
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Etienne on zo 15/05/2016 at 11:09:05,45.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Etienne\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2016-05-15-061708.log	1307 bytes
C:\zoek-results2016-05-15-063822.log	400 bytes
C:\zoek-results2016-05-15-074257.log	448 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2181814048-3153119955-3185687226-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully
HKEY_USERS\S-1-5-21-2181814048-3153119955-3185687226-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully
HKEY_USERS\S-1-5-21-2181814048-3153119955-3185687226-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F54D94E-52EF-4498-92B1-D7161D153118} deleted successfully
HKEY_USERS\S-1-5-21-2181814048-3153119955-3185687226-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FCE63A4-5319-4195-91BA-67334550AA9} deleted successfully
HKEY_USERS\S-1-5-21-2181814048-3153119955-3185687226-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9393E624-F724-41CC-812-B85777A59F57} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\eohmsyhn.default-1421871090958

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("browser.search.selectedEngine", "Yahoo");
---- FireFox user.js and prefs.js backups ---- 

prefs_20161505_1136_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
""=- 

==== Batch Command(s) Run By Tool======================


De Winsock-catalogus is opnieuw ingesteld.
De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien.


==== Deleting Files \ Folders ======================

C:\Program Files\Common Files\Tencent deleted
C:\ProgramData\TXQMPC deleted
C:\ProgramData\Tencent deleted
C:\Users\Etienne\AppData\Roaming\Tencent deleted
C:\Users\Etienne\AppData\Roaming\Baidu deleted
C:\windows\SysNative\Tasks\0316aviUpdateInfo deleted
C:\Users\Etienne\.android deleted
C:\PROGRA~2\Tencent deleted
C:\PROGRA~2\Wise\Wise Registry Cleaner deleted
C:\PROGRA~2\COMMON~1\Tencent deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Tencent deleted
C:\PROGRA~3\Avg_Update_0814tb deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Etienne\AppData\Local\Unity deleted
C:\Users\Etienne\AppData\Local\cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted
C:\Users\Etienne\AppData\LocalLow\Unity deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\RegistryHelperLM.ocx deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
"C:\Users\Etienne\AppData\Roaming\Kernel Extension" deleted
"C:\Users\Etienne\AppData\Roaming\MIDI Devices" deleted
"C:\ProgramData\Mail" deleted
"C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\eohmsyhn.default-1421871090958\searchplugins\yahoo.xml" deleted
"C:\PROGRA~3\71105f12cfb866eb\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}" deleted
"C:\PROGRA~3\71105f12cfb866eb\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~3\71105f12cfb866eb\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\PROGRA~3\71105f12cfb866eb\{CA41BB14-E67B-1653-C57B-5CA99418A866}" deleted
"C:\PROGRA~3\71105f12cfb866eb\{CF830981-8F31-C561-C7A0-FE2CE1878B40}" deleted
"C:\PROGRA~3\71105f12cfb866eb\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted
"C:\PROGRA~2\PrivaZer\PrivaMenu5.dll" not deleted
"C:\PROGRA~3\71105f12cfb866eb" deleted
"C:\PROGRA~2\PrivaZer" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2016-04-29 09:38:56	EA107B70A11A210641DFB70838127FC7	262144	---ha-w-	C:\Windows\DUMP5f78.DMP
====== C:\Users\Etienne\AppData\Local\Temp ====
2016-05-12 06:44:13	A17C8851073C222EFC57EDE3F846EB54	2259064	----a-w-	C:\Users\Etienne\AppData\Local\Temp\BDWebAdapterZip.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2016-05-12 12:05:44	DB64FDEE71422353FF8BFF4188F86218	312832	----a-w-	C:\Windows\SysWOW64\gdi32.dll
