
Zoek.exe v5.0.0.0 Updated 13-July-2014
Tool run by Brecht1 on ma 14-07-2014 at 11:50:20,66.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Brecht1\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-02-06-142755.log	21101 bytes
C:\zoek-results2014-02-06-163913.log	848 bytes
C:\zoek-results2014-02-08-071002.log	12665 bytes
C:\zoek-results2014-02-12-065011.log	5379 bytes
C:\zoek-results2014-02-13-074815.log	687 bytes
C:\zoek-results2014-04-15-171724.log	35836 bytes
C:\zoek-results2014-04-16-083445.log	4602 bytes
C:\zoek-results2014-04-23-182026.log	2033 bytes
C:\zoek-results2014-06-30-154839.log	34139 bytes
C:\zoek-results2014-07-07-075442.log	6087 bytes
C:\zoek-results2014-07-10-192603.log	38058 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginServices deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Brecht1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_14-07-2014_1216_.backup

ProfilePath: C:\Users\Brecht1\AppData\Roaming\Mozilla\Firefox\Profiles\j9aytboh.default

user.js not found
---- Lines Sweet removed from prefs.js ----
user_pref("browser.newtab.url", "http://www.sweet-page.com/newtab/?type=nt&ts=1405150604&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9ACB25414");
user_pref("browser.search.defaultenginename", "sweet-page");
user_pref("browser.search.selectedEngine", "sweet-page");
user_pref("browser.startup.homepage", "http://www.sweet-page.com/?type=hp&ts=1405150604&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9ACB25414");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ---- 

