Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Stefaan on ma 31/08/2015 at 17:17:36,10. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Stefaan\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 31/08/2015 17:19:38 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Users\Stefaan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Monitor {7842554E-6BED-11D2-8CDB-B05550C10000} C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\Program Files\McAfee deleted successfully C:\Users\Stefaan\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Stefaan\AppData\Local\CutePDF Writer deleted successfully C:\Users\Stefaan\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Stefaan\AppData\Local\EmieSiteList deleted successfully C:\Users\Stefaan\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-685951949-2487222117-567623259-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-685951949-2487222117-567623259-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-685951949-2487222117-567623259-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 7-Zip 9.20 (x64 edition) Acer Launch Manager Acer Power Management Acer Recovery Management Adobe AIR Adobe Reader XI (11.0.12) - Nederlands Adobe Refresh Manager Apple Application Support Apple Software Update AVG 2015 AVG Web TuneUp Bing Bar Broadcom 802.11 Network Adapter Combined Community Codec Pack 2014-07-13 CutePDF Writer 3.0 CyberLink PhotoDirector 3 CyberLink Power Media Player 12 CyberLink PowerDirector 10 Dropbox Foxit PhantomPDF HP Deskjet 2510 series Basissoftware van het apparaat HP Deskjet 2510 series Help HP Deskjet 2510 series Productverbeteringsonderzoek HP Deskjet 2510 series Setup Guide HP Photo Creations HP Update Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Serial IO Intel© Trusted Connect Service Client Microsoft Office 365 - nl-nl Microsoft OneDrive Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component QuickTime 7 Realtek Card Reader Realtek Ethernet Controller Driver Realtek High Definition Audio Driver SkypeT 7.0 Spotify Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VLC media player WIDCOMM Bluetooth Software ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\avg2015\avgidsagent.exe R2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\avg2015\avgwdsvc.exe R2 - [btwdins] - Bluetooth Service - c:\program files\widcomm\bluetooth software\btwdins.exe R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe R2 - [LMSvc] - Launch Manager Service - c:\program files\acer\acer launch manager\lmsvc.exe R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe R2 - [vToolbarUpdater40.1.6] - vToolbarUpdater40.1.6 - c:\program files (x86)\common files\avg secure search\vtoolbarupdater\40.1.6\toolbarupdater.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R2 - [WtuSystemSupport] - WtuSystemSupport - c:\program files (x86)\avg web tuneup\wtusystemsupport.exe R3 - [BBUpdate] - BBUpdate - c:\program files (x86)\microsoft\bingbar\7.1.355.0\seaport.exe R3 - [ePowerSvc] - ePower Service - c:\program files\acer\acer power management\epowersvc.exe R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S2 - [BBSvc] - BingBar Service - c:\program files (x86)\microsoft\bingbar\7.1.355.0\bbsvc.exe S2 - [BcmBtRSupport] - Bluetooth Driver Management Service - c:\windows\system32\btwrsupportservice.exe S2 - [McAfee SiteAdvisor Service] - McAfee SiteAdvisor Service - c:\progra~2\mcafee\siteadvisor\mcsacore.exe [x] S2 - [McAPExe] - McAfee AP Service - c:\program files\mcafee\msc\mcapexe.exe [x] S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe x2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfee SiteAdvisor Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater40.1.6 deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] @=- ==== Deleting Files \ Folders ====================== C:\Users\Stefaan\AppData\Local\AVG Web TuneUp deleted C:\Program Files\AVG Web TuneUp deleted C:\Users\Public\Pokki deleted C:\PROGRA~3\AVG Web TuneUp deleted C:\PROGRA~3\Avg_Update_0215tb deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\Pokki deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\Package Cache deleted C:\Users\Default\AppData\Local\Pokki deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Stefaan\AppData\LocalLow\AVG Web TuneUp deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\PROGRA~2\AVG Web TuneUp\avgcefrend.exe" deleted "C:\PROGRA~2\AVG Web TuneUp\icudt.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\libcef.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\vprot.exe" deleted "C:\PROGRA~2\AVG Web TuneUp\locales\en-US.pak" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\40.1.6\avgdttbx.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\40.1.6\log4cplusU.dll" deleted "C:\PROGRA~2\AVG Web TuneUp" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\PROGRA~2\AVG Web TuneUp\locales" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\40.1.6" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\40.1.6" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-08-12 14:59:55 FC2EA5BD5307D2CFA5AAA38E0C0DDCE9 221184 ----a-w- C:\Windows\notepad.exe ====== C:\Users\Stefaan\AppData\Local\Temp ==== 2015-08-31 15:08:18 E6794640B6725B5606EEB67D53F03D14 71168 ----a-w- C:\Users\Stefaan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk03nqe.dll 2015-08-30 15:48:01 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Stefaan\AppData\Local\Temp\GURE8.exe 2015-08-30 13:32:18 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Stefaan\AppData\Local\Temp\GURC3EA.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-08-19 16:24:46 A98799EBA5BAABF1AB2BAFCE488FC9F9 19871232 ----a-w- C:\Windows\SysWOW64\mshtml.