2016-05-12 12:05:33	E1E4376C8B74BAFC599383699BDBB5B5	2048	----a-w-	C:\Windows\SysWOW64\tzres.dll
2016-05-12 12:05:23	8098ED20E478CC1BCBB335FFF6764EF2	603648	----a-w-	C:\Windows\SysWOW64\d3d10level9.dll
2016-05-12 12:02:47	AD02E683D6D598D4899FE5733A9711E1	30720	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2016-05-12 12:02:47	597F91AD234C33E1F2E57DFA3F487F8E	47616	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-12 12:02:47	5977D8883562E79DB1883EAA76BF1796	76288	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2016-05-12 12:02:47	1088B22FC16C769B6F1D130C64A575C1	91136	----a-w-	C:\Windows\SysWOW64\inseng.dll
2016-05-12 12:02:46	EB28AEBBAB4DF479E5379A0ED254E05A	346312	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2016-05-12 12:02:46	92447454D422B61098722F3E32FDA108	1312256	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2016-05-12 12:02:46	79038436F8149140804E594FAC75DC62	130048	----a-w-	C:\Windows\SysWOW64\occache.dll
2016-05-12 12:02:46	6B0E7E0684D6F01C5B79B2CFBBF86D87	64000	----a-w-	C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-12 12:02:46	2E220AC0726E93012CFF802E6CC976D6	497152	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2016-05-12 12:02:46	20CCB08C50B558E2FD21286DEEBFC949	60416	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-12 12:02:45	65FD7525C425EB13A107B3CCED39C5EC	693248	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2016-05-12 12:02:45	63A16C06142DC21B143C1694F0E98FD4	20350464	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2016-05-12 12:02:45	1D2A4F6731F5C839CB06BFB42A2D17DE	279040	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2016-05-12 12:02:44	9A2D3244780C31C7F393A420A82DBADB	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2016-05-12 12:02:43	C318703CA34BC44AD328756B790D64BE	663552	----a-w-	C:\Windows\SysWOW64\jscript.dll
2016-05-12 12:02:43	A77B4ECEAE257BADF43E3DB157D06FDD	2056192	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2016-05-12 12:02:43	A124ECF6569252EA3B4EFD8C06D8F4D5	62464	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2016-05-12 12:02:43	944E9682639592534699338EB0CDBBD3	620032	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2016-05-12 12:02:43	496DB0A700A16F907C163B5C38AF144B	47104	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2016-05-12 12:02:43	2A60FB02AFE1B0C908462F8B82C80416	2285568	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2016-05-12 12:02:43	1D71FF7ED3DAC131F25C3D9B975DEE3F	710144	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2016-05-12 12:02:42	F6E942EACAF8BCDD0585EC37C0AEEA1E	13811200	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2016-05-12 12:02:42	C47F1C3B0BCD0FD8414504866B217CBF	416256	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2016-05-12 12:02:42	AE291D2064C8819550EC5BDB8A3C811B	476160	----a-w-	C:\Windows\SysWOW64\ieui.dll
2016-05-12 12:02:39	DA6C32EDF3475EC53D2764C9C89D0AED	230400	----a-w-	C:\Windows\SysWOW64\webcheck.dll
2016-05-12 12:02:39	8EF022E16150BFAFC7DBB795C43C6BA2	2121216	----a-w-	C:\Windows\SysWOW64\wininet.dll
2016-05-12 12:02:39	805B2423E2A6748558A102D4AE2B8845	341504	----a-w-	C:\Windows\SysWOW64\html.iec
2016-05-12 12:02:39	63C5906CDB3851B7FEFE0159E4E283C4	4611072	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2016-05-12 12:02:39	4D4AFCB56FDE1C0E3FB8EC04DF78215E	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2016-05-12 12:02:39	2975F5A31DA534F4988EE7F423885CDD	1155072	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-12 12:02:39	032534A6D0983132206BCD386842F3DB	168960	----a-w-	C:\Windows\SysWOW64\msrating.dll
2016-05-12 11:59:54	55BAF523383B955141C89C71D88F79E7	3998952	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-12 11:59:54	0060068CC288885E7FFDF18D079CA1DD	553472	----a-w-	C:\Windows\SysWOW64\kerberos.dll
