Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by PATRICK on vr 02/05/2014 at 15:41:08,10. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\PATRICK\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 2/05/2014 15:43:05 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\CyberLink deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\PROGRA~2\InstallMate deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\PROGRA~2\Soulseek deleted successfully C:\PROGRA~2\xml_param deleted successfully C:\Users\PATRICK\AppData\Roaming\GrabPro deleted successfully C:\Users\PATRICK\AppData\Roaming\QuickScan deleted successfully C:\Users\PATRICK\AppData\Roaming\WinRAR deleted successfully C:\Users\PATRICK\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully C:\Users\PATRICK\AppData\Local\DriverTuner deleted successfully C:\Users\PATRICK\AppData\Local\DrmRemoval deleted successfully C:\Users\PATRICK\AppData\Local\PowerCinema deleted successfully C:\Users\PATRICK\AppData\Local\Unity deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully HKEY_USERS\S-1-5-21-3164143196-3406545315-2534804384-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully HKEY_USERS\S-1-5-21-3164143196-3406545315-2534804384-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully HKEY_USERS\S-1-5-21-3164143196-3406545315-2534804384-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully HKEY_CLASSES_ROOT\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully HKEY_CLASSES_ROOT\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}] ==== Deleting Files \ Folders ====================== C:\Program Files\Orbitdownloader deleted C:\Windows\system32\appdata deleted C:\Program Files\Common Files\Wondershare deleted C:\Users\PATRICK\AppData\Local\Wondershare deleted C:\Windows\wininit.ini deleted "C:\Users\PATRICK\AppData\Roaming\chrtmp" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\PATRICK\AppData\Local\Temp ==== ====== Java Cache ===== 2014-04-20 07:47:18 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\PATRICK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-65c23820 2014-04-20 07:47:11 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\PATRICK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-7bd26de2 2014-04-20 07:47:11 9E5E91FDEA2E9E712C4A7EC26A766842 425 ----a-w- C:\Users\PATRICK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2014-05-02 13:37:06 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\PATRICK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-4eb4435b 2014-04-20 07:47:11 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\PATRICK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-5426a428 ====== C:\Windows\system32 ===== 2014-05-02 13:36:21 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\System32\javaws.exe 2014-05-02 13:35:59 B42338F92D3BDADA79B6BE553E72587C 94632 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2014-05-02 13:35:59 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\System32\java.exe 2014-05-02 13:35:59 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-05-02 08:13:49 DCAA40C2C9F8EE14BAEA773576C26766 12347392 ----a-w- C:\Windows\System32\mshtml.dll 2014-05-02 08:13:49 878F0E1D75D45E91B9CC22152DD614FA 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2014-05-01 08:31:19 FD7702A695CFF415B57E65275262FACA 3728552 ----a-w- C:\Windows\System32\FNTCACHE.DAT ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-05-02 13:35:32 -------- d-----w- C:\Program Files\Java 2014-05-02 08:01:39 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\PATRICK\AppData\Roaming ====== 2014-05-02 09:46:52 8A4F6B4FA0F445EBF1588AE8B0E493E1 100432 ----a-w- C:\Users\PATRICK\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-20 17:20:58 -------- d-----w- C:\Users\PATRICK\AppData\Local\Apps 2014-04-20 17:20:57 -------- d-----w- C:\Users\PATRICK\AppData\Local\Deployment ====== C:\Users\PATRICK ====== 2014-05-02 13:20:43 92DF65EF28BD86A2EA4506310A76F9ED 921512 ----a-w- C:\Users\PATRICK\Downloads\JavaSetup7u55.exe 2014-05-02 08:00:57 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\PATRICK\Downloads\RSIT.exe 2014-04-20 07:38:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ====== C: exe-files == 2014-05-02 13:36:21 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\System32\javaws.exe 2014-05-02 13:35:59 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\System32\java.exe 2014-05-02 13:35:59 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-05-02 13:35:44 FB67D8F555AA8E847DC6D7BFFF69C1C1 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe 2014-05-02 13:35:44 E788AC8198E99F9DA268A35719462DEF 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe 2014-05-02 13:35:44 CA8C3C3510377A38A0FD0386B1C8700D 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe 2014-05-02 13:35:44 C38B939945B2357D56B105C8F8FE7C45 52648 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe 2014-05-02 13:35:44 B863FBED45DA51498B42DEAE76006D94 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe 2014-05-02 13:35:44 B1CE4931FCA0E9D6493F18440A492472 49576 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe 2014-05-02 13:35:44 829199AE07062FE066CCD037190B4D04 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe 2014-05-02 13:35:44 77430E8234A0050ECCC5E2F5B30A7BEF 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe 2014-05-02 13:35:44 7151FDB921CC188833E69690E969616A 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe 2014-05-02 13:35:44 67E721D8CA3F26695C2836870FF395E0 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe 2014-05-02 13:35:44 5F32AD07982BE93452A755CE94F130BA 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe 2014-05-02 13:35:44 3DAA029309C13F0A8DFB839372A3E8D3 16296 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe 2014-05-02 13:35:44 3B8C2991462B84868BB04C67E197CFC1 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe 2014-05-02 13:35:44 21190A2C683911E97E6484632F0A11AF 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe 2014-05-02 13:35:44 0F298580559EE0929C572CFEB99B5AAA 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe 2014-05-02 13:35:43 FBC892A1196A03F695F112A5EDE032DC 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe 2014-05-02 13:35:43 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Program Files\Java\jre7\bin\java.exe 2014-05-02 13:35:43 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe 2014-05-02 13:35:43 58B60ED489B1EDFA2BCDCAAF90B5EDD8 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe 2014-05-02 13:35:43 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe 2014-05-02 13:35:43 00F5108D91D768CA9D4ABC5E5053F50F 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe 2014-05-02 13:34:11 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\PATRICK\AppData\LocalLow\Sun\Java\jre1.7.0_55\lzma.exe 