Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Feyenoorder on za 08-08-2015 at 9:37:34,89. Microsoft Windows 8.1 Pro 6.3.9600 x86 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Feyenoorder\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 8-8-2015 09:42:14 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\AGEIA Technologies deleted successfully C:\Program Files\NeroInstall.bak deleted successfully C:\Program Files\Wondershare deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\Users\Feyenoorder\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Feyenoorder\AppData\Roaming\Vso deleted successfully C:\Users\Feyenoorder\AppData\Roaming\XCPCSync.OEM deleted successfully C:\Users\Feyenoorder\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully C:\Users\Feyenoorder\AppData\Local\cache deleted successfully C:\Users\Feyenoorder\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Feyenoorder\AppData\Local\EmieSiteList deleted successfully C:\Users\Feyenoorder\AppData\Local\EmieUserList deleted successfully C:\Users\Feyenoorder\AppData\Local\UPC deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3495224090-2880344782-4187742138-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{451C804F-C205-4F03-B48E-537EC94937BF} deleted successfully HKEY_USERS\S-1-5-21-3495224090-2880344782-4187742138-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} deleted successfully HKEY_USERS\S-1-5-21-3495224090-2880344782-4187742138-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B02B1316-279A-4826-B551-5C2C33D2A65F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{451C804F-C205-4F03-B48E-537EC94937BF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== æTorrent Aangifte inkomstenbelasting 2012 Aangifte inkomstenbelasting 2013 Aangifte inkomstenbelasting 2014 Adobe Digital Editions 4.0 Adobe Flash Player 18 NPAPI Adobe Reader XI (11.0.12) - Nederlands Adobe Refresh Manager Avast Free Antivirus AxCrypt 1.7.2867.0 BlackBerry 10 Desktop Software BlackBerry Blend BlackBerry Communication Drivers BlackBerry Device Drivers BlackBerry Link BlackBerry Link Remover Brother MFL-Pro Suite CCleaner CIF USB Camera (2110) Classic Shell COMODO Firewall CrystalDiskInfo 5.6.2 Shizuku Edition Duplicate Cleaner Free 3.2.4 EVEREST Corporate Edition v5.50 EVEREST Ultimate Edition v5.50 Facebook Video Calling 2.0.0.447 Foxit Reader Google Chrome Google Toolbar for Internet Explorer Google Update Helper iPhoto Plus 4 Java 7 Update 51 Java Auto Updater Malwarebytes Anti-Malware versie 2.1.8.1057 Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe (x86) Microsoft ASP.NET MVC 4 Runtime Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 39.0.3 (x86 nl) Mozilla Maintenance Service Nero 8 Essentials neroxml Nitro Pro 8 NVIDIA-configuratiescherm 340.52 NVIDIA 3D Vision controllerstuurprogramma 340.50 NVIDIA 3D Vision stuurprogramma 340.52 NVIDIA GeForce Experience 2.1.1 NVIDIA Grafisch stuurprogramma 340.52 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA PhysX NVIDIA PhysX systeemsoftware 9.13.1220 NVIDIA ShadowPlay 15.3.33 NVIDIA Stereoscopic 3D Driver NVIDIA Update 15.3.33 NVIDIA Update Core NVIDIA Virtual Audio 1.2.23 Parrot Software Update Tool Rapport Revo Uninstaller 1.95 Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2883029) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2965282) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2863812) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965208) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965210) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2965281) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2965283) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB3054996) 32-Bit Edition SHIELD Streaming SkypeT 7.0 Smart Defrag 2 SopCast 3.8.3 Spotify Spybot - Search & Destroy SpywareBlaster 5.0 TeamViewer 10 TomTom HOME TomTom HOME Visual Studio Merge Modules Trusteer Eindpuntbeveiliging Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3054986) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) VCRedistSetup VirtualCloneDrive VLC media player WinRAR 5.00 (32-bit) ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 {451C804F-C205-4F03-B48E-537EC94937BF} ==== Deleting Files \ Folders ====================== C:\Program Files\AGEIA Technologies not found C:\Program Files\NeroInstall.bak not found C:\Program Files\Wondershare not found {451C804F-C205-4F03-B48E-537EC94937BF} not found C:\Program Files\SopCast deleted C:\Users\Feyenoorder\AppData\Roaming\pcouffin.log deleted C:\Users\Feyenoorder\AppData\Roaming\Rim.Desktop.Exception.log deleted C:\Users\Feyenoorder\AppData\Roaming\Rim.Desktop.HttpServerSetup.log deleted C:\Users\Feyenoorder\AppData\Roaming\Rim.DesktopHelper.Exception.log deleted C:\PROGRA~2\Wondershare Video Converter Ultimate deleted C:\PROGRA~2\Package Cache deleted C:\Users\Feyenoorder\AppData\Local\Wondershare deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\wininit.ini deleted "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted "C:\Program Files\Common Files\Wondershare" deleted "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\FEYENO~1\AppData\Local\Temp ==== 2015-08-03 12:17:42 EF4F8E5AA7A1F26ACE7CE33B6C576FD5 10240 ----a-w- C:\Users\Feyenoorder\AppData\Local\Temp\SDIAG_931b473a-28b3-4a67-9e3e-e9bcc82fceeb\NetworkDiagnosticSnapIn.dll ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== 2015-07-28 11:14:28 F56F43BC3788D427AE3D442141F69DD8 923648 ----a-w- C:\WINDOWS\System32\appraiser.dll ====== C:\WINDOWS\system32\drivers ===== 2015-07-15 05:27:06 FC95786AA45FEB81F4330A384E85EA96 22528 -c--a-w- C:\WINDOWS\System32\drivers\mouhid.sys 2015-07-15 05:27:06 8EB53567EB006D50146C2748AEBB01F6 23552 -c--a-w- C:\WINDOWS\System32\drivers\kbdhid.sys 2015-07-15 05:27:06 7A708934CC652100A94944EC808C3916 83456 -c--a-w- C:\WINDOWS\System32\drivers\i8042prt.sys 2015-07-15 05:27:06 616877586D4E3351D135C9ABBCD2DB9A 45888 -c--a-w- C:\WINDOWS\System32\drivers\kbdclass.sys 2015-07-15 05:27:06 4961FAE2D65C25098DB9B6CDD950A2B0 19968 -c--a-w- C:\WINDOWS\System32\drivers\sermouse.sys 2015-07-15 05:27:06 0F5D7D7ED440859CABE967027F74B769 41792 -c--a-w- C:\WINDOWS\System32\drivers\mouclass.sys 2015-07-15 05:27:02 80E4E92B84A45ED2218323201FA518EF 154112 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys 2015-07-15 05:27:02 7C25AC0150ADD25121170A3EC8DFC147 229376 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb10.sys 2015-07-15 05:27:02 55CAC5AC2BDC8AB79BF30A7555189405 147800 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys 2015-07-15 05:27:02 49EDA7967848465645E2D809384D0EBA 328704 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys 2015-07-15 05:27:00 E5D612288806D913E5F28D958152010D 15360 ----a-w- C:\WINDOWS\System32\drivers\usb8023.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-08-07 19:58:34 -------- d-----w- C:\Program Files\trend micro 2015-08-02 08:29:58 -------- d-----w- C:\Program Files\Microsoft ASP.NET ======= C: ===== ====== C:\Users\Feyenoorder\AppData\Roaming ====== 2015-08-04 12:38:40 -------- d-----w- C:\Users\Feyenoorder\AppData\Local\Deployment 2015-07-09 16:58:51 -------- d-----w- C:\Users\Feyenoorder\AppData\Local\TeamViewer ====== C:\Users\Feyenoorder ====== 2015-08-07 19:57:08 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Feyenoorder\Desktop\RSIT.exe 2015-08-07 18:42:45 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2015-08-04 12:41:00 -------- d-----w- C:\Users\Feyenoorder\temp ====== C: exe-files == 2015-08-07 20:11:45 E48B6822BBD291CBE0B25681E1C6B47A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3495224090-2880344782-4187742138-1001\$I1RK8Y2.exe 2015-08-07 19:29:28 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\$Recycle.Bin\S-1-5-21-3495224090-2880344782-4187742138-1001\$R1RK8Y2.