2016-05-12 11:59:53	9DF92D5FDDF0E397229BDC99F96EAF50	3943144	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-12 11:59:52	C7E287EC405304B50E95C7E035209DCC	1314112	----a-w-	C:\Windows\SysWOW64\ntdll.dll
2016-05-12 11:59:51	05070B7E4303CF1ECBA1202FF4AB33C8	342528	----a-w-	C:\Windows\SysWOW64\certcli.dll
2016-05-12 11:59:50	16DAAA689DF16BFF36F52FAE8F7242F6	666112	----a-w-	C:\Windows\SysWOW64\rpcrt4.dll
2016-05-12 11:59:49	DA96ADD8957533C9322BE70D68E6CEC2	96768	----a-w-	C:\Windows\SysWOW64\sspicli.dll
2016-05-12 11:59:48	039567AA833DDAC96E85880204516424	644096	----a-w-	C:\Windows\SysWOW64\advapi32.dll
2016-05-12 11:59:47	1C32E36283531787ACD66E465F583C8E	275456	----a-w-	C:\Windows\SysWOW64\KernelBase.dll
2016-05-12 11:59:46	F3BDC789FC0F08E49161F503913EC540	141312	----a-w-	C:\Windows\SysWOW64\rpchttp.dll
2016-05-12 11:59:46	F11B94DD3C78CC2878206D84E97D6943	223232	----a-w-	C:\Windows\SysWOW64\ncrypt.dll
2016-05-12 11:59:46	B787A7C9B6CD553649F4148CA1ADD394	171520	----a-w-	C:\Windows\SysWOW64\wdigest.dll
2016-05-12 11:59:46	5490A3788CF61248DC3423F279ABF876	251392	----a-w-	C:\Windows\SysWOW64\schannel.dll
2016-05-12 11:59:46	4A3C137270473F865FB652CE5EFF2D95	260608	----a-w-	C:\Windows\SysWOW64\msv1_0.dll
2016-05-12 11:59:45	59A55027D3239BDFB3C06EEDA15EFCBB	65536	----a-w-	C:\Windows\SysWOW64\TSpkg.dll
2016-05-12 11:59:43	9AB8911144C6ED982189E89752C9975B	43008	----a-w-	C:\Windows\SysWOW64\srclient.dll
2016-05-12 11:59:43	7214F85DDE720F547C88746044A9DF50	1114112	----a-w-	C:\Windows\SysWOW64\kernel32.dll
2016-05-12 11:59:43	3F6179FCEC6473F79FFA75B6ED7C7E11	36352	----a-w-	C:\Windows\SysWOW64\cryptbase.dll
2016-05-12 11:59:43	0ABA313538EA960A66DBCB2AF20EF267	50688	----a-w-	C:\Windows\SysWOW64\appidapi.dll
2016-05-12 11:59:42	F07DBB814DD09ACAAE456DCA10ACBEFA	22016	----a-w-	C:\Windows\SysWOW64\secur32.dll
2016-05-12 11:59:42	E92B1E2F32B088D068E1C6822F635C16	5120	----a-w-	C:\Windows\SysWOW64\wow32.dll
2016-05-12 11:59:42	5225DAD8684A316587B5F0AC56B50B59	17408	----a-w-	C:\Windows\SysWOW64\credssp.dll
2016-05-12 11:59:42	32DD1981BE82A69B8B9D32CA716F981D	14336	----a-w-	C:\Windows\SysWOW64\ntvdm64.dll
2016-05-12 11:59:42	0ED7981D7FFB58AF23E85289F6104B0D	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2016-05-12 11:59:38	9A8D915E33F63746CA30CDD7D303F2B7	6656	----a-w-	C:\Windows\SysWOW64\apisetschema.dll
2016-05-12 11:59:37	3118CEC6B028A1E49494AE6A718A511E	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2016-05-12 11:59:37	30EE614007B9180EBFAB405A9E8132E3	690688	----a-w-	C:\Windows\SysWOW64\adtschema.dll
2016-05-12 11:59:37	19EB808A230C127B3EE88FA65FF2339D	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2016-05-12 11:59:37	15F5D29C86B530753F03B1625D151B16	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2016-05-12 11:59:36	CEDF8CBE4AE24A70421DA9319B60B079	146432	----a-w-	C:\Windows\SysWOW64\msaudite.dll
2016-05-12 11:59:36	89F158101922E0AEE59FC6094135F440	60416	----a-w-	C:\Windows\SysWOW64\msobjs.dll
2016-05-12 11:09:35	525B93B761DCCB2D33A58ED603178228	1230848	----a-w-	C:\Windows\SysWOW64\WindowsCodecs.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2016-05-12 12:05:44	419EA204587056438AE7F240CD5148CC	405504	----a-w-	C:\Windows\Sysnative\gdi32.dll
2016-05-12 12:05:41	7DA8DE6CCB885424ABFC7514BD153BED	3217408	----a-w-	C:\Windows\Sysnative\win32k.sys
2016-05-12 12:05:34	F10BCEDF691ED2CDF3597790DF3AC900	2048	----a-w-	C:\Windows\Sysnative\tzres.dll
2016-05-12 12:05:26	678A360CC45EADC5D3DAB4908A2A5583	144384	----a-w-	C:\Windows\Sysnative\cdd.dll
2016-05-12 12:05:23	DF1D2F062B9D41650221C3786DB7EFDE	647680	----a-w-	C:\Windows\Sysnative\d3d10level9.dll
2016-05-12 12:05:11	75BED44B8943F3E709A8B8DA0CE598A4	24576	----a-w-	C:\Windows\Sysnative\jnwmon.dll
