Zoek.exe v5.0.0.1 Updated 19-November-2015 Tool run by Maarten on vr 20/11/2015 at 22:22:32,15. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Maarten\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 20/11/2015 22:24:15 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~3\PCSettings deleted successfully C:\Users\Maarten\AppData\Roaming\tiger-k deleted successfully C:\Users\Maarten\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Maarten\AppData\Local\EmieSiteList deleted successfully C:\Users\Maarten\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\greentree applications deleted C:\found.000 deleted C:\Users\Maarten\AppData\Roaming\trace_FilterInstaller.1.txt deleted C:\Users\Maarten\AppData\Roaming\trace_FilterInstaller.2.txt deleted C:\Users\Maarten\AppData\Roaming\trace_FilterInstaller.3.txt deleted C:\Users\Maarten\AppData\Roaming\trace_FilterInstaller.4.txt deleted C:\Users\Maarten\AppData\Roaming\trace_FilterInstaller.5.txt deleted C:\Users\Maarten\AppData\Roaming\trace_FilterInstaller.6.txt deleted C:\Users\Maarten\AppData\Roaming\trace_FilterInstaller.7.txt deleted C:\Users\Maarten\AppData\Roaming\trace_FilterInstaller.8.txt deleted C:\Users\Maarten\AppData\Roaming\trace_FilterInstaller.9.txt deleted C:\Users\Maarten\AppData\Roaming\trace_FilterInstaller.txt deleted C:\Users\Maarten\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt deleted C:\Users\Maarten\AppData\Roaming\mplex-log.log deleted C:\PROGRA~3\ytd video downloader deleted C:\Users\Maarten\AppData\Local\Software deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted C:\Users\Public\Desktop\YTD Video Downloader.lnk deleted "C:\ProgramData\mntemp" deleted "C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\FMUpdater.dll" deleted "C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe" deleted "C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Maarten\AppData\Local\Temp ==== ====== Java Cache ===== 2015-10-29 22:23:22 4F85459CEC4F78A3987FFFD5B6A816C5 605 ----a-w- C:\Users\Maarten\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\52c00ce5-19232a16 2015-10-29 22:23:22 4CAE723DC12FE10811C2F7F5B36E82E9 428 ----a-w- C:\Users\Maarten\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\52c00ce5-78e96a5ccf5c5b6a29dcdffe1d16c989d010904d54059e7b28aad8dacf6a56c9-6.0.lap 2015-10-29 22:23:23 C9588417B10E1D770E3E5DA1F3510AE5 8425 ----a-w- C:\Users\Maarten\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\298d42d-416ab394 2015-10-29 22:23:27 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Maarten\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\c8dc66e-733c6f98 ====== C:\WINDOWS\SysWOW64 ===== 2015-11-12 16:25:13 668AF48D5010DE968952BB4A8EEB6744 1096704 ----a-w- C:\WINDOWS\SysWOW64\gdi32.dll 2015-11-12 16:25:11 F96956BBED66937350B360497AAA4EE2 507392 ----a-w- C:\WINDOWS\SysWOW64\untfs.dll 2015-11-12 13:33:57 AEC3471F4ABB8E13B5246E93A8FA98AB 561664 ----a-w- C:\WINDOWS\SysWOW64\nshwfp.dll 2015-11-12 13:33:56 66BA7437F48833EA0D8F10EE1E7A43AA 272384 ----a-w- C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2015-11-12 13:32:56 DDFA49437E3A0EA81AECE3C384646768 359424 ----a-w- C:\WINDOWS\SysWOW64\schannel.dll 2015-11-12 13:32:56 816CD860AD69204C5A7F447234BBA0A4 120376 ----a-w- C:\WINDOWS\SysWOW64\ncrypt.dll 2015-11-12 13:32:56 4164DA5300F98AD06DB6C7CEE7ED3EE0 340872 ----a-w- C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2015-11-12 13:32:56 2FC5CBABD96D822BA2C880D2B287AEC5 324096 ----a-w- C:\WINDOWS\SysWOW64\certcli.dll 2015-11-12 13:32:56 1251205D2999D9B20EB19E08681065A0 91416 ----a-w- C:\WINDOWS\SysWOW64\ncryptsslp.dll 2015-11-12 13:32:55 BD79285BF1821B8EB313F5BE4C1A30C7 