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3495224090-2880344782-4187742138-1001\Software\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "BlackBerryLink.exe"="C:\Program Files\Research In Motion\BlackBerry Link\BlackBerryLink.exe /minimize" "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" "Spotify Web Helper"="C:\Users\Feyenoorder\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN" "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap.dll,ShadowPlayOnSystemStart" "SDTray"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" "NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe /s" "Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "RIMBBLaunchAgent.exe"="C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" "RIM PeerManager"="C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" "Wondershare Helper Compact.exe"="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "BlackBerryLink.exe"="C:\Program Files\Research In Motion\BlackBerry Link\BlackBerryLink.exe /minimize" "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" "Spotify Web Helper"="C:\Users\Feyenoorder\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3495224090-2880344782-4187742138-1001Core.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3495224090-2880344782-4187742138-1001UA.job --a-------- C:\Users\Feyenoorder\AppData\Local\Facebook\Update\FacebookUpdate.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [05-09-2014 07:25] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [05-09-2014 07:25] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\system32\tasks\Adobe Flash Player Updater" [C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\system32\tasks\AutoKMS" [C:\WINDOWS\AutoKMS\AutoKMS.exe] "C:\WINDOWS\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3495224090-2880344782-4187742138-1001Core" [C:\Users\Feyenoorder\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3495224090-2880344782-4187742138-1001UA" [C:\Users\Feyenoorder\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\system32\tasks\SmartDefragUpdate" [C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe] "C:\WINDOWS\system32\tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" [C:\Program Files\COMODO\COMODO Internet Security\cistray.exe] "C:\WINDOWS\system32\tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" ["C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"] "C:\WINDOWS\system32\tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\WINDOWS\system32\tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\WINDOWS\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\WINDOWS\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"] "C:\WINDOWS\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe"] "C:\WINDOWS\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe"] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\FEYENO~1\AppData\Roaming\Mozilla\Firefox\Profiles\ht8po6fq.default user_pref("browser.startup.homepage", "www.google.nl"); user_pref("browser.search.defaulturl", "https://www.google.com/search"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("keyword.URL", "https://www.google.com/search"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08-06-2015 13:21] ==== Firefox Extensions ====================== ProfilePath: C:\Users\FEYENO~1\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\cep41ep3.default - CSS Stylesheet Editor - %ProfilePath%\extensions\csseditor@bluegriffon.com.xpi - EyeDropper - %ProfilePath%\extensions\eyedropper@bluegriffon.com.xpi - FontSquirrel Manager - %ProfilePath%\extensions\fs@bluegriffon.com.xpi - Fullscreen - %ProfilePath%\extensions\fullscreen@bluegriffon.com.xpi - Google Font Directory Manager - %ProfilePath%\extensions\gfd@bluegriffon.com.xpi - Czech CZ Language Pack - %ProfilePath%\extensions\langpack-cs@bluegriffon.org.xpi - Deutsch DE Language Pack - %ProfilePath%\extensions\langpack-de@bluegriffon.org.xpi - English US Language Pack - %ProfilePath%\extensions\langpack-en-US@bluegriffon.org.xpi - Espaol Espaa Language Pack - %ProfilePath%\extensions\langpack-es-ES@bluegriffon.org.xpi - Suomenkielinen FI Language Pack - %ProfilePath%\extensions\langpack-fi@bluegriffon.org.xpi - Franais Language Pack - %ProfilePath%\extensions\langpack-fr@bluegriffon.org.xpi - Galego Espaa Language Pack - %ProfilePath%\extensions\langpack-gl@bluegriffon.org.xpi - Hebrew IL Language Pack - %ProfilePath%\extensions\langpack-he@bluegriffon.org.xpi - Magyar HU Language Pack - %ProfilePath%\extensions\langpack-hu@bluegriffon.org.xpi - Italiano IT Language Pack - %ProfilePath%\extensions\langpack-it@bluegriffon.org.xpi - Japanese Language Pack - %ProfilePath%\extensions\langpack-ja@bluegriffon.org.xpi - Korean KR Language Pack - %ProfilePath%\extensions\langpack-ko@bluegriffon.org.xpi - Nederlands NL Language Pack - %ProfilePath%\extensions\langpack-nl@bluegriffon.org.xpi - Polski Language Pack - %ProfilePath%\extensions\langpack-pl@bluegriffon.org.xpi - Slovenski jezik Language Pack - %ProfilePath%\extensions\langpack-sl@bluegriffon.org.xpi - sr Language Pack - %ProfilePath%\extensions\langpack-sr@bluegriffon.org.xpi - Svenska SE Language Pack - %ProfilePath%\extensions\langpack-sv-SE@bluegriffon.org.xpi - Chinese Simplified zh-CN Language Pack - %ProfilePath%\extensions\langpack-zh-CN@bluegriffon.org.xpi - Traditional Chinese zh-TW Language Pack - %ProfilePath%\extensions\langpack-zh-TW@bluegriffon.org.xpi - MathML - %ProfilePath%\extensions\mathml@bluegriffon.com.xpi - Opquast Accessibility First Step - %ProfilePath%\extensions\op1@bluegriffon.com.xpi - Snippets - %ProfilePath%\extensions\snippets@bluegriffon.com.xpi - SVG-edit - %ProfilePath%\extensions\svg-edit@googlegroups.com.xpi - Table Layouts - %ProfilePath%\extensions\tablelayout@bluegriffon.com.xpi - One-click Templates - %ProfilePath%\extensions\templatesManager@bluegriffon.com.xpi - Thumbnailer - %ProfilePath%\extensions\thumbnailer@bluegriffon.com.xpi - Tip of the Day - %ProfilePath%\extensions\tipoftheday@bluegriffon.com.xpi ProfilePath: C:\Users\FEYENO~1\AppData\Roaming\KompoZer\Profiles\09odv3o7.default - Undetermined - %ProfilePath%\extensions\installed-extensions.txt - KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ProfilePath: C:\Users\FEYENO~1\AppData\Roaming\Mozilla\Firefox\Profiles\ht8po6fq.default - Woordenboek Nederlands - %ProfilePath%\extensions\nl-NL@dictionaries.addons.mozilla.org - Nederlands NL Language Pack - %ProfilePath%\extensions\langpack-nl@firefox.mozilla.org.xpi ProfilePath: C:\Users\FEYENO~1\AppData\Roaming\Nvu\Profiles\qppmkni7.default - Undetermined - %ProfilePath%\extensions\installed-extensions.txt - Nvu default - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ProfilePath: C:\Users\FEYENO~1\AppData\Roaming\TomTom\HOME\Profiles\ao5chhaj.default - Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Feyenoorder\AppData\Roaming\Mozilla\Firefox\Profiles\ht8po6fq.default A9E98D1FCB614713E87149FCBE8459F2 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 0FFC7C7A12BD7B0465D97E7745287370 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 52CE0DBFD9738AE528CF525A0367EBEB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 1F352B5944AF5C2204D9EFF7F845C5AF - C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll - Google Update 5AA6E26C21A34C53DAA89544ECDB91BE - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll - RIM Handheld Application Loader E3F807ECC0EF5DEA04D67676672841E4 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION 59FADC9EB6550247497C68D4BA498CC0 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision 607D5DD893D217BCA2449F4A483818B5 - C:\Program Files\Nitro\Pro 8\npnitromozilla.dll - Nitro PDF plugin for Firefox and Chrome EAEBA8F5241F799498996249C7FD38C7 - c:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll - Silverlight Plug-In FD82108FD60B63010325D9AF6F00AF99 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll - Shockwave Flash 55B4AD8C254E4A0C1BE28302A52AEB5E - c:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrlui.dll - Microsoft® Silverlight BBAFE24293695D557DC2319346C316A7 - C:\Program Files\Nitro\Pro 8\npnitroie.dll - Nitro PDF plugin for Internet Explorer BC487C715486F7BFD9D88FAB92549BFA - C:\Program Files\Nitro\Pro 8\npdf.dll - Nitro PDF Library A9657C67E350EA087350DA5895307E54 - C:\Program Files\Nitro\Pro 8\NPShellExtension.dll - Nitro Pro ShellExtension ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.130 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06-06-2015 11:32] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions bbjllphbppobebmjpjcijfbakobcheof - No path found[] Google Docs - Feyenoorder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Feyenoorder\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Rapport - Feyenoorder\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof YouTube - Feyenoorder\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Feyenoorder\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Avast Online