2016-05-12 12:02:47	FF9ADCA4CC1354E4D0874E114F0905B9	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2016-05-12 12:02:47	6F662D75A32E5733AEEB0E0EA0991414	34304	----a-w-	C:\Windows\Sysnative\iernonce.dll
2016-05-12 12:02:47	1B8762BED9C37F7102C6942259DEC1D2	114688	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2016-05-12 12:02:46	FAD34309B0A0A2CCBA974A6DBB6A1C3D	107520	----a-w-	C:\Windows\Sysnative\inseng.dll
2016-05-12 12:02:46	837C0A5D036A42E29725A5E091F2D763	725504	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2016-05-12 12:02:46	0C26F80A104ADBC9C546EEE2BE37AEE2	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2016-05-12 12:02:45	DEFE506D17999B6ACAD781A4F966E027	77824	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2016-05-12 12:02:43	A16CD7A8AD7B0CB933833AAEAA34F9E8	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2016-05-12 12:02:43	9880C41F5F75271CD1059BAD6DAAD35A	152064	----a-w-	C:\Windows\Sysnative\occache.dll
2016-05-12 12:02:43	1239F7DF2094CFA4E8DEE959AACDBDAC	968704	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2016-05-12 12:02:43	0E770804B65860F34A1FB71B9E5D9A26	394960	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2016-05-12 12:02:43	0BD24D852DFB3090F2C8D249A5F17CAE	1547776	----a-w-	C:\Windows\Sysnative\urlmon.dll
2016-05-12 12:02:42	C4C5E1F2A695AB7B2C9DAAEE56A000F9	806400	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2016-05-12 12:02:42	0FB33725DB381B619A36B4DD12B69033	315392	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2016-05-12 12:02:41	B1D5E0AF0D2D2BB5BA1CE7669C35FFF0	800768	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2016-05-12 12:02:41	6015A35DA7D4AD432349CC368A7CC3C8	66560	----a-w-	C:\Windows\Sysnative\iesetup.dll
2016-05-12 12:02:40	D5BD8EE1707B43D51338EC67E526473C	2893312	----a-w-	C:\Windows\Sysnative\iertutil.dll
2016-05-12 12:02:40	208AFA0857AFB83E4C4E25708079F6DC	2131968	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2016-05-12 12:02:39	785E35A78FE14486FA4D5B5AD5A1D601	54784	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2016-05-12 12:02:39	6AC661AE6DA1F639FE214DC5C7891A18	571904	----a-w-	C:\Windows\Sysnative\vbscript.dll
2016-05-12 12:02:38	865C1B2502A208676726E48B3074FECA	615936	----a-w-	C:\Windows\Sysnative\ieui.dll
2016-05-12 12:02:38	2625BC55714FE0DACBD22953786EFFB6	15415808	----a-w-	C:\Windows\Sysnative\ieframe.dll
2016-05-12 12:02:38	2277CB2D9C77473CA41391D5534A8684	489984	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2016-05-12 12:02:37	E3EC01ED93DEEB4FDDFAE255D0A7EB59	1359360	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2016-05-12 12:02:37	472FC7C8234231CE6BD8295BC0768BCC	92160	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2016-05-12 12:02:37	3E3F1BCE62AD0A8D07A61756428069ED	144384	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2016-05-12 12:02:36	F16720E22294737EB8EF76699D1EA150	262144	----a-w-	C:\Windows\Sysnative\webcheck.dll
2016-05-12 12:02:36	C3DFC9DB94F7D795D07CF1E6392A5762	817664	----a-w-	C:\Windows\Sysnative\jscript.dll
2016-05-12 12:02:36	76963E7315E3B4C690EEA112626765D3	6052352	----a-w-	C:\Windows\Sysnative\jscript9.dll
2016-05-12 12:02:36	0EC2A7051F38BF1E9C5FD7D6C3A522DE	814080	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2016-05-12 12:02:35	D88379C0F2BDCEA5ADBDAD175B2F23E9	2596864	----a-w-	C:\Windows\Sysnative\wininet.dll
2016-05-12 12:02:35	B715F3E6BCBDB0BF065711E34F87591D	88064	----a-w-	C:\Windows\Sysnative\MshtmlDac.dll
2016-05-12 12:02:35	31A8F99A68A1A7F940FDB0E0DFCF1E36	417792	----a-w-	C:\Windows\Sysnative\html.iec
2016-05-12 12:02:31	7BD49AAF5B955849A4BB562731433DA4	199680	----a-w-	C:\Windows\Sysnative\msrating.dll
2016-05-12 12:02:31	29FEBA062DF8CCDAFF7D2C5DB2E010C5	25816064	----a-w-	C:\Windows\Sysnative\mshtml.dll
