
Zoek.exe v5.0.0.0 Updated 09-August-2014
Tool run by Koen on zo 10/08/2014 at 19:27:21,27.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Koen\Desktop\zoek (4).exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

10/08/2014 19:35:22 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\ParetoLogic deleted successfully
C:\Program Files\log deleted successfully
C:\PROGRA~3\Babylon deleted successfully
C:\PROGRA~3\Guitar Pro 6 deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Koen\AppData\Local\Lollipop deleted successfully
C:\Users\Koen\AppData\Local\Sparta deleted successfully
C:\Users\Koen\AppData\Local\VirtualStore deleted successfully
C:\Users\Seppe\AppData\Local\VirtualStore deleted successfully
C:\Users\seppe2\AppData\Local\VirtualStore deleted successfully

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\SupTab not found
C:\ProgramData\374311380 deleted
C:\ProgramData\Systweak deleted
C:\ProgramData\WindowsMangerProtect deleted
C:\Users\Koen\AppData\Roaming\Systweak deleted
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 deleted
"C:\Windows\tasks\pennybee Runner.job" deleted
"C:\windows\SysNative\roboot64.exe" deleted
"C:\ProgramData\pennybee\pennybee.exe" deleted
"C:\ProgramData\pennybee\pennybeeutil.dll" deleted
"C:\ProgramData\pennybee\wpennybeed.exe" deleted
"C:\ProgramData\IePluginServices\PluginService.exe" deleted
"C:\ProgramData\pennybee" not deleted
"C:\ProgramData\IePluginServices" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Koen\AppData\Local\Temp ====
2014-08-10 16:36:31	E073F2C0217B84223CD5CD2790AA93D3	16340144	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw51356_30259\plugins\NPSWF32_13_0_0_168.dll
2014-08-10 16:36:02	7A84009415827C6FC764B00F501654E8	402432	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw51356_30259\node_modules\goldengate\build\Release\goldengate.dll
2014-08-10 16:36:00	DE3DD2C419C7B383E6FD7997A782D5D1	95232	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw51356_30259\node_modules\gameo_utils\build\Release\gameo_utils.dll
2014-08-09 14:08:04	E073F2C0217B84223CD5CD2790AA93D3	16340144	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw13832_27285\plugins\NPSWF32_13_0_0_168.dll
2014-08-09 14:07:31	3713B47AA43B4967DD0ACB34A21093C8	385536	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw13832_27285\node_modules\goldengate\build\Release\goldengate.dll
2014-08-09 14:07:30	DE3DD2C419C7B383E6FD7997A782D5D1	95232	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw13832_27285\node_modules\gameo_utils\build\Release\gameo_utils.dll
2014-08-08 20:18:38	E073F2C0217B84223CD5CD2790AA93D3	16340144	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw44712_31866\plugins\NPSWF32_13_0_0_168.dll
2014-08-08 20:18:21	3713B47AA43B4967DD0ACB34A21093C8	385536	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw44712_31866\node_modules\goldengate\build\Release\goldengate.dll
2014-08-08 20:18:20	DE3DD2C419C7B383E6FD7997A782D5D1	95232	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw44712_31866\node_modules\gameo_utils\build\Release\gameo_utils.dll
2014-08-04 15:19:00	E073F2C0217B84223CD5CD2790AA93D3	16340144	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw14576_5633\plugins\NPSWF32_13_0_0_168.dll
