Zoek.exe v5.0.0.0 Updated 26-09-2015 Tool run by Jrgen - Nancy on za 26/09/2015 at 18:50:39,74. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jürgen - Nancy\Downloads\!TE DOEN\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-05-29-092829.log 47404 bytes ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\Wondershare deleted successfully C:\Program Files\log deleted successfully C:\Users\Jrgen - Nancy\AppData\Roaming\Wondershare Video Converter Ultimate deleted successfully C:\Users\Jrgen - Nancy\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully C:\Users\Jrgen - Nancy\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Jrgen - Nancy\AppData\Local\EmieSiteList deleted successfully C:\Users\Jrgen - Nancy\AppData\Local\EmieUserList deleted successfully C:\Users\Jrgen - Nancy\AppData\Local\{398556F7-2CBF-4D3A-B47E-3E1061BBEDEF} deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Wondershare Helper Compact.exe"=- "DelaypluginInstall"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Wondershare not found C:\Users\Jürgen - Nancy\AppData\Roaming\istartsurf not found C:\Users\Jürgen - Nancy\AppData\Roaming\AtomicAlarmClock.ini not found C:\Users\Jürgen - Nancy\AppData\Roaming\cdr.ini not found C:\Users\Jürgen - Nancy\AppData\Roaming\GetRightToGo not found C:\Users\Jürgen - Nancy\AppData\Local\Wondershare not found "C:\Users\Jürgen - Nancy\AppData\Roaming\AVG" not found "C:\Users\Jürgen - Nancy\AppData\Roaming\Sun" not found "C:\Users\Jürgen - Nancy\AppData\Roaming\vlc" not found "C:\Users\Jürgen - Nancy\AppData\Roaming\Leawo" not found "C:\Users\Jürgen - Nancy\AppData\Roaming\Movavi" not found "C:\Users\Jürgen - Nancy\AppData\Roaming\Winamp" not found "C:\Users\Jürgen - Nancy\AppData\Roaming\Winter" not found "C:\Users\Jürgen - Nancy\AppData\Roaming\AnvSoft" not found "C:\Users\Jürgen - Nancy\AppData\Roaming\tiger-k" not found "C:\Users\Jürgen - Nancy\AppData\Roaming\_MDLogs" not found C:\ProgramData\Wondershare deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\Wondershare Video Converter Ultimate deleted C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted C:\PROGRA~3\{B12D13C3-76FD-479D-AD99-8C6F18156BC9} deleted C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted "C:\Program Files (x86)\Common Files\Wondershare" deleted "C:\PROGRA~2\COMMON~1\Wondershare" deleted "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\JRGEN-~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-09-09 12:47:05 E4DC0909B5EACB5BF50F6252095BCFF2 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-09-09 12:47:05 A405647429DE231CD954D93F792CFBA2 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-09-09 12:47:04 62CEA59FF56B66154E08BD51D87392C2 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2015-09-09 12:47:04 43E1F4B0EFDC244D2A83995CCD7846F7 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-09-09 12:47:03 7D65B5E9573A26C204AA547457DBF544 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-09-09 12:46:21 A0711D119BA4B48A1470C768D301013E 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-08-29 20:22:07 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Jrgen - Nancy\AppData\Roaming ====== 2015-08-29 20:21:39 -------- d-----w- C:\Users\Jürgen - Nancy\AppData\Roaming\Sun 2015-08-29 20:20:20 -------- d-----w- C:\Users\Jürgen - Nancy\AppData\Locallow\Oracle ====== C:\Users\Jrgen - Nancy ====== 2015-08-29 20:21:39 -------- d-----w- C:\Users\Jürgen - Nancy\.oracle_jre_usage ====== C: exe-files == === C: other files == 2015-09-25 14:38:12 FC0312E38B3F40F7C20E1ABE1A6B2690 25491 ----a-w- C:\Users\Jürgen - Nancy\Downloads\!TE DOEN\!\san-andreas-dutch-yify-66977.zip 2015-09-24 22:30:26 EB38175E6EF7F9700636B51A8D49885C 57646 ----a-w- C:\Users\Jürgen - Nancy\Downloads\!TE DOEN\!\shes-funny-that-way-english-yify-66891.zip 2015-09-24 22:29:41 D721CE990B6FA96D0A860E650ACC0BB1 50142 ----a-w- C:\Users\Jürgen - Nancy\Downloads\!TE DOEN\!\interstellar-dutch-yify-42295.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3597228709-2799698942-2323137413-1000\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\S-1-5-21-3597228709-2799698942-2323137413-1007\Software\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-3597228709-2799698942-2323137413-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Jrgen - Nancy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jrgen - Nancy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64" "Uninstall C:\Users\Jrgen - Nancy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jrgen - Nancy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714" [HKEY_USERS\S-1-5-21-3597228709-2799698942-2323137413-1007\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "ContentTransferWMDetector.exe"="C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" "PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" "WinampAgent"="C:\Program Files (x86)\Winamp\winampa.