2016-05-12 11:59:56	BF6AE43FEE8061E3507A0B9D3B780503	5546216	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2016-05-12 11:59:55	DCB81172692554AF9CF06E2CBD25B9A4	1464320	----a-w-	C:\Windows\Sysnative\lsasrv.dll
2016-05-12 11:59:55	1A4B160C110AD3EC2E6534242A6CCA8C	1212928	----a-w-	C:\Windows\Sysnative\rpcrt4.dll
2016-05-12 11:59:54	DE43E370B5C0446706B1AABCB272F2B7	730624	----a-w-	C:\Windows\Sysnative\kerberos.dll
2016-05-12 11:59:52	E2863817E61DB6969131B969CEDD2E28	631176	----a-w-	C:\Windows\Sysnative\winresume.efi
2016-05-12 11:59:52	DDFDC0CA6FBB9372402F9E6CB0ED1097	1732864	----a-w-	C:\Windows\Sysnative\ntdll.dll
2016-05-12 11:59:51	BCAD8D59FA7A1D72845449504D23AF48	706280	----a-w-	C:\Windows\Sysnative\winload.efi
2016-05-12 11:59:51	43840A1373FD260D50449ABF4C7EC9BE	463872	----a-w-	C:\Windows\Sysnative\certcli.dll
2016-05-12 11:59:50	ACEDF96749861DB3DA92AE9B9D94FE72	1163264	----a-w-	C:\Windows\Sysnative\kernel32.dll
2016-05-12 11:59:50	AAD83BE49FBF04C9BD9DD4A9DC7A348F	344064	----a-w-	C:\Windows\Sysnative\schannel.dll
2016-05-12 11:59:50	75EF65B6A987F360E7F6BF34814775E9	880640	----a-w-	C:\Windows\Sysnative\advapi32.dll
2016-05-12 11:59:50	1CBDCAC093542013BEE9E4700C74C784	112640	----a-w-	C:\Windows\Sysnative\smss.exe
2016-05-12 11:59:49	F94597169B736145A839B11E8B67D1ED	362496	----a-w-	C:\Windows\Sysnative\wow64win.dll
2016-05-12 11:59:49	EE5FF0042BD4F7509BA87A360B2A937E	316416	----a-w-	C:\Windows\Sysnative\msv1_0.dll
2016-05-12 11:59:49	7AF9540086CD74807C2A3424EA9BB080	419840	----a-w-	C:\Windows\Sysnative\KernelBase.dll
2016-05-12 11:59:48	E0E4D286839FC27F56A85B4710E16B6B	215552	----a-w-	C:\Windows\Sysnative\winsrv.dll
2016-05-12 11:59:48	C82BE6682595C103620DE199DBAE430F	86528	----a-w-	C:\Windows\Sysnative\TSpkg.dll
2016-05-12 11:59:48	4459A597CB478FCD6BECCDF6B6FE00F8	503808	----a-w-	C:\Windows\Sysnative\srcore.dll
2016-05-12 11:59:47	E5C4460B7D2F427403D6BF71609301C2	135680	----a-w-	C:\Windows\Sysnative\sspicli.dll
2016-05-12 11:59:47	BA7A6057C4837CA5A6000E87791949B6	210432	----a-w-	C:\Windows\Sysnative\wdigest.dll
2016-05-12 11:59:47	B43463CB4DB7B0E0490146A09081CD51	243712	----a-w-	C:\Windows\Sysnative\wow64.dll
2016-05-12 11:59:47	9F3BCFC72B5CCEBD5B891A2D96DF0679	312320	----a-w-	C:\Windows\Sysnative\ncrypt.dll
2016-05-12 11:59:47	8ABF7DDE46A71F9248F0636D86E2AF63	190464	----a-w-	C:\Windows\Sysnative\rpchttp.dll
2016-05-12 11:59:47	46392E6BDDCB04CBD4D48BE01D3CA715	338432	----a-w-	C:\Windows\Sysnative\conhost.exe
2016-05-12 11:59:46	E00A8C3122905DCA8E95A3A85B69077D	43520	----a-w-	C:\Windows\Sysnative\csrsrv.dll
2016-05-12 11:59:45	F2474E18F6E4921CCA71AF6728A285D9	43520	----a-w-	C:\Windows\Sysnative\cryptbase.dll
2016-05-12 11:59:45	69448037698D8E2B710E1C1ECC9AE221	28672	----a-w-	C:\Windows\Sysnative\sspisrv.dll
2016-05-12 11:59:45	65FC10C931DC98520628502030BBB12E	13312	----a-w-	C:\Windows\Sysnative\wow64cpu.dll
2016-05-12 11:59:45	54C0E3156872881F6AB017210278E27E	30720	----a-w-	C:\Windows\Sysnative\lsass.exe
2016-05-12 11:59:44	C5FA4E9C6340D22A9E57CC034E2F6D28	59904	----a-w-	C:\Windows\Sysnative\appidapi.dll
2016-05-12 11:59:44	945A17678882794460573D939ACB143E	63488	----a-w-	C:\Windows\Sysnative\setbcdlocale.dll
2016-05-12 11:59:44	8F58BA1F7772D6D7CE45F03309608001	34816	----a-w-	C:\Windows\Sysnative\appidsvc.dll
2016-05-12 11:59:44	547F67CC813AA6463681E8D50EDCA5B8	28160	----a-w-	C:\Windows\Sysnative\secur32.dll
2016-05-12 11:59:44	325EC8D590E6F031A8522E0A5227CAB6	22016	----a-w-	C:\Windows\Sysnative\credssp.dll
2016-05-12 11:59:44	2C1038F411C2F6620D939C946EB9EB85	50176	----a-w-	C:\Windows\Sysnative\srclient.dll
2016-05-12 11:59:43	E4D27AA5E03A5A0A5CD598CFA07E5DFE	296960	----a-w-	C:\Windows\Sysnative\rstrui.exe
2016-05-12 11:59:43	C0DACE1E7EE4078356896E17B4BDF869	148480	----a-w-	C:\Windows\Sysnative\appidpolicyconverter.exe