367104 ----a-w- C:\WINDOWS\SysWOW64\puiobj.dll 2015-11-12 13:32:55 AD89E4F50EA593ED82784E647D6478CF 803328 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll 2015-11-12 13:32:54 D0FFF94F52DA69495C53F1DB254B2A0A 124928 ----a-w- C:\WINDOWS\SysWOW64\wuwebv.dll 2015-11-12 13:32:54 86EA09D166870771FF1989671E02B8C3 81920 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll 2015-11-12 13:32:54 8206C83F1FB7D8DB8BF5040BD9E674DB 29696 ----a-w- C:\WINDOWS\SysWOW64\wuapp.exe 2015-11-12 13:32:54 0A69C92E5D0320923D44576D0B4FBBE2 721920 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll 2015-11-12 13:32:52 D49701891D475F61B23BA4DBEF6E71EC 20331520 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2015-11-12 13:32:51 ECB3E36B098F8C9BE9DFD6CF38BDBE69 663552 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll 2015-11-12 13:32:51 9A555780545211BD2DD89575088C39F4 2279936 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2015-11-12 13:32:51 91220E779EDE9C3511C42ECDAA58192B 504832 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2015-11-12 13:32:51 832CA97817B20B74E2D74A8154630311 2011136 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2015-11-12 13:32:51 7FA7A377F32A3D8F2EE4128CF127EB93 710144 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-11-12 13:32:51 7B2F5324F28C71D69BC087E27B0BE7AE 12854272 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2015-11-12 13:32:51 5AAEB88DF7F09677E9C8C849D4915132 4527616 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2015-11-12 13:32:51 51745A1639D4181E6EBA1F173B4E6584 880128 ----a-w- C:\WINDOWS\SysWOW64\inetcomm.dll 2015-11-12 13:32:51 2F898AFA929824861737488746FD5B47 689152 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2015-11-12 13:32:51 25E81C8C9AE6251F472AD3677DE829E0 1311744 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-11-12 16:25:12 23E9833ADB8D04EBCCCC5BD28E072ACE 1380048 ----a-w- C:\WINDOWS\Sysnative\gdi32.dll 2015-11-12 16:25:11 57C10952ED978E2BF24D904B291C8C0C 558080 ----a-w- C:\WINDOWS\Sysnative\untfs.dll 2015-11-12 16:25:11 1708E23F8FC2DDE8560A6EC60D942935 183368 ----a-w- C:\WINDOWS\Sysnative\AuthHost.exe 2015-11-12 13:33:57 AF8A43C376F83A4A1E7DA16461EDE114 1083904 ----a-w- C:\WINDOWS\Sysnative\IKEEXT.DLL 2015-11-12 13:33:57 2DA8D165A37833EF0C60FEC24D4DF66A 713216 ----a-w- C:\WINDOWS\Sysnative\nshwfp.dll 2015-11-12 13:33:56 8F2AD111B47A190F325EE7495D3C1803 845312 ----a-w- C:\WINDOWS\Sysnative\BFE.DLL 2015-11-12 13:33:56 4D3905777E83DA8C466344797F02EBA5 422400 ----a-w- C:\WINDOWS\Sysnative\FWPUCLNT.DLL 2015-11-12 13:32:56 F870427E908CCDE2C2DD22E23AAA383D 1441280 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2015-11-12 13:32:56 B8E00D5F2EE6AB7FA96C3A1C18535AC9 106952 ----a-w- C:\WINDOWS\Sysnative\ncryptsslp.dll 2015-11-12 13:32:56 AD58532512F0257BF1E85E7D678F162E 397224 ----a-w- C:\WINDOWS\Sysnative\bcryptprimitives.dll 2015-11-12 13:32:56 8C08E7FA48A04A163EAEBCBDE683C36C 137960 ----a-w- C:\WINDOWS\Sysnative\ncrypt.dll 2015-11-12 13:32:56 5ED15CB77AEFBF89634BA6E165484467 445440 ----a-w- C:\WINDOWS\Sysnative\certcli.dll 2015-11-12 13:32:56 03A24C438626230DD55BA36654871626 432640 ----a-w- C:\WINDOWS\Sysnative\schannel.dll 2015-11-12 13:32:55 C3838F0B943E21CB254568AD76C4E970 1091584 ----a-w- C:\WINDOWS\Sysnative\localspl.dll 2015-11-12 13:32:55 9794010486A884C30555AD6B33C50382 1487008 ----a-w- C:\WINDOWS\Sysnative\winresume.efi 2015-11-12 13:32:55 926C753C058B5E589CF38AAC72166702 414559 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml 2015-11-12 13:32:55 83768EB0A0B48F4F5F28045830E16D6C 7455064 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2015-11-12 13:32:55 72350EBADEF82F8B3587D57C3711408B 