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Jrgen - Nancy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jrgen - Nancy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64" "Uninstall C:\Users\Jrgen - Nancy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jrgen - Nancy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background" "PC-Doctor for Windows localizer"="C:\Program Files\PC-Doctor for Windows\localizer.exe" "Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "Google Update"="\"C:\\Users\\Jrgen - Nancy\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "HP Software Update"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" "Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPADVISOR] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPADVISOR" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\HPAdvisor.exe view=DOCKVIEW" ==== Startup Folders ====================== 2014-12-01 14:26:48 1032 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk 2013-07-14 11:45:02 2101 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CLMLSvc" [c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DVDAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe] "C:\Windows\SysNative\tasks\ExtendedServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\Jrgen - Nancy\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\Orb Startup" [C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe] "C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-3597228709-2799698942-2323137413-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-3597228709-2799698942-2323137413-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\NCH Swift Sound\switchShakeIcon" [C:\Program Files (x86)\NCH Swift Sound\Switch\Switch.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2015-05-10 08:40:27 -------- d-----w- C:\PROGRA~3\Oracle ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\JRGEN-~1\AppData\Roaming\Mozilla\Firefox\Profiles\0 user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); ProfilePath: C:\Users\JRGEN-~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [14/07/2013 13:46] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Chromium Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1439148949&z=e765389bd054b9a8bdc9093gbzec3t0gbz8b4b0m0g&from=cor&uid=WDCXWD10EADS-65M2BX_WD-WCAV5824589345893&q={searchTerms}" "Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1439148949&z=e765389bd054b9a8bdc9093gbzec3t0gbz8b4b0m0g&from=cor&uid=WDCXWD10EADS-65M2BX_WD-WCAV5824589345893" "Start Page"="http://www.istartsurf.com/?type=hp&ts=1439148949&z=e765389bd054b9a8bdc9093gbzec3t0gbz8b4b0m0g&from=cor&uid=WDCXWD10EADS-65M2BX_WD-WCAV5824589345893" "Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1439148949&z=e765389bd054b9a8bdc9093gbzec3t0gbz8b4b0m0g&from=cor&uid=WDCXWD10EADS-65M2BX_WD-WCAV5824589345893&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1439148949&z=e765389bd054b9a8bdc9093gbzec3t0gbz8b4b0m0g&from=cor&uid=WDCXWD10EADS-65M2BX_WD-WCAV5824589345893&q={searchTerms}" "Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1439148949&z=e765389bd054b9a8bdc9093gbzec3t0gbz8b4b0m0g&from=cor&uid=WDCXWD10EADS-65M2BX_WD-WCAV5824589345893" "Start Page"="http://www.istartsurf.com/?type=hp&ts=1439148949&z=e765389bd054b9a8bdc9093gbzec3t0gbz8b4b0m0g&from=cor&uid=WDCXWD10EADS-65M2BX_WD-WCAV5824589345893" "Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1439148949&z=e765389bd054b9a8bdc9093gbzec3t0gbz8b4b0m0g&from=cor&uid=WDCXWD10EADS-65M2BX_WD-WCAV5824589345893&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.istartsurf.com/web/?type=ds&ts=1439148949&z=e765389bd054b9a8bdc9093gbzec3t0gbz8b4b0m0g&from=cor&uid=WDCXWD10EADS-65M2BX_WD-WCAV5824589345893&q={searchTerms}" "CustomizeSearch"="http://www.istartsurf.com/web/?type=ds&ts=1439148949&z=e765389bd054b9a8bdc9093gbzec3t0gbz8b4b0m0g&from=cor&uid=WDCXWD10EADS-65M2BX_WD-WCAV5824589345893&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.istartsurf.com/web/?type=ds&ts=1439148949&z=e765389bd054b9a8bdc9093gbzec3t0gbz8b4b0m0g&from=cor&uid=WDCXWD10EADS-65M2BX_WD-WCAV5824589345893&q={searchTerms}" "CustomizeSearch"="http://www.istartsurf.com/web/?type=ds&ts=1439148949&z=e765389bd054b9a8bdc9093gbzec3t0gbz8b4b0m0g&from=cor&uid=WDCXWD10EADS-65M2BX_WD-WCAV5824589345893&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {B3F21F8A-5E8D-4245-86E1-9A5BEEC62229} Google Url="http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7ADSA_nl" {F71D9DCE-B6DB-44FD-A2CB-5608C24BA223} Microsoft Url="http://search.microsoft.com/results.aspx?mkt=en-GB&setlang=en-GB&q={searchTerms}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jürgen - Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jürgen - Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\J?rgen - Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\J?rgen - Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\J³rgen - Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\J³rgen - Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=104 folders=70 193064326 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Jürgen - Nancy\AppData\Local\Temp emptied successfully C:\Users\J?rgen - Nancy\AppData\Local\Temp emptied successfully C:\Users\J³rgen - Nancy\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\JRGEN-~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on za 26/09/2015 at 19:42:58,65 ======================