2016-05-12 11:59:43	68A7DE97AFAB78D0A2CDBC91DEC68ACF	16384	----a-w-	C:\Windows\Sysnative\ntvdm64.dll
2016-05-12 11:59:42	DCFACB7A50926D5975B8685345FDE05C	17920	----a-w-	C:\Windows\Sysnative\appidcertstorecheck.exe
2016-05-12 11:59:42	C4B5EF30CA9E35E9516E9B9D93261F8E	64000	----a-w-	C:\Windows\Sysnative\auditpol.exe
2016-05-12 11:59:38	F55990BF965397705CA628398DCA4BBB	6656	----a-w-	C:\Windows\Sysnative\apisetschema.dll
2016-05-12 11:59:37	DBA8C2849E6F5A542C18F65192EB6E5E	690688	----a-w-	C:\Windows\Sysnative\adtschema.dll
2016-05-12 11:59:36	BAB5F0752281AE6BA21733BCBB95FBD3	60416	----a-w-	C:\Windows\Sysnative\msobjs.dll
2016-05-12 11:59:36	67A323DAF9D403A8AE92CC2698F7CDE4	146432	----a-w-	C:\Windows\Sysnative\msaudite.dll
2016-05-12 11:09:35	7B1377FEF37A1A05B964660025D6FC76	1424896	----a-w-	C:\Windows\Sysnative\WindowsCodecs.dll
2016-05-12 10:56:20	48BA9C6110A5EBA910E7FB2E7D23CFC1	110176	----a-w-	C:\Windows\Sysnative\klfphc.dll
====== C:\Windows\Sysnative\drivers =====
2016-05-12 12:05:26	4371705697BBB2CAA7C7523058109CE9	264936	----a-w-	C:\Windows\Sysnative\drivers\dxgmms1.sys
2016-05-12 12:05:26	3A9D7D464BDB3B70D7ECF689ADABBD4D	986344	----a-w-	C:\Windows\Sysnative\drivers\dxgkrnl.sys
2016-05-12 11:59:52	C08CCCE2BE68D04E6C142614736959DA	154344	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2016-05-12 11:59:51	0878723427BA190E5ABA5AA0112FA4D4	95464	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
2016-05-12 11:59:51	035C0A9A63DF3F3A52B90D8F6BF0F166	159744	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb.sys
2016-05-12 11:59:49	8308FC2E9147D7632221E3279BB14660	291328	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb10.sys
2016-05-12 11:59:46	1F8DA4ECAEA7E2BCD97E738795817431	129536	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb20.sys
2016-05-12 11:59:45	6474F8823C7188D2DA579F01FB6CED6B	62464	----a-w-	C:\Windows\Sysnative\drivers\appid.sys
2016-05-12 10:54:23	DE7D2DEDE9C9D5219AA439172BA8D21C	181640	----a-w-	C:\Windows\Sysnative\drivers\klflt.sys
2016-05-12 10:54:23	16E6DEF683D0EFAC8EED0D0FF4FE00DD	934808	----a-w-	C:\Windows\Sysnative\drivers\klif.sys
2016-05-12 10:54:22	C62B714428FD30DD7B3115566C3F470B	227000	----a-w-	C:\Windows\Sysnative\drivers\klhk.sys
====== C:\Windows\Tasks ======
2016-05-12 08:24:31	D61716FC2E37F295F023459C5DE933D6	3086	----a-w-	C:\Windows\Sysnative\Tasks\{58024812-B03D-4704-8044-E78F874C37B5}
2016-04-17 17:41:36	651C2F97D1B6CD81932B83A05BB3BDE4	3320	----a-w-	C:\Windows\Sysnative\Tasks\{4D6BBF54-5280-4531-B906-5CC71517E830}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2016-05-14 20:22:44	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2016-05-12 10:55:38	--------	d-----w-	C:\PROGRA~2\Kaspersky Lab
2016-04-30 20:11:15	--------	d-----w-	C:\PROGRA~2\COMMON~1\Skype
2016-04-17 17:41:04	--------	d--h--w-	C:\PROGRA~2\Temp
======= C: =====
====== C:\Users\Etienne\AppData\Roaming ======
2016-05-12 06:43:51	--------	d-----w-	C:\Users\Etienne\AppData\Local\Baidu
2016-05-12 06:43:36	--------	d-----w-	C:\Users\Etienne\AppData\Locallow\Baidu
2016-05-12 06:42:06	EC23E9FF279D387653C91BECE7ABAF56	1626777	----a-w-	C:\Users\Etienne\AppData\Roaming\FlexIt.tst
2016-05-12 06:42:06	A4B47BA374A940444E7CBFC28326124A	18432	----a-w-	C:\Users\Etienne\AppData\Roaming\Main.dat
2016-05-12 06:42:06	558CC1A5061E3B5CE0776C0E78CDFA59	6494208	----a-w-	C:\Users\Etienne\AppData\Roaming\agent.dat
2016-05-12 06:41:58	1B9F584C3ACCBB2E962FED61877141DF	72717	----a-w-	C:\Users\Etienne\AppData\Roaming\Danlight.tst
2016-05-12 06:41:42	93AB122445D9767B603D9184A3941760	127488	----a-w-	C:\Users\Etienne\AppData\Roaming\Installer.dat
====== C:\Users\Etienne ======
2016-05-14 20:18:57	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Etienne\Desktop\RSITx64.exe
2016-04-30 20:11:15	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