2014-08-03 17:33:09	C181E9BBC059EA05A95BD0E72CFE5F1F	35682960	----a-w-	C:\Users\Seppe\AppData\Local\Temp\virtualdj.exe
2014-08-03 17:33:07	AB2C0FA2F5106B68C5C27A0983774A42	33936	----a-w-	C:\Users\Seppe\AppData\Local\Temp\VirtualDJ New Version.exe
2014-08-03 17:04:44	0E771375445E13429E68CAE720A48B72	35224	----a-w-	C:\Users\Seppe\AppData\Local\Temp\e4jAC23.tmp_dir1407085484\i4jdel.exe
2014-08-02 17:43:28	D8BE96BC224FB9A6034A01156A527271	43008	------w-	C:\Users\Koen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1jnp0q.dll
2014-08-02 15:00:18	E073F2C0217B84223CD5CD2790AA93D3	16340144	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw2148_1914\plugins\NPSWF32_13_0_0_168.dll
2014-08-02 14:59:57	3713B47AA43B4967DD0ACB34A21093C8	385536	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw2148_1914\node_modules\goldengate\build\Release\goldengate.dll
2014-08-02 14:59:56	DE3DD2C419C7B383E6FD7997A782D5D1	95232	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw2148_1914\node_modules\gameo_utils\build\Release\gameo_utils.dll
2014-07-28 20:30:59	E073F2C0217B84223CD5CD2790AA93D3	16340144	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw9052_6784\plugins\NPSWF32_13_0_0_168.dll
2014-07-28 20:30:22	3713B47AA43B4967DD0ACB34A21093C8	385536	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw9052_6784\node_modules\goldengate\build\Release\goldengate.dll
2014-07-28 20:30:19	DE3DD2C419C7B383E6FD7997A782D5D1	95232	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw9052_6784\node_modules\gameo_utils\build\Release\gameo_utils.dll
2014-07-27 20:29:31	E073F2C0217B84223CD5CD2790AA93D3	16340144	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw8056_10120\plugins\NPSWF32_13_0_0_168.dll
2014-07-27 20:29:11	3713B47AA43B4967DD0ACB34A21093C8	385536	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw8056_10120\node_modules\goldengate\build\Release\goldengate.dll
2014-07-27 20:29:10	DE3DD2C419C7B383E6FD7997A782D5D1	95232	----a-w-	C:\Users\Seppe\AppData\Local\Temp\nw8056_10120\node_modules\gameo_utils\build\Release\gameo_utils.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-08-03 12:21:21	F419D738BD2AE58D9DF2F9FEB5F43842	33792	----a-w-	C:\Windows\SysWOW64\wuapp.exe
2014-08-03 12:21:21	5AA2CAD923E9E647276A61387E83DDD0	179656	----a-w-	C:\Windows\SysWOW64\wuwebv.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-08-10 16:48:00	D5DA9A31C341DF754DBD109B7AF1B6CA	436696	----a-w-	C:\Windows\Sysnative\FNTCACHE.DAT
2014-08-03 12:22:13	E76F105AD039B9E4DA9ECE839298C4A2	44512	----a-w-	C:\Windows\Sysnative\wups2.dll
2014-08-03 12:22:12	EAD9E413A6CEB9FD8E2AD9DC0716C061	58336	----a-w-	C:\Windows\Sysnative\wuauclt.exe
2014-08-03 12:22:12	6335F8B4B89F002A3801473C1A799237	2620928	----a-w-	C:\Windows\Sysnative\wucltux.dll
2014-08-03 12:22:12	61FF576450CCC80564B850BC3FB6713A	2477536	----a-w-	C:\Windows\Sysnative\wuaueng.dll
2014-08-03 12:21:21	45D4BDEA136E72E75CF008D3C38D949A	198600	----a-w-	C:\Windows\Sysnative\wuwebv.dll
2014-08-03 12:21:20	29FE783F75362AD6D2D9C0555BA83BD2	36864	----a-w-	C:\Windows\Sysnative\wuapp.exe
====== C:\Windows\Sysnative\drivers =====
2014-07-26 23:18:57	EE9D22042FD325256103AB4BBC8A4D14	61072	----a-w-	C:\Windows\Sysnative\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
====== C:\Windows\Tasks ======
2014-08-10 17:37:56	825DC71D8EC2256FD599DE6A9C627B12	1092	----a-w-	C:\Windows\Tasks\pennybee Runner.job