prefs_14-07-2014_1216_.backup

==== Deleting Files \ Folders ======================

C:\Users\Brecht1\AppData\Roaming\Mozilla\Firefox\Profiles\j9aytboh.default\extensions\faststartff@gmail.com deleted
C:\Users\Brecht1\AppData\Roaming\sweet-page deleted
C:\zoek_backup deleted
C:\PROGRA~3\IePluginServices deleted
C:\Users\Brecht1\Searches deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\sweet-page.xml" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Brecht1\AppData\Local\Temp ====
2014-07-14 08:02:17	5634C601025C31032A0AF1590B4C0CA6	43008	----a-w-	C:\Users\Brecht1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppxlts8.dll
2014-07-12 07:36:27	F9ADE4A40D716E0D3DAACBD21CAA2C96	392619	----a-w-	C:\Users\Brecht1\AppData\Local\Temp\is386526232\6D4F2CF6_stp.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-07-09 06:49:11	7DFD71542F9A7E819DDD241918EFDEEC	1408976	----a-w-	C:\Windows\SysWOW64\ntdll.dll
2014-07-09 06:49:10	1FBAD711A0CB737E52EA9C129FE8AB57	566784	----a-w-	C:\Windows\SysWOW64\WSShared.dll
2014-07-09 06:49:09	1E19A295164B72CF06EE70D9DE5C48E1	106496	----a-w-	C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 06:49:03	A30A616F4026FD52E519EA401DE0C2FC	1440256	----a-w-	C:\Windows\SysWOW64\osk.exe
2014-07-09 06:48:44	A6F3DB155D86513C142C4CC8A0E7B6C0	452608	----a-w-	C:\Windows\SysWOW64\SHCore.dll
2014-07-09 06:47:49	8795FB612463119D7560EBA9C7F8784D	14368768	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2014-07-09 06:47:30	49E69D3C71522F14E88361139C96C4A7	226816	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 06:47:29	A3FB2F617F15586B66A6E0ACF3A380FE	13732352	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2014-07-09 06:47:27	D143C6B9624E29E0AA1D682C9A678C95	2863616	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2014-07-09 06:47:27	43E4E8F5AFDD1A5E0D269D1DE5C717EB	2051072	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2014-07-09 06:47:25	61B1C74ED24F2CD5D1B0C20AC51492F6	1141760	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2014-07-09 06:47:25	27631A4D65AB1FA5718EBBFED05B7815	1766400	----a-w-	C:\Windows\SysWOW64\wininet.dll
2014-07-09 06:47:22	1B91409DA29A30D899D257BCF86FD5B3	357888	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 06:47:21	D97646D8E83B5AA8198182449C7FDCBF	226816	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 06:47:21	841997B03FC48A0713247837563EF1D6	493056	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 06:47:21	45E1DA8EF50FB8E5227CE8423EA43055	690688	----a-w-	C:\Windows\SysWOW64\jscript.dll
2014-07-09 06:47:21	2ECF28B5EE03B12FAB7DFA680178B0BC	1440768	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 06:47:20	5FE1032BC879A8F39EA6F90FDD8DD838	163840	----a-w-	C:\Windows\SysWOW64\msrating.dll
2014-07-09 06:47:20	4A09112A94AC63DA93FF17F1E76DFA68	80896	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 06:47:20	26582E103FD52094FC5ECA619BDE93FF	109056	----a-w-	C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 06:47:19	9A598E8923FBF88DF356D6A523D56FA0	44032	----a-w-	C:\Windows\SysWOW64\UXInit.dll
2014-07-09 06:47:18	1DB8DD378F5851CFC0D699A4B5EBA559	33280	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2014-07-09 06:47:17	EFFC098B09760FFEEAE1C10533D74017	39936	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 06:47:17	71A5B696671E2CC42376FF1ED9575C37	61440	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2014-07-09 06:47:17	2347AFDAF9DA06C99091227C93B884CC	534528	----a-w-	C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 06:47:16	6D4A861C832CD598DE1267939CCEB154	2706432	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 06:46:46	1F3780A663053B4CAF108C3524E8CD40	497152	----a-w-	C:\Windows\SysWOW64\qedit.dll
2014-07-07 07:20:36	CEE4C9E092168CEBD187491AF6FDA8FB	264616	----a-w-	C:\Windows\SysWOW64\javaws.exe
2014-07-07 07:20:25	ECB3AB701D6E26F5E54C58957E34E719	175528	----a-w-	C:\Windows\SysWOW64\javaw.exe
2014-07-07 07:20:25	8C7C6D494D86307CDCF63E0478767C16	98216	----a-w-	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-07 07:20:25	2251971694E17BAC4E344DC2B7CD7ADD	175528	----a-w-	C:\Windows\SysWOW64\java.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-07-11 12:58:59	804337C2738A04B56A328EAAB4363F70	346976	----a-w-	C:\Windows\Sysnative\FNTCACHE.DAT
2014-07-09 06:49:13	9D87936649E3C7A4B319E6EE87D4280D	6974808	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2014-07-09 06:49:12	394B19F39139615C834E50265B544F23	1023488	----a-w-	C:\Windows\Sysnative\localspl.dll
2014-07-09 06:49:12	079051626A554ED91B75F5CEBF99AEF5	1824808	----a-w-	C:\Windows\Sysnative\ntdll.dll
2014-07-09 06:49:11	FE2BC9B69A0221B3A6C2726DF91127A1	693760	----a-w-	C:\Windows\Sysnative\WSShared.dll
2014-07-09 06:49:10	6B746A9668DB35E67518B658D4092FCB	126464	----a-w-	C:\Windows\Sysnative\Robocopy.exe
2014-07-09 06:49:04	3B3BCB93ACAC16C8BAB1F0CBBFADDC05	4038144	----a-w-	C:\Windows\Sysnative\win32k.sys
2014-07-09 06:49:03	462E0B687C91D7366854C2F6BFB00E58	1557504	----a-w-	C:\Windows\Sysnative\osk.exe
2014-07-09 06:48:57	962025110A396E6D7790DA2CD4D8D424	265216	----a-w-	C:\Windows\Sysnative\InkEd.dll
2014-07-09 06:48:49	B4D60F193E7088A5020A9BFDAF0A8488	1281536	----a-w-	C:\Windows\Sysnative\lsasrv.dll
2014-07-09 06:48:45	863C8A0F3F90E0E8D715AE9AB46FAC3B	588288	----a-w-	C:\Windows\Sysnative\SHCore.dll