====== C: exe-files ==
2016-05-14 20:23:06	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Etienne.exe
2016-05-14 20:18:57	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Etienne\Desktop\RSITx64.exe
2016-05-14 08:31:51	656269919073AA532ECF6900AA631274	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2181814048-3153119955-3185687226-1001\$IJ11D4K.exe
2016-05-14 08:31:51	07C7444B9A257B8D38835360E6FBC9A9	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2181814048-3153119955-3185687226-1001\$I9QJMLR.exe
2016-05-13 16:29:54	E2989B7C8C60EBADD93591EEC321312E	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2181814048-3153119955-3185687226-1001\$IKK027A.exe
2016-05-13 16:29:25	5659A21A460023F3D9CC6C379A355E96	45703432	----a-w-	C:\$Recycle.Bin\S-1-5-21-2181814048-3153119955-3185687226-1001\$RKK027A.exe
2016-05-12 12:05:34	6C382B5D74BCDDF6DEB2463BA5B60376	49664	----a-w-	C:\Windows\servicing\GC64\tzupd.exe
2016-05-12 12:05:12	0CECC4BBA3486105BC8B9467035CA32C	2163200	----a-w-	C:\Program Files\Windows Journal\Journal.exe
2016-05-12 12:05:11	462C9BDBBFF4B69F4DF14CA296DB5788	51200	----a-w-	C:\Program Files\Windows Journal\PDIALOG.exe
2016-05-12 12:02:47	1B8762BED9C37F7102C6942259DEC1D2	114688	----a-w-	C:\Windows\System32\ieetwcollector.exe
2016-05-12 12:02:46	CB7707D6FBA0F759867D601106A11973	221184	----a-w-	C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2016-05-12 12:02:46	837C0A5D036A42E29725A5E091F2D763	725504	----a-w-	C:\Windows\System32\ie4uinit.exe
2016-05-12 12:02:43	B1D263F5B115A2BBAB952E9A40E4C92C	474112	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2016-05-12 12:02:43	91B418F229438E9F8DA276E241B32EBC	222720	----a-w-	C:\Program Files\Internet Explorer\ielowutil.exe
2016-05-12 12:02:43	455FBE995E8E809DA3EBB78C447202D9	815304	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2016-05-12 12:02:43	1239F7DF2094CFA4E8DEE959AACDBDAC	968704	----a-w-	C:\Windows\System32\MsSpellCheckingFacility.exe
2016-05-12 12:02:41	62DB8E65FC1C6AC390F0F5C536F9094F	491008	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2016-05-12 12:02:40	B16EDEABB3FDC01D3B75FBB1EDFE4084	814288	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2016-05-12 12:02:39	4D4AFCB56FDE1C0E3FB8EC04DF78215E	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2016-05-12 12:02:37	3E3F1BCE62AD0A8D07A61756428069ED	144384	----a-w-	C:\Windows\System32\ieUnatt.exe
2016-05-12 11:59:56	BF6AE43FEE8061E3507A0B9D3B780503	5546216	----a-w-	C:\Windows\System32\ntoskrnl.exe
2016-05-12 11:59:54	55BAF523383B955141C89C71D88F79E7	3998952	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-12 11:59:53	9DF92D5FDDF0E397229BDC99F96EAF50	3943144	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-12 11:59:50	1CBDCAC093542013BEE9E4700C74C784	112640	----a-w-	C:\Windows\System32\smss.exe
2016-05-12 11:59:47	46392E6BDDCB04CBD4D48BE01D3CA715	338432	----a-w-	C:\Windows\System32\conhost.exe
2016-05-12 11:59:45	54C0E3156872881F6AB017210278E27E	30720	----a-w-	C:\Windows\System32\lsass.exe
2016-05-12 11:59:43	E4D27AA5E03A5A0A5CD598CFA07E5DFE	296960	----a-w-	C:\Windows\System32\rstrui.exe
2016-05-12 11:59:43	C0DACE1E7EE4078356896E17B4BDF869	148480	----a-w-	C:\Windows\System32\appidpolicyconverter.exe
2016-05-12 11:59:42	DCFACB7A50926D5975B8685345FDE05C	17920	----a-w-	C:\Windows\System32\appidcertstorecheck.exe
2016-05-12 11:59:42	C4B5EF30CA9E35E9516E9B9D93261F8E	64000	----a-w-	C:\Windows\System32\auditpol.exe
2016-05-12 11:59:42	0ED7981D7FFB58AF23E85289F6104B0D	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2016-05-12 11:59:37	3118CEC6B028A1E49494AE6A718A511E	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2016-05-12 11:59:37	19EB808A230C127B3EE88FA65FF2339D	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2016-05-12 11:59:37	15F5D29C86B530753F03B1625D151B16	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2016-05-10 20:48:40	E8B364111F317A60DF073826E628FF6F	92824	----atw-	C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe
2016-05-10 20:48:40	54D932590CEAB260ADC4FF79797B21D9	92824	----atw-	C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateWebPlugin.exe
2016-05-10 20:48:40	108CB30A5B4C5247E414A3086458FCFC	92824	----atw-	C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateBroker.exe
2016-05-10 20:48:39	5AB2C2DBC3108A2F7275A2F232FA8036	987040	----a-w-	C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateSetup.exe
2016-05-10 20:48:32	13FF5C375BD0C702EA1252E79592692F	135832	----atw-	C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateComRegisterShell64.exe
2016-05-10 20:48:31	A425CDCEB9D26E9A5ABAFA259799D447	312472	----atw-	C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
2016-05-10 20:48:31	56FE3C885B0901601549E23E7A435984	250008	----atw-	C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
2016-05-10 20:48:30	50FCC5C822A6B4FC6F377EE9F9F37C7B	152216	----atw-	C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdate.exe
2016-05-10 20:48:27	5AB2C2DBC3108A2F7275A2F232FA8036	987040	----a-w-	C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.30.3\GoogleUpdateSetup.exe
=== C: other files ==
2016-05-12 12:05:41	7DA8DE6CCB885424ABFC7514BD153BED	3217408	----a-w-	C:\Windows\System32\win32k.sys
2016-05-12 12:05:26	4371705697BBB2CAA7C7523058109CE9	264936	----a-w-	C:\Windows\System32\drivers\dxgmms1.sys
2016-05-12 12:05:26	3A9D7D464BDB3B70D7ECF689ADABBD4D	986344	----a-w-	C:\Windows\System32\drivers\dxgkrnl.sys
2016-05-12 11:59:52	C08CCCE2BE68D04E6C142614736959DA	154344	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2016-05-12 11:59:51	0878723427BA190E5ABA5AA0112FA4D4	95464	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2016-05-12 11:59:51	035C0A9A63DF3F3A52B90D8F6BF0F166	159744	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys
2016-05-12 11:59:49	8308FC2E9147D7632221E3279BB14660	291328	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2016-05-12 11:59:46	1F8DA4ECAEA7E2BCD97E738795817431	129536	----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys
2016-05-12 11:59:45	6474F8823C7188D2DA579F01FB6CED6B	62464	----a-w-	C:\Windows\System32\drivers\appid.sys
2016-05-12 10:54:23	DE7D2DEDE9C9D5219AA439172BA8D21C	181640	----a-w-	C:\Windows\System32\drivers\klflt.sys
2016-05-12 10:54:23	16E6DEF683D0EFAC8EED0D0FF4FE00DD	934808	----a-w-	C:\Windows\System32\drivers\klif.sys
2016-05-12 10:54:22	C62B714428FD30DD7B3115566C3F470B	227000	----a-w-	C:\Windows\System32\drivers\klhk.sys
2016-05-12 06:56:32	71A68E871592E4E23218857A12B53122	6862973	----a-w-	C:\Users\Etienne\AppData\Local\Temp\sdkclient_1.0.0.510.zip

