebmjpjcijfbakobcheof - No path found[] kegdldmohomdaelnepdpbkdhfemobdgl - No path found[] Google Docs - Pol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Pol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Rapport - Pol\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof YouTube - Pol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Pol\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Norton Identity Safe - Pol\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Google Maps - Pol\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh Norton Security Toolbar - Pol\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Norton Identity Safe - Pol\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgpiocdhdmnglomggfjkkonjjfahnom Norton Safe Search as default for Chrome - Pol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl Google Wallet - Pol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Pol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Onderzoek CIM Internet bereikstudie - Pol\AppData\Roaming\Opera Software\Opera Stable\Extensions\ojedjnlojkfjbmjlpknfclknchaenlpm ==== Chromium Startpages ====================== C:\Users\Pol\AppData\Local\Google\Chrome\User Data\Default\Preferences it_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13047319444616358","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"y","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072005726744001","lastpingday":"13079170800704693","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"nl","default_locale":"en","description":"Een snelle, doorzoekbare e-mailfunctie met minder spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"pol.hessels@gmail.com","username":"pol.hessels@gmail.com"}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"04ED30718DF41407CBA3B40A61979BD9FA86EAE799239692424E51A015A3F350"},"default_search_provider":{"keyword":"1614A8F47E7BE9D0C4BBDB9BA855F50EE96A729D085F9BBFEC1530D6DD7C5163","name":"BDD4F1222088EF80D6C9829335910A937EC33E32E8AAACF8D0EDD23DFE4AA205","search_url":"BE9D84E559CFB4077F8EABD65E36C25E86ADA7B196BF2801FFE4B74D94A8C062"},"default_search_provider_data":{"template_url_data":"14DD1A9D4F879361AFD18A3DF0D450631499C4A4C40D1E63DEAD5687CE8380A0"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"AD021DB019E4D4D8EB383A18A5926340918459B18CB75675569F7C75BC5C9730","aohghmighlieiainnegkcijnfilokake":"E6ACAD2868A8AFDE1A8234DD30215A61712BFDECB699789506377F27A94FD923","apdfllckaahabafndbhieahigkjlhalf":"018E6F536247D74EFFE1AB7E68F1932121221FC552F9DB0C76042A35C34A9FB8","bbjllphbppobebmjpjcijfbakobcheof":"9F353398065D2033BAA62007783BAF115165FFF7E72EE09D40FFCC4EE229540A","bepbmhgboaologfdajaanbcjmnhjmhfn":"ACDEFA6593C2726E4E02011F84917725FBD65C54781CDB484A1A68F9AFA17952","blpcfgokakmgnkcojhhkbfbldkacnbeo":"A6B24731F499AE40D0A3C92059C1AB565F46489C99DD99E23DE66152B7A12074","coobgpohoikkiipiblmjeljniedjpjpf":"D66C55050A9CF7898831CA75B1D443309D0458D9AB98F87E0E6251806041F7A2","eemcgdkfndhakfknompkggombfjjjeno":"2CF9581BA9325179C65A63DB638ECD51C9E1ED2C74E5D6F2AF6CE7B5376C3556","ennkphjdgehloodpbhlhldgbnhmacadg":"4D2120261107EC3EE5FBE2D2EA59250B917BCF99D889A2948B1E5301E3380475","gfdkimpbcpahaombhbimeihdjnejgicl":"87A2A7418CB918FB793E99E4295DDE88387B9BCB8315098BE76D898DD91FE7F9","iikflkcanblccfahdhdonehdalibjnif":"09993D231390D1BD80246C0BD385C6E699620017C7A60D05F450488EE898074D","kegdldmohomdaelnepdpbkdhfemobdgl":"D3DF7DE1BAF40D25981FADE0798119A6EFAF90ECA5A1BD8800EDDC0F99030FFE","kmendfapggjehodndflmmgagdbamhnfd":"AB5537734F3CE4075518A47B35CF2C008C360D1864345D61047E60F25F03BA88","lneaknkopdijkpnocmklfnjbeapigfbh":"4FE7CAAC7FEE96797057C13E536540AA5245F65AF743AB6DFAFE4B63D4F2F40F","mfehgcgbbipciphmccgaenjidiccnmng":"CC41A8102084733C20175FAC81E4849EAF215C8F10ACA0198D122AF0B1C66E16","mfffpogegjflfpflabcdkioaeobkgjik":"710E35462B6A4956F0764F7B11740DEE30D18FC65929F56946D180EF0E47CFB3","mgndgikekgjfcpckkfioiadnlibdjbkf":"35F828D151DF16CAD459310ADD30E36077CFD0AA81BD5FB5BBF6639EB8B74C87","mhjfbmdgcfjbbpaeojofohoefgiehjai":"05C76D80A834F8FF3D1EE5234BD2CADD193B2ED39D60ED64FE710B3C61C184E3","mkfokfffehpeedafpekjeddnmnjhmcmk":"24B068FA1D771730A3D294EC97586C8885779CEDDA487D2A9751B050BA54E1AD","neajdppkdcdipfabeoofebfddakdcjhd":"7A2A0D42079C93EF2FD986FA6837BA06F97CB1DFB4D3F3D5B74AE52048D384BF","njgpiocdhdmnglomggfjkkonjjfahnom":"833CC878535CC0979F762958C52A14BD80E62F8D76C3A297CFB30FC10AECEE7B","nkeimhogjdpnpccoofpliimaahmaaome":"5505D9246E1AC5BC9F1A7C89BF8F14EA40D916B14254C3581F9439260FAE0B3D","nmgcfemagnogdodbambjhdcmfcpicngl":"E55695D31562134127D100078A11A5E072E2B580B6D2405898541CC06C6F551A","nmmhkkegccagdldgiimedpiccmgmieda":"B9C47D069041698BCE4A25F33F9E2B77DDBECF55EC15A07B9C051A324BB6053B","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"42C3635AC8F79F1A53315C469BD77DABB42C4F2900B50BA370F7007672DAB1F8","pjkljhegncpnkpknbcohdijeoejaedia":"6317A2D28FE31B4D7EE26EBB96A58B1E72FC10AC5C37B7ECCCA18A183A8EC751"}},"google":{"services":{"last_username":"DB14945DFC0F74E44B08CDDFDB8806DCF8FF4C3AF0E955B5B54FB5C76C368E2C","username":"290693A6A4483A5709D2D9AD8B4BCC25559A5833086933CBE26F776B37F899BB"}},"homepage":"D29B5360020E45CF0B3F689C8F61F10D48445B8B8F1773324534577460E7EC9C","homepage_is_newtabpage":"4DCA4D15428B2E158CAC4CC15197C41DED1DA496E581A08BF1B35D8582DDBAF0","pinned_tabs":"3CB16B3720E72C883AD3B6AE15006E2980FF200C7DC4F1DFB751B796A508F832","prefs":{"preference_reset_time":"6EFAD5B82CA7652969012CE98C4D5497EB5BA27C006D7D4835F5747C2461C68C"},"profile":{"reset_prompt_memento":"EFACEC3415E565D8874C2A7E4F211FDC0F3636764554E25DFA9D9FDA95C853B4"},"safebrowsing":{"incidents_sent":"CECE5437BBCCEB5FF93DB2EDDA0026F1DC6DDE1EE6555B80C6934BDD631AB0F5"},"search_provider_overrides":"353CBFC52524E48FD42999BCD5C76DD68BD330F8DFD15D367B7A24A4C3AB608F","session":{"restore_on_startup":"FDE48AFF308982E6C6CB9CF42E0A6BA4CE1C459CDB7F890A05490041894D5F89","startup_urls":"D276FB66B7D49C61A4835282E0789D797846D05338607AEA51D605FF28CC01E2"},"software_reporter":{"prompt_reason":"A0EA51E5851A99B742727BCBEE4FC9FDA6D686A585A62AB92562AA31F3ABEAFD","prompt_seed":"5AFA977E64CD4DCBB35685CF0C41CF6B0EAC913817E4ED621216F9D6FBD7C66E","prompt_version":"44469075A97939594CDCA18DE0B5FEB60DC962FFB904F15F5D3ED19A18A1FD15"},"sync":{"remaining_rollback_tries":"BEBA8F76F7B317299E09D2B2A02DD75FCFEE87DBCD0EBC807EB2DEAE46C0DE71"}},"super_mac":"2B7E4161202F7BA6E79DE95B7625816E9D08A75D90134419E178493202E48592"},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\Pol\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nortonsafe.search.ask.com_0.localstorage deleted successfully C:\Users\Pol\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nortonsafe.search.ask.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.standaard.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.standaard.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="https://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_nlBE436" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5E6F9C984D05C004BA69A54957484D6D deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\34B6F556A070C304D9FAF3CC18C3E295 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89C9F6E5-50D4-400C-AB96-5A947584D4D6} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{655F6B43-070A-403C-9DAF-3FCC813C2E59} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5E6F9C984D05C004BA69A54957484D6D deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\34B6F556A070C304D9FAF3CC18C3E295 deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Pol\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Pol\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Pol\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\Pol\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\VideoDownloadConverter_4z" not found "C:\Program Files\VideoDownloadConverter_4z" not found "C:\Program Files\VideoDownloadConverter_4z" not found ==== EOF on vr 19/06/2015 at 13:34:27,71 ======================