2014-07-09 06:48:44	1DC9B701F8EB7D67774035AC9C3104F6	439808	----a-w-	C:\Windows\Sysnative\lsm.dll
2014-07-09 06:48:18	C11C1BDBDE9ABD55717EDBC3842691D8	394240	----a-w-	C:\Windows\Sysnative\devinv.dll
2014-07-09 06:48:18	4D7AC68CB6BF3EB476842F225F02D256	702464	----a-w-	C:\Windows\Sysnative\aepdu.dll
2014-07-09 06:48:17	410DD3FB1F579E79EB9AAAF66364B837	556544	----a-w-	C:\Windows\Sysnative\aeinv.dll
2014-07-09 06:48:17	1A7AE6987B1D6AE17E03FD0862F8BD40	87552	----a-w-	C:\Windows\Sysnative\aepic.dll
2014-07-09 06:47:44	0DF61F84BC5542FFDA2F64D6697358E1	19277312	----a-w-	C:\Windows\Sysnative\mshtml.dll
2014-07-09 06:47:33	B56946EED9F6571EE1DB2A7FF6C0E47C	15369728	----a-w-	C:\Windows\Sysnative\ieframe.dll
2014-07-09 06:47:31	B07200A237E54AC9D453DE3661FF31C4	3959296	----a-w-	C:\Windows\Sysnative\jscript9.dll
2014-07-09 06:47:30	DAF42D53210C8FEC9087AD1E44C67854	255488	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2014-07-09 06:47:28	3A691F30BB012EE0A4CC3E74BAFF1D66	2650624	----a-w-	C:\Windows\Sysnative\iertutil.dll
2014-07-09 06:47:26	CE6BBFFF2FEB9E43C58350AA506EDAB1	1366528	----a-w-	C:\Windows\Sysnative\urlmon.dll
2014-07-09 06:47:26	27E552632E6394DE0FA555EFDBA29A49	2239488	----a-w-	C:\Windows\Sysnative\wininet.dll
2014-07-09 06:47:25	FC66C25C9060E0681A4ABCB96EC26A4F	855552	----a-w-	C:\Windows\Sysnative\jscript.dll
2014-07-09 06:47:25	E40183B5A2DC1C5761AE51E34312ACA5	452096	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2014-07-09 06:47:24	74869FE2697E4A881B7C8C9F615F1204	1508864	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2014-07-09 06:47:22	CD2974BD1BB6551260AAB3D4D04BECD5	603136	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2014-07-09 06:47:22	91FC6F95B04FD48DC6EBB99AE218D21B	281600	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2014-07-09 06:47:21	C0B6B7F1A1DFE1D6BC9C708AC221C82C	915968	----a-w-	C:\Windows\Sysnative\uxtheme.dll
2014-07-09 06:47:21	5A000C8F02B22EF8F99F6D988A7A0444	97792	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2014-07-09 06:47:20	F43351A68833FC80135A394A656F4F4B	136704	----a-w-	C:\Windows\Sysnative\iesysprep.dll
2014-07-09 06:47:20	CAB7A75725D29A63F464996A9FA2752E	51712	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2014-07-09 06:47:19	9046B20273767138A1A0CFABD005DFF0	39936	----a-w-	C:\Windows\Sysnative\iernonce.dll
2014-07-09 06:47:19	200E468E3E83481DE4C08CB786DB19FC	197120	----a-w-	C:\Windows\Sysnative\msrating.dll
2014-07-09 06:47:18	10E1EC58E8B8BCD14DA36AAB8647009F	53760	----a-w-	C:\Windows\Sysnative\UXInit.dll
2014-07-09 06:47:17	A6B7A11B37C1BF854D9AC43CFE215A22	67072	----a-w-	C:\Windows\Sysnative\iesetup.dll
2014-07-09 06:47:17	9489C3323D2BCFB3AF60475CCDA66B1A	53760	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2014-07-09 06:47:16	239293442AE3873D253BFEE72AD01874	2706432	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2014-07-09 06:46:46	47C22FAAC1EC02467790C79B8DB6FCCB	596480	----a-w-	C:\Windows\Sysnative\qedit.dll
====== C:\Windows\Sysnative\drivers =====
2014-07-09 06:49:11	3865C4E388B31940C8BB9F73D9738E93	71168	----a-w-	C:\Windows\Sysnative\drivers\hdaudbus.sys
2014-07-09 06:46:59	FE7FB9612D354EB41DF4F0FF5D6FB259	576512	----a-w-	C:\Windows\Sysnative\drivers\afd.sys
2014-06-17 15:05:39	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-07-12 07:38:02	--------	d-----w-	C:\Program Files\SMPlayer
======= C:\PROGRA~2 =====
2014-07-07 07:20:41	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\Brecht1\AppData\Roaming ======
2014-07-11 12:44:44	--------	d-----w-	C:\Users\Brecht1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-11 12:36:10	--------	d-----w-	C:\Users\Brecht1\AppData\Locallow\Apple Computer
2014-07-10 19:21:44	--------	d-----w-	C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-07-10 19:21:44	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-07-10 19:21:44	--------	d-----w-	C:\Users\UpdatusUser\AppData\Local\Temp
2014-07-10 19:21:44	--------	d-----w-	C:\Users\postgres\AppData\Local\Temp
2014-07-10 19:21:44	--------	d-----w-	C:\Users\Default\AppData\Local\Temp
2014-07-10 19:21:44	--------	d-----w-	C:\Users\Default User\AppData\Local\Temp
2014-07-10 19:21:43	--------	d-----w-	C:\Users\Brecht1\AppData\Local\Temp
====== C:\Users\Brecht1 ======
2014-07-12 07:38:06	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer
2014-07-12 07:37:01	--------	d-----w-	C:\ProgramData\WindowsMangerProtect
2014-07-12 07:36:34	93037868F16A008161C231960E9778C8	21715053	----a-w-	C:\Users\Brecht1\Downloads\smplayer-14.3.0-x64 [1].exe
2014-07-12 07:35:22	35663EDEB16ADF10E8D85AA1253E53F9	741256	----a-w-	C:\Users\Brecht1\Downloads\smplayer-14.3.0-x64.exe
2014-07-11 12:35:25	--------	d-----w-	C:\ProgramData\Apple Computer
2014-07-07 07:20:55	--------	d-----w-	C:\ProgramData\Oracle
2014-07-07 07:20:25	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-02 17:44:19	21EF78069109840629939E82BB31BDD0	11858	----a-w-	C:\Users\Brecht1\Inlichtingsfiche NDL.xlsx
2014-06-17 18:31:26	4237440B7119B2E6861DCDD6839C270E	423757	----a-w-	C:\Users\Brecht1\www.natuurpunt.be_uploads_denatuurin_plannetjes_plan_dommeldal_ekselpeer.pdf
2014-06-17 18:27:41	921FAE73D7933676B62AF220A5BC91DF	755357	----a-w-	C:\Users\Brecht1\www.natuurpunt.be_uploads_denatuurin_plannetjes_wandelplan_rammelaars__ham_2010.pdf