990208 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll 2015-11-12 13:32:55 704A9947D4A8323FA8B1508340B3A27E 477184 ----a-w- C:\WINDOWS\Sysnative\puiobj.dll 2015-11-12 13:32:55 4CA91F030529AB0F3924BD412695B71C 1659560 ----a-w- C:\WINDOWS\Sysnative\winload.efi 2015-11-12 13:32:55 3DA758220C9058C5CCE8173B0F1C702A 1355848 ----a-w- C:\WINDOWS\Sysnative\winresume.exe 2015-11-12 13:32:55 378E3D622D254A881FF069E6621C876E 1519592 ----a-w- C:\WINDOWS\Sysnative\winload.exe 2015-11-12 13:32:54 D25E41F7C25C719884757B6719341B0E 140288 ----a-w- C:\WINDOWS\Sysnative\wuwebv.dll 2015-11-12 13:32:54 9B0C03B87042841F0CADB56543041A6D 409088 ----a-w- C:\WINDOWS\Sysnative\WUSettingsProvider.dll 2015-11-12 13:32:54 865BDE0984C7794800A582D70F186AFE 136904 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe 2015-11-12 13:32:54 77C6AE7161C294C6DA99A672D97554B8 95744 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll 2015-11-12 13:32:54 72C73AB9D76D70D5B006D35BF3B45EF6 2243072 ----a-w- C:\WINDOWS\Sysnative\wucltux.dll 2015-11-12 13:32:54 4BD3138EF061E24F9FDC722B49274B40 3705856 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2015-11-12 13:32:54 108458AAA3B4E6DA4609743263F6B4CE 35840 ----a-w- C:\WINDOWS\Sysnative\wuapp.exe 2015-11-12 13:32:54 0D05B5D7D0E6D97EC97D2241B221A254 891904 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll 2015-11-12 13:32:53 67D3A8E2F5DECD6B6F7194BBF58696E6 25818624 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2015-11-12 13:32:52 1DF0E083D4D067B5798504CC3009F21C 14457856 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2015-11-12 13:32:51 FBF2564A3F45F69A5D56D30129635691 817664 ----a-w- C:\WINDOWS\Sysnative\jscript.dll 2015-11-12 13:32:51 DC1AE8930979FCDC137F44B848556439 801280 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2015-11-12 13:32:51 B9DFC06F70545E14A0704698FBD9F926 2886656 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2015-11-12 13:32:51 95F3687EF1486833AC713A23C671B397 720896 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2015-11-12 13:32:51 82DCCAEDD8E994AC48A61102AC9FFF36 1032704 ----a-w- C:\WINDOWS\Sysnative\inetcomm.dll 2015-11-12 13:32:51 7EFA2CD22DB05CBC41FF77E16431EF3B 5990912 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2015-11-12 13:32:51 5EE8E2E6BFFC9DA9D816A62B904116CD 585728 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2015-11-12 13:32:51 1275AFB2B4E55172F0AE939311F95468 800768 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2015-11-12 13:32:51 08D283FD8FEC1B45932783E8640C700F 1547264 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2015-11-12 13:32:51 033E70DEEE5FED5E9A3E197A2DB1A618 2487808 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2015-11-12 13:32:44 1351BB1EBB3D5CD7BA6BA0469EC690E8 4176384 ----a-w- C:\WINDOWS\Sysnative\win32k.sys ====== C:\WINDOWS\Sysnative\drivers ===== 2015-11-12 21:50:10 A556768CC1FA4F36022BEE2F0EDE2566 26880 ----a-w- C:\WINDOWS\Sysnative\drivers\wdcsam64.sys 2015-11-12 16:25:14 80A2FC1A089A71F2DBE5D8394FFB009F 155480 -c--a-w- C:\WINDOWS\Sysnative\drivers\tpm.sys 2015-11-12 16:25:12 E85916632CD3B9E9B546968DB950BF42 154112 ----a-w- C:\WINDOWS\Sysnative\drivers\tunnel.sys 2015-11-12 13:33:57 715ABA3DD164D06457A2A3C92F6EA9D5 136512 ----a-w- C:\WINDOWS\Sysnative\drivers\wfplwfs.sys 2015-11-12 13:32:56 EE16457030175F449BAB0ABD279F4B6A 202240 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys 2015-11-12 13:32:56 E0BD2D83875464FEEEB242CBA8B7E073 108032 ----a-w- C:\WINDOWS\Sysnative\drivers\tdx.sys 2015-11-12 13:32:56 A460C3AF3755A2A79A3C8EFE72E147B5 559616 ----a-w- C:\WINDOWS\Sysnative\drivers\afd.sys 2015-11-12 13:32:56 89DE71940A0E7F5BA617AE08321EF5C3 