2014-08-10 17:37:56	1F5847D56B7CF4E1CD205BDFAB701A8A	4048	----a-w-	C:\Windows\Sysnative\Tasks\pennybee Runner
2014-08-10 17:37:37	8D2C97E521D14C8517C2EC08CA12854B	2240	----a-w-	C:\Windows\Sysnative\Tasks\Tempo Runner
2014-08-10 17:37:36	649C9F064BC3BAA33D93589B636AF2A2	176	----a-w-	C:\Windows\Tasks\Tempo Runner.job
2014-08-01 15:39:08	F85D8A991EBD45A9C9684528AE09DF75	3238	----a-w-	C:\Windows\Sysnative\Tasks\Optimizer Pro Schedule
2014-07-26 22:14:54	2DFB362A22C9B347D87F2EEC77BDDAFF	3314	----a-w-	C:\Windows\Sysnative\Tasks\ASP
2014-07-21 12:49:27	1286A3FE09E9F6A54C0698000F42FB58	3416	----a-w-	C:\Windows\Sysnative\Tasks\Apple Diagnostics
2014-07-18 08:44:41	7539422CDFD2596998FE41CB9AE72B12	3286	----a-w-	C:\Windows\Sysnative\Tasks\{8AC1D133-1F98-4B01-9880-C5B815A1B41B}
2014-07-18 08:10:32	2DC439F01B6091EC397C3E3E7ABD6937	3702	----a-w-	C:\Windows\Sysnative\Tasks\AutoPico Daily Restart
2014-07-13 16:48:11	36B19ABDA571F418462FA9E21A8DE73A	3878	----a-w-	C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater
2014-07-13 16:48:10	B587A940F013C0AED402E80F8F2FC140	940	----a-w-	C:\Windows\Tasks\Adobe Flash Player Updater.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-08-10 09:26:15	--------	d-----w-	C:\Program Files\trend micro
2014-07-21 12:37:14	--------	d-----w-	C:\Program Files\iPod
2014-07-21 12:37:12	--------	d-----w-	C:\Program Files\iTunes
2014-07-18 08:10:15	--------	d-----w-	C:\Program Files\KMSpico
======= C:\PROGRA~2 =====
2014-08-09 09:11:52	--------	d-----w-	C:\PROGRA~2\SoulseekQt
2014-08-03 16:59:32	--------	d-----w-	C:\PROGRA~2\VirtualDJ
2014-07-21 12:37:12	--------	d-----w-	C:\PROGRA~2\iTunes
2014-07-18 08:07:58	--------	d-----w-	C:\PROGRA~2\WinRAR
======= C: =====
====== C:\Users\Koen\AppData\Roaming ======
2014-08-10 16:52:56	--------	d-----w-	C:\Users\Koen\AppData\Roaming\unpacked30216
2014-08-10 16:52:49	--------	d-----w-	C:\Users\Koen\AppData\Local\tmp30200
2014-08-09 19:20:38	AA04669AE41F2B93AE22C6F6962CBEFE	111520	----a-w-	C:\Users\Koen\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-09 11:31:33	--------	d-----w-	C:\Users\Koen\AppData\Local\ElevatedDiagnostics
2014-08-09 09:25:08	--------	d-----w-	C:\Users\Koen\AppData\Local\SoulseekQt
2014-08-09 09:12:01	--------	d-----w-	C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoulseekQt
2014-08-05 05:36:59	--------	d-----w-	C:\Users\Koen\AppData\Roaming\unpacked27130
2014-08-05 05:36:47	--------	d-----w-	C:\Users\Koen\AppData\Local\tmp27104
2014-08-04 09:49:50	--------	d-----w-	C:\Users\Koen\AppData\Roaming\unpacked23919
2014-08-04 09:49:49	--------	d-----w-	C:\Users\Koen\AppData\Local\tmp23915
2014-08-03 16:59:39	--------	d-----w-	C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2014-08-02 15:02:45	--------	d-----w-	C:\Users\Seppe\AppData\Roaming\unpacked12454
2014-08-02 15:02:39	--------	d-----w-	C:\Users\Seppe\AppData\Local\tmp12438
2014-08-02 15:00:41	--------	d-----w-	C:\Users\Seppe\AppData\Roaming\Systweak
2014-08-01 15:33:56	--------	d-----w-	C:\Users\Koen\AppData\Roaming\GoodGameEmpire
2014-08-01 15:33:55	--------	d-----w-	C:\Users\Koen\AppData\Local\GGEmpire
2014-07-27 20:32:41	--------	d-----w-	C:\Users\Koen\AppData\Roaming\Soldiers135
2014-07-27 20:32:39	--------	d-----w-	C:\Users\Koen\AppData\Local\Soldiers