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-08-19 16:24:47 E5F2BB962F84A8F8D996FEA33F4C817B 25191936 ----a-w- C:\Windows\Sysnative\mshtml.dll ====== C:\Windows\Sysnative\drivers ===== 2015-08-12 17:02:49 CE67080F00E0AF32755096CEA6430ABA 114520 ----a-w- C:\Windows\Sysnative\drivers\WdNisDrv.sys 2015-08-12 17:02:49 81285DDC994F03379DB46419300B2DCB 44560 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys 2015-08-12 17:02:49 26B8FED3F3B85F5F0C4BD03FD00B9941 270168 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys 2015-08-12 17:02:37 97DC5967F65503213FD1F1B3E4A6F983 1113944 ----a-w- C:\Windows\Sysnative\drivers\ndis.sys 2015-08-12 17:02:36 746DDF7D59AB8D721C88D48434597E8D 2476376 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2015-08-12 17:02:36 25991A1635AF725E9DC840A6A36824EC 428888 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2015-08-12 15:00:40 9A788037D768809DFD677F4BA08A224A 101720 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-08-30 12:07:58 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Stefaan\AppData\Roaming ====== 2015-08-12 16:01:38 C49C3EF102E10568F8DC1CEE669DB707 261504 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2015-08-12 09:37:23 -------- d-----w- C:\Users\Stefaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ====== C:\Users\Stefaan ====== 2015-08-30 14:55:56 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Stefaan\Desktop\RSITx64.exe 2015-08-30 14:54:27 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Stefaan\Downloads\RSITx64.exe ====== C: exe-files == 2015-08-30 15:48:01 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Stefaan\AppData\Local\Temp\GURE8.exe 2015-08-30 14:55:56 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Stefaan\Desktop\RSITx64.exe 2015-08-30 14:54:27 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Stefaan\Downloads\RSITx64.exe 2015-08-30 14:53:39 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\IE\M1S0QF0F\RSITx64.exe 2015-08-30 13:32:18 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Stefaan\AppData\Local\Temp\GURC3EA.exe 2015-08-30 12:07:59 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Stefaan.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-685951949-2487222117-567623259-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "Dropbox Update"="C:\Users\Stefaan\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "abDocsDllLoader"="C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "vProt"="C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "Dropbox Update"="C:\Users\Stefaan\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Startup Folders ====================== 2015-02-20 18:07:06 1157 ----a-w- C:\Users\Stefaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2015-02-23 13:28:45 1950 ----a-w- C:\Users\Stefaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 2510 series.lnk 2015-03-12 19:48:34 1133 ----a-w- C:\Users\Stefaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk 2014-08-20 05:04:13 850 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-685951949-2487222117-567623259-1001Core.job --a-------- C:\Users\Stefaan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [13/06/2015 05:58] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-685951949-2487222117-567623259-1001UA.job --a-------- C:\Users\Stefaan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [13/06/2015 05:58] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-685951949-2487222117-567623259-1001Core" [C:\Users\Stefaan\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-685951949-2487222117-567623259-1001UA" [C:\Users\Stefaan\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\FUB" ["C:\Program Files (x86)\Acer\Care Center\FUB.bat"] "C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 2510 series" ["C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\Launch Manager" ["C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe"] "C:\Windows\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe"] "C:\Windows\SysNative\tasks\Software Update Application" ["C:\ProgramData\OEM\UpgradeTool\ListCheck.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{4053A966-FDC3-44E1-896A-91B18BCF00E6}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Recovery Management\Notification" [C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2015-06-13 03:58:01 -------- d-----w- C:\PROGRA~3\Dropbox ==== Chromium Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{9664E684-37DF-429F-B66C-8D4B165DF2F2}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {9664E684-37DF-429F-B66C-8D4B165DF2F2} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-685951949-2487222117-567623259-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-685951949-2487222117-567623259-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-685951949-2487222117-567623259-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9664E684-37DF-429F-B66C-8D4B165DF2F2} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9664E684-37DF-429F-B66C-8D4B165DF2F2} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9664E684-37DF-429F-B66C-8D4B165DF2F2} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\IE\7H3P2YNI will be deleted at reboot C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\IE\E1LBE127 will be deleted at reboot C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\IE\FYYT4108 will be deleted at reboot C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\IE\LDUJV6W5 will be deleted at reboot C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\IE\P3JRS4KO will be deleted at reboot C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\IE\RAYBM6W1 will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=6782 folders=221 1102508417 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Stefaan\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Stefaan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\IE\7H3P2YNI" not found "C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\IE\E1LBE127" not found "C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\IE\FYYT4108" not found "C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\IE\LDUJV6W5" not found "C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\IE\P3JRS4KO" not found "C:\Users\Stefaan\AppData\Local\Microsoft\Windows\INetCache\IE\RAYBM6W1" not found ==== EOF on ma 31/08/2015 at 17:45:16,84 ======================