401408 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2015-11-12 13:32:56 35C19AF2116F67914712D7C4CBE47B8C 177496 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys 2015-11-12 13:32:56 0DE32A0BB1FE2A773666572F79584520 561952 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys ====== C:\WINDOWS\Tasks ====== 2015-10-29 18:54:44 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Acrobat Update Task ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-10-29 22:22:42 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Maarten\AppData\Roaming ====== 2015-11-12 18:11:16 -------- d-----w- C:\Users\Maarten\AppData\Roaming\VASCO 2015-11-12 18:11:16 -------- d-----w- C:\Users\Maarten\AppData\Local\Package Cache 2015-10-29 22:22:34 -------- d-----w- C:\Users\Maarten\AppData\Roaming\Sun 2015-10-25 23:20:44 -------- d-----w- C:\Users\Maarten\AppData\Roaming\HandBrake 2015-10-25 23:07:28 -------- d-----w- C:\Users\Maarten\AppData\Local\Movavi 2015-10-25 23:07:28 -------- d-----w- C:\Users\Maarten\AppData\Local\converter ====== C:\Users\Maarten ====== 2015-11-19 14:10:28 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2015-10-25 23:20:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake 2015-10-25 23:07:05 -------- d-----w- C:\ProgramData\Movavi 2015-10-25 23:06:29 -------- d-----w- C:\ProgramData\Movavi Video Converter 16 ====== C: exe-files == 2015-11-19 20:22:15 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Maarten\AppData\Local\Microsoft\Windows\INetCache\IE\NHI2AX8E\RSITx64.exe === C: other files == 2015-11-19 11:33:33 BA2ABBEA69BD1866C973DE11CB0CE9F8 50936 ----a-r- C:\Windows\System32\drivers\NSBUx64\1605050.00E\srtspx64.sys 2015-11-19 11:33:33 AB3558A087FA03861162F8DE9B681AE8 928496 ----a-w- C:\Windows\System32\drivers\NSBUx64\1605050.00E\srtsp64.sys 2015-11-19 11:33:33 751C968945EFD42469FE52D6CE384196 577768 ----a-w- C:\Windows\System32\drivers\NSBUx64\1605050.00E\symnets.sys 2015-11-19 11:33:33 6F227CF9E64364578E2DABD1EF6E51A4 1621232 ----a-w- C:\Windows\System32\drivers\NSBUx64\1605050.00E\symefasi64.sys 2015-11-19 11:33:33 5A1C7DBDDB001BC6F1D1720E655445E2 173808 ----a-r- C:\Windows\System32\drivers\NSBUx64\1605050.00E\ccsetx64.sys 2015-11-19 11:33:33 1DE0CBF15AC67AE0E5B456ADEFB89493 24192 ----a-r- C:\Windows\System32\drivers\NSBUx64\1605050.00E\symelam.sys 2015-11-19 11:33:33 0891E59A27208B9B727BAB863B853E80 297720 ----a-r- C:\Windows\System32\drivers\NSBUx64\1605050.00E\ironx64.sys 2015-11-18 09:41:30 F5B285246DAFA459FDEA34F6C4458777 4176 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\ara_4.3_all_livetriT1T0JWOM.zip 2015-11-15 15:33:14 F5B285246DAFA459FDEA34F6C4458777 4176 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\ara_4.3_all_livetriHUW8JESG.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3213485410-438365983-1047582419-1002\Software\Microsoft\Windows\CurrentVersion\Run] "DYMOQuickPrint"="C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler" "CPMonitor"="C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe" "Desktop Disc Tool"="C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" "DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN" "ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun" "ProductUpdater"="C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe" "BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DYMOQuickPrint"="C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "IgfxTray"="C:\Windows\system32\igfxtray.exe" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Folders ====================== 2015-08-20 18:37:08 1938 ----a-w- C:\Users\Maarten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP ENVY 4500 series.lnk 2013-12-18 19:06:47 1314 ----a-w- C:\Users\Maarten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10/11/2015 20:45] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/08/2015 12:28] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/08/2015 12:28] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe] "C:\WINDOWS\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\Dolby Selector" [C:\Dolby PCEE4\pcee4.