2014-05-02 13:34:11 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Documents and Settings\PATRICK\AppData\LocalLow\Sun\Java\jre1.7.0_55\lzma.exe 2014-05-02 13:20:43 92DF65EF28BD86A2EA4506310A76F9ED 921512 ----a-w- C:\Users\PATRICK\Downloads\JavaSetup7u55.exe 2014-05-02 13:20:43 92DF65EF28BD86A2EA4506310A76F9ED 921512 ----a-w- C:\Documents and Settings\PATRICK\Downloads\JavaSetup7u55.exe 2014-05-02 10:08:14 C3C822A5AA7647C6AC9D93CE08E2959B 340480 ----a-w- C:\Users\PATRICK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZRN19G14\SUPERAntiSpyware Professional 5.7.1018 LIFETIME LICENSE Portable Full Version__7787_il975546[1].exe 2014-05-02 10:08:14 C3C822A5AA7647C6AC9D93CE08E2959B 340480 ----a-w- C:\Documents and Settings\PATRICK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZRN19G14\SUPERAntiSpyware Professional 5.7.1018 LIFETIME LICENSE Portable Full Version__7787_il975546[1].exe 2014-05-02 08:01:40 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\PATRICK.exe 2014-05-02 08:00:57 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\PATRICK\Downloads\RSIT.exe 2014-05-02 08:00:57 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\PATRICK\Downloads\RSIT.exe === C: other files == 2014-05-02 13:35:44 D95F1D4129F0CB2F7626CDCBAC2F512B 18636 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-3164143196-3406545315-2534804384-1002\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" "NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" "AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin" "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CardReaderMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CardReaderMonitor" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek Semiconductor Corp.\\Realtek Card Reader Monitor\\CardReaderMonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Tray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EaseUs Tray" "hkey"="HKLM" "command"="\"C:\\Program Files\\EaseUS\\Todo Backup\\bin\\TrayNotify.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Watch] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EaseUs Watch" "hkey"="HKLM" "command"="\"C:\\Program Files\\EaseUS\\Todo Backup\\bin\\EuWatch.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InstallerLauncher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="InstallerLauncher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Bitdefender\\SetupInformation\\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\\setuplauncher.exe\" /run:\"C:\\Program Files\\Common Files\\Bitdefender\\SetupInformation\\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\\Installer.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSPService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSPService" "hkey"="HKLM" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBKeyScan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NBKeyScan" "hkey"="HKLM" "command"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroFilterCheck" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\pdiface] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="pdiface" "hkey"="HKCU" "command"="C:\\Program Files\\Bitdefender\\60-Second Virus Scanner\\pdiface.exe -noshow" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmpcSys] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SmpcSys" "hkey"="HKCU" "command"="C:\\Program Files\\Packard Bell\\SetUpMyPC\\SmpSys.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\toolbar_eula_launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="toolbar_eula_launcher" "hkey"="HKLM" "command"="C:\\Program Files\\Packard Bell\\GOOGLE_EULA\\EULALauncher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wondershare Helper Compact.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Wondershare Helper Compact.exe" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21/02/2012 15:10] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21/02/2012 15:10] C:\Windows\tasks\Recovery DVD Creator.job --a------ C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe [21/11/2006 18:34] C:\Windows\tasks\Uitgebreide garantie.job --a------ C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [21/11/2006 18:38] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\0" [c:\program files\internet explorer\iexplore.exe] "C:\Windows\system32\tasks\4707" [wscript.exe C:\Users\PATRICK\AppData\Local\Temp\launchie.vbs //B] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Java Update Scheduler" [C:\Program Files\Common Files\Java\Java Update\jusched.exe] "C:\Windows\system32\tasks\Recovery DVD Creator" [C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe] "C:\Windows\system32\tasks\Uitgebreide garantie" [C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{B3E2DA03-D709-44E4-9F8A-8486EBFA52F8}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [17/06/2012 15:25] ==== Firefox Extensions ====================== ProfilePath: C:\Users\PATRICK\AppData\Roaming\Songbird2\Profiles\up2l9nbv.default - Undetermined - C:\Program Files\Songbird\extensions\albumart@songbirdnest.com - Undetermined - C:\Program Files\Songbird\extensions\gonzo@songbirdnest.com - Undetermined - C:\Program Files\Songbird\extensions\purplerain@songbirdnest.com - Suporte cpia de CDs - %ProfilePath%\extensions\cd-rip@songbirdnest.com - Dutch nl Language Pack - %ProfilePath%\extensions\langpack-nl@songbirdnest.com AppDir: C:\Program Files\Mozilla Firefox - Google Toolbar for Firefox - %AppDir%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} ==== Firefox Plugins ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.deredactie.be/cm/vrtnieuws" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.deredactie.be/cm/vrtnieuws" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully HKEY_USERS\S-1-5-21-3164143196-3406545315-2534804384-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully HKEY_USERS\S-1-5-21-3164143196-3406545315-2534804384-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3164143196-3406545315-2534804384-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallerLauncher deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPService deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdiface deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\PATRICK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\PATRICK\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\PATRICK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=161 folders=31 87626055 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\PATRICK\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\PATRICK\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\PATRICK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on vr 02/05/2014 at 16:06:28,91 ======================