====== C: exe-files ==
2014-07-12 07:38:26	CFEE2454A41ED231EBEEBE9B39EC6EAF	282175	----a-w-	C:\Program Files\SMPlayer\uninst.exe
2014-07-11 09:20:41	94771DAF36699740FF2F554E9E6EAC81	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$IZYXRWT.exe
2014-07-11 09:20:41	3F3A31F073153971FB8DBF076CB16202	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$ILBBYGW.exe
2014-07-11 09:20:11	BA5F51BD314ABD4DB1598850F968AEA3	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$IWXC0A6.exe
2014-07-10 10:58:05	1506B836D9D26D1D2212965906692FDD	254784	----a-w-	C:\Program Files (x86)\PokerStars.BE\br\PokerStarsBr.exe
2014-07-10 10:58:04	D83D22EFC9837B61AA4408073263CC7F	11651904	----a-w-	C:\Program Files (x86)\PokerStars.BE\backup\PokerStars.exe
2014-07-09 06:49:03	3627331CB17CAD13004EE9F9B2AEB457	394624	----a-w-	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2014-07-09 06:47:24	F37633EA6056B7F7DE685FB7F6DFB1FC	770704	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-07-09 06:47:24	B606732D1F1948DF9CE9E30517E17268	775320	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2014-07-09 06:47:20	906DD419A6F121F971602CFF4A27B8BC	484352	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2014-07-09 06:47:20	8597633E306B3793FB353C02DBFBE52F	469504	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
=== C: other files ==
2014-07-13 15:58:37	0D75D56C72352BEF62DDD4BF34071ADA	16853	----a-w-	C:\Users\Brecht1\Downloads\Ondertitel.com-122-24.S09E09.HDTV-LOL.zip
2014-07-11 09:20:41	ECF1AE27482652BCF4E3E5CAC5E8EE11	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$IEYE5YR.zip
2014-07-11 09:20:41	CE69E84113CECFB8C357F8515CBE58BB	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$IIBRGDI.zip
2014-07-11 09:20:41	9C2F6D4FBF2A0DEF3D5EFFC3B914AD5B	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$IXT5OJA.zip
2014-07-11 09:20:11	4B0A814D73C70895C55F7A8191C01D82	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$I8PVZ79.zip
2014-07-11 09:18:57	ED3844F966CCB085E2EC89BD9EA20362	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$IL8CEK7.zip
2014-07-11 09:18:57	ACA20EE6EA414E7904A9309ABFDD4F49	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$I8THWOH.zip
2014-07-11 09:18:57	91E618EA1933BA5B44EE6CAC9C744544	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$I27LNTA.zip
2014-07-11 09:18:57	494B9D9EAACC9F5B0F78B214B1F2AE8C	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$IS2IKK1.zip
2014-07-11 09:18:57	3F5C723A5EC8A7D1B5ECEF0B8AF6B941	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$I42K9XH.zip
2014-07-11 09:18:57	11F358368F51F9574E16DF53F75D7286	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$IJUOD81.zip
2014-07-11 09:18:57	0F877946FDD8B394A1552D8BDC6ED635	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$IS1FM2T.zip
2014-07-11 08:59:52	8B78446DD8CF7A6C2F5422297411C5D6	16531	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$R8PVZ79.zip
2014-07-10 17:49:18	DE651E9A2B1E4F7CB802DBF279B7E5A8	16958	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$R27LNTA.zip
2014-07-10 17:04:54	C73A6997CF74FA840BB127885B8EED2B	17786	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$R42K9XH.zip
2014-07-10 11:00:27	79D4DFA35010502C462F951ED9A50B0E	17786	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$RJUOD81.zip
2014-07-09 18:48:51	B5773C6911B23600DBA81CB84DF379FE	15935	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$RL8CEK7.zip
2014-07-09 17:57:04	A5D2507A4E7EA3C61F0865A58DBE9AA7	16964	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$R8THWOH.zip
2014-07-09 13:45:38	23A41C38892CE1D3059754611CF5E446	14259	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$RS1FM2T.zip
2014-07-09 13:44:46	292EC4F99D7E77F623106658710F0FF4	81675	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2444422138-2622892493-4117670433-1002\$RS2IKK1.zip
2014-07-09 06:49:11	3865C4E388B31940C8BB9F73D9738E93	71168	----a-w-	C:\Windows\System32\Drivers\hdaudbus.sys
2014-07-09 06:49:04	3B3BCB93ACAC16C8BAB1F0CBBFADDC05	4038144	----a-w-	C:\Windows\System32\win32k.sys
2014-07-09 06:46:59	FE7FB9612D354EB41DF4F0FF5D6FB259	576512	----a-w-	C:\Windows\System32\Drivers\afd.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2444422138-2622892493-4117670433-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="C:\Users\Brecht1\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN"
"ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\qttask.exe -atboottime"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="C:\Users\Brecht1\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe "

==== Startup Folders ======================

2014-05-21 16:17:33	1053	----a-w-	C:\Users\Brecht1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09-07-2014 08:36]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2444422138-2622892493-4117670433-1002Core.job --a-------- C:\Users\Brecht1\AppData\Local\Facebook\Update\FacebookUpdate.exe [23-11-2013 17:35]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2444422138-2622892493-4117670433-1002UA.job --a-------- C:\Users\Brecht1\AppData\Local\Facebook\Update\FacebookUpdate.exe [23-11-2013 17:35]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-03-2013 12:19]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-03-2013 12:19]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]
"C:\Windows\SysNative\tasks\Dolby Selector" [C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2444422138-2622892493-4117670433-1002Core" [C:\Users\Brecht1\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2444422138-2622892493-4117670433-1002UA" [C:\Users\Brecht1\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"faststartff@gmail.com"="C:\Users\Brecht1\AppData\Roaming\Mozilla\Firefox\Profiles\j9aytboh.default\extensions\faststartff@gmail.com" []

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Brecht1\AppData\Roaming\Mozilla\Firefox\Profiles\j9aytboh.default
4390CCD3790F8D9C427C0C29590C62D7	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll -	Shockwave Flash
FF0D6F82A0EC13952E83B9439100E45D	- C:\Users\Brecht1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -	Facebook Video Calling Plugin


==== Chrome Look ======================

Google Docs - Brecht1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Brecht1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Brecht1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
FoxTrick - Brecht1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfbbngccefbbndginomofgpagkjckik
Google Search - Brecht1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Brecht1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Brecht1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Brecht1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Brecht1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vlc-media-player.nl.softonic.com_0.localstorage deleted successfully
C:\Users\Brecht1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vlc-media-player.nl.softonic.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.sweet-page.com/?type=hp&ts=1405150604&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9ACB25414"
"Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1405150604&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9ACB25414"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.sweet-page.com/web/?type=ds&ts=1405150604&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9ACB25414&q={searchTerms}"
"Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1405150604&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9ACB25414"
"Start Page"="http://www.sweet-page.com/?type=hp&ts=1405150604&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9ACB25414"
"Search Page"="http://www.sweet-page.com/web/?type=ds&ts=1405150604&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9ACB25414&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.sweet-page.com/web/?type=ds&ts=1405150604&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9ACB25414&q={searchTerms}"
"Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1405150604&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9ACB25414"
"Start Page"="http://www.sweet-page.com/?type=hp&ts=1405150604&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9ACB25414"
"Search Page"="http://www.sweet-page.com/web/?type=ds&ts=1405150604&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9ACB25414&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{10DF6FDB-1610-4B14-A3F2-6ADC8C483C7A} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\faststartff@gmail.com deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Brecht1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Brecht1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Brecht1\AppData\Local\Mozilla\Firefox\Profiles\j9aytboh.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Brecht1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=0 4146 bytes)

==== Empty Temp Folders ======================

C:\Users\Brecht1\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\postgres\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Brecht1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ma 14-07-2014 at 12:37:57,15 ======================