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HPCustParticipation HP ENVY 4500 series" ["C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe"] "C:\WINDOWS\SysNative\tasks\Launch Manager" ["C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe"] "C:\WINDOWS\SysNative\tasks\Norton Online Backup ARA" [C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe] "C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.4.24\WSCStub.exe"] "C:\WINDOWS\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{2F487504-3512-4BFC-A152-4992DBACEE2E}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe] "C:\WINDOWS\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe] "C:\WINDOWS\SysNative\tasks\Norton Security with Backup\Norton Error Analyzer" [C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.4.24\SymErr.exe] "C:\WINDOWS\SysNative\tasks\Norton Security with Backup\Norton Error Processor" [C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.4.24\SymErr.exe] "C:\WINDOWS\SysNative\tasks\Recovery Management\Notification" [C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe] "C:\WINDOWS\SysNative\tasks\Remediation\AntimalwareMigrationTask" ["C:\Program Files\Common Files\AV\Norton 360 Premier Edition\Upgrade.exe"] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Maarten\AppData\Roaming\Mozilla\Firefox\Profiles\6tzobd51.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:blank"); user_pref("browser.search.selectedEngine", "Google"); user_pref("keyword.URL", "http://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q="); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\coFFAddon" [03/11/2015 23:47] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\coFFAddon" [03/11/2015 23:47] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Maarten\AppData\Roaming\Mozilla\Firefox\Profiles\6tzobd51.default F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director F114FBA6246530B89DD1E04351E0EAC5 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.4.24\Exts\Chrome.crx[23/09/2015 07:44] iikflkcanblccfahdhdonehdalibjnif - No path found[] nppllibpnmahfaklnpggkibhkapjkeob - No path found[] Norton Security Toolbar - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe Norton Identity Safe - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Chrome Web Store Payments - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Instagram for Chrome - Maarten\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{F04D2D30-776C-4d02-8627-8E4385ECA58D} deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Maarten\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Maarten\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Maarten\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Maarten\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Maarten\AppData\Local\Mozilla\Firefox\Profiles\6tzobd51.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Maarten\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=85 folders=21 42851774 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Maarten\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Maarten\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 20/11/2015 at 22:45:03,14 ======================