Security - Feyenoorder\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Chrome Web Store Payments - Feyenoorder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Feyenoorder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Feyenoorder\AppData\Local\Google\Chrome\User Data\Default\Preferences 88EDB992A2A622CA0060A9E5C0A949308D2E48180F4F4DDD36CFC89934","ennkphjdgehloodpbhlhldgbnhmacadg":"37019014A4325B5E8BEA7581CC070372FAAEB627992C057795F78B07BF8D1090","felcaaldnbdncclmgdcncolpebgiejap":"DA42DD5B5A74D9F8799E790340695C0BFFC49C7DCC9BC90849B7D88B5620C496","gfdkimpbcpahaombhbimeihdjnejgicl":"F200E072A5538D3BA11C1377AB9DDF7B931DA539112D98885A5754368B8C60D9","gomekmidlodglbbmalcneegieacbdmki":"C53121179559262E8A893FC2A206675184C64B20D748E67CDBF43B873AAD071F","kmendfapggjehodndflmmgagdbamhnfd":"BB30AFC22E0911270461A7B498E29ECF79C0FC5017545852F7B1045AD5634885","mfehgcgbbipciphmccgaenjidiccnmng":"0FAB1FD5B8CB20A9D76CC03B5DA09CEB22ADE5DD9E7B09AD6E396AA605D46768","mgndgikekgjfcpckkfioiadnlibdjbkf":"3A69FCF6CB9268491E768DD29E0C4E44E4E6BF4103A2CDD6C467926B654E3580","mhjfbmdgcfjbbpaeojofohoefgiehjai":"28BD193B5C0474FE55BEEBC95BDC74573DE2DC4A78B89192113CB71C866114C0","neajdppkdcdipfabeoofebfddakdcjhd":"CF7E18040FE9E08D667E28E2C3DC660999BBC144FB10D6C3D987E780C3A9294C","nkeimhogjdpnpccoofpliimaahmaaome":"093F1840D33BD7EDF2BE1B810AC86E934BB730728B9BA7A53EC0C66B21119E6A","nmmhkkegccagdldgiimedpiccmgmieda":"71F1077A678C71216F647FBC242A5237BAB4D11857752A6034006E29E8DBA8EB","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"5B891944D5D4615A95DBDBB5DEC0E92A7D1A5FB9F0A452682E204E6B21B07603","pjkljhegncpnkpknbcohdijeoejaedia":"2A79786F789762F9860E1B92F4FA3D6E5BB14BD228F397071312AB0B5E6576F9"}},"google":{"services":{"account_id":"3FB0DFE041690A7C9EE4C01CB4826A36F03E4B98F33658CB38D42E4F5E3AF188","last_username":"04794D81140FFAFA61B0E3FCC3274843F73BC817075E0ABD9203E027E6A9CE8B","username":"4D102A672953BC89F7AB36BFD98F66232F508D20C9FBCA13D26685F6CA6F3B42"}},"homepage":"5C7ECDF72F899AB34E6BAC616019B28279211FC18206CB385040B6A0C4416B6B","homepage_is_newtabpage":"1EA95E771BC0743228F6F457127A7B9FF4F8B3C4C5AEFC8ED3D1D3F4E9877503","pinned_tabs":"1C188987FADE94713B017D35B5A3746C8F6E578AC359F9954BDCF1A576B9A2F9","prefs":{"preference_reset_time":"12415C08B33A2A5193C1D9A18DF6EED9F09E4B71A231B858F3B8CF5CB4411608"},"profile":{"reset_prompt_memento":"277A58168212DEA985A7577D1906D5525A30ECF5212A4324D29A6DAFEDC833C6"},"safebrowsing":{"incidents_sent":"9EAF7B433487B394B1C6363513344CFEFB4023446CB078FB4EC73C0F68C3F3A1"},"search_provider_overrides":"1F2DBE444EC07D7E1A3EA5FF03D8079F74E7954B9280EA858C2C2D278115F6F3","session":{"restore_on_startup":"ABE11F6CDAEF66204BD7F616911219FE85CDE9308FAE2D13F76D133B1A218A5F","startup_urls":"4AA4749EE50A41EF4220D939D19EAFF27F7EBBB7505C1F0F91131B696AB70EB5"},"software_reporter":{"prompt_reason":"427DB79A5B79AFB969B871803A2D9C1F2AADB909F936C250162FF108EEFCFBA0","prompt_seed":"9F7CB7D2225E020A13CDDE086A003125A0843906F7A9DE1BA91350A6D9696C44","prompt_version":"47A680E099DAE67BD5CC014D28DD95A92BAA8E155B729EB972D8B344200FC5D2"},"sync":{"remaining_rollback_tries":"36FA7A5739205C00FC9CD8556A54A1534F0BD28DED4BB3982A31F8F2A2896EE7"}},"super_mac":"08169C4CE218A684B9CEED320AD60FE0BC3335D2A0EA45CBEF4049C77DE6D12B"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/"]},"sync":{"remaining_rollback_tries":0}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" "Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully ==== Empty IE Cache ====================== C:\Users\Feyenoorder\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Feyenoorder\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Feyenoorder\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Feyenoorder\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Feyenoorder\AppData\Local\Mozilla\Firefox\Profiles\ht8po6fq.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Feyenoorder\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=160 folders=50 177729143 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Feyenoorder\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\FEYENO~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 08-08-2015 at 11:13:58,21 ======================