==== Orphaned Tasks deleted from Registry ======================

0316aviUpdateInfo deleted

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2181814048-3153119955-3185687226-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2181814048-3153119955-3185687226-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Etienne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Etienne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe                                                                                                                                                                                                               "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Etienne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Etienne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"VX3000"="C:\Windows\vVX3000.exe                                                                                                                                                                                                                                                   "
"OODefragTray"="C:\Program Files\OO Software\Defrag\oodtray.exe                                                                                                                                                                                                                          "

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"HP Software Update"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\Nero\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LifeCam]
"item"="LifeCam"
"command"="\"C:\\Program Files (x86)\\Microsoft LifeCam\\LifeExp.exe\""
"hkey"="HKLM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBKeyScan]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBKeyScan"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OODefragTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OODefragTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\OO Software\\Defrag\\oodtray.exe"


==== Startup Folders ======================

2015-09-23 17:47:42	1325	----a-w-	C:\Users\Etienne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
2015-08-29 06:28:46	2110	---ha-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25/12/2015 09:29]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25/12/2015 09:29]
C:\Windows\tasks\HP Photo Creations Communicator.job --a------ C:\Users\Etienne\AppData\Roaming\HP Photo Creations\Communicator.exe [17/04/2016 19:09]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\0" [c:\program files\internet explorer\iexplore.exe]
"C:\Windows\SysNative\tasks\4893" [wscript.exe C:\Users\Etienne\AppData\Local\Temp\launchie.vbs //B]
"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AVGPCTuneUp_Task_BkGndMaintenance" [C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HP Photo Creations Communicator" [C:\Users\Etienne\AppData\Roaming\HP Photo Creations\Communicator.exe]
"C:\Windows\SysNative\tasks\Java Platform SE Auto Updater" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe]
"C:\Windows\SysNative\tasks\{B1296141-B55E-449E-93DF-E67C4E137117}" [E:\sca6471nl.exe]
"C:\Windows\SysNative\tasks\{D27C8736-2F3F-4BBB-B36F-51317BAF43FD}" [E:\sca6471nl.exe]
"C:\Windows\SysNative\tasks\{D8C2AF10-3190-4A55-A2D9-41342F160D2D}" [E:\sca6471nl.exe]
"C:\Windows\SysNative\tasks\{E302E54E-8D74-422B-845A-5F29654ABBC5}" [E:\sca6471nl.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]
"C:\Windows\SysNative\tasks\Nero\Nero Info" [C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\eohmsyhn.default-1421871090958
user_pref("browser.startup.homepage", "http://google.be/");
user_pref("browser.newtab.url", "http://google.be/");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox" [12/05/2016 13:43]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [23/03/2015 11:48]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\extensions\belgiumeid@eid.belgium.be

==== Firefox Plugins ======================

Profilepath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\eohmsyhn.default-1421871090958
CAF78E18A9E1380A0A38065B3B1210E0	- C:\Users\Etienne\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll -	VASCO Card Reader Plugin
1CDD28B47D8198F868349BDFBCD1281B	- C:\Users\Etienne\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll -	VASCO Card Reader Plugin


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Etienne\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Etienne\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eahebamiopdhefndnmappcihfajigkka - https://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 19:22]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bmkckgpgekmanipelfidlhmkfcjicion - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.be/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.be/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
HKCU\SearchScopes\{1B48F8A7-58DB-4A5D-A5CD-8C77CDBC9BCB} - https://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{27D98CE5-8D54-4FD5-B7F4-713A78F341ED} - https://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{67BF44C5-A1E4-4098-9468-98911BA9CC45} - http://www.google.be/search?hl=nl&q={searchTerms}&sourceid=ie8&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
HKCU\SearchScopes\{6C99B623-6B86-44F7-ACCE-1EB9F0125653} - https://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{C786835B-A04C-47C3-8493-8AB32847190A} - https://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{CE415EED-F50C-499C-8A7A-508018E5BCA2} - https://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{D4A69A4E-B2E0-4614-963F-6012331A89C2} - https://www.google.com/search?q={searchTerms}

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Etienne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Etienne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1991 folders=651 1396111635 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Etienne\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Etienne\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\PrivaZer\PrivaMenu5.dll"  not found
"C:\PROGRA~2\PrivaZer"  not found

==== EOF on zo 15/05/2016 at 11:58:05,12 ======================