2014-07-27 20:29:50	--------	d--h--w-	C:\Users\Seppe\AppData\Roaming\GoldenGate
2014-07-27 20:29:04	--------	d-----w-	C:\Users\Seppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
2014-07-27 20:29:04	--------	d-----w-	C:\Users\Seppe\AppData\Local\Gameo
2014-07-27 20:28:52	--------	d-----w-	C:\Users\Seppe\AppData\Roaming\Gameo
2014-07-26 22:29:27	--------	d-----w-	C:\Users\Koen\AppData\Roaming\unpacked25497
2014-07-26 22:29:21	--------	d-----w-	C:\Users\Koen\AppData\Local\tmp25484
2014-07-26 22:28:42	--------	d--h--w-	C:\Users\Koen\AppData\Roaming\GoldenGate
2014-07-26 22:28:28	--------	d-----w-	C:\Users\Koen\AppData\Locallow\pennybee
2014-07-26 22:27:37	--------	d-----w-	C:\Users\Koen\AppData\Local\Gameo
2014-07-26 22:27:09	--------	d-----w-	C:\Users\Koen\AppData\Roaming\sparta111
2014-07-26 16:47:43	--------	d-----w-	C:\Users\Seppe\AppData\Roaming\WinRAR
2014-07-18 08:09:48	--------	d-----w-	C:\Users\Koen\AppData\Roaming\WinRAR
2014-07-18 08:08:06	--------	d-----w-	C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
====== C:\Users\Koen ======
2014-08-10 09:25:51	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Koen\Downloads\RSITx64 (2).exe
2014-08-10 09:16:43	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Koen\Downloads\RSITx64 (1).exe
2014-08-10 09:13:38	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Koen\Downloads\RSITx64.exe
2014-08-01 15:31:29	EC260D0C8BEAB73A083A818232F81C14	733096	----a-w-	C:\Users\Seppe\Downloads\CR_Downloader_voor_pokemon-soulsilver (3).exe
2014-08-01 15:31:00	3AF35C68B580EC2C918493A4D51D6B06	733096	----a-w-	C:\Users\Seppe\Downloads\CR_Downloader_voor_pokemon-soulsilver (2).exe
2014-08-01 15:28:46	744D29EC13E5B7E5E873DD5AFC417013	170646	----a-w-	C:\Users\Seppe\Desktop\NO$GBA.EXE
2014-07-27 20:32:02	D2B0EBE12E13D53A00D9AAB79936C15B	733096	----a-w-	C:\Users\Seppe\Downloads\CR_Downloader_voor_pokemon-soulsilver (1).exe
2014-07-27 20:27:45	6EB9CD3BA3E1EB8E87D6E406DE9B33F7	733096	----a-w-	C:\Users\Seppe\Downloads\CR_Downloader_voor_pokemon-firered.exe
2014-07-26 22:28:16	--------	d-----w-	C:\ProgramData\pennybee
2014-07-26 22:16:12	--------	d-----w-	C:\ProgramData\IePluginServices
2014-07-21 12:39:11	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-21 12:31:03	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-07-18 08:10:30	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-07-18 08:08:06	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

====== C: exe-files ==
2014-08-10 16:52:58	E1BAA9DFA9C4B80597B09FCF09112B45	203776	----a-w-	C:\Users\Koen\AppData\Roaming\unpacked30216\wpennybeed.exe
2014-08-10 16:52:57	738B47DC30A3FF8814FA2473A49C250D	484352	----a-w-	C:\Users\Koen\AppData\Roaming\unpacked30216\pennybee.exe
2014-08-10 16:52:52	FCA65EC780B49E13B9983FCB2E54BF9B	825344	----a-w-	C:\Users\Koen\AppData\Local\tmp30200\dag30200.exe
2014-08-10 09:26:18	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Koen.exe
2014-08-10 09:25:51	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Koen\Downloads\RSITx64 (2).exe
2014-08-10 09:16:43	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Koen\Downloads\RSITx64 (1).exe
2014-08-10 09:13:38	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Koen\Downloads\RSITx64.exe
2014-08-09 09:12:01	42D74912D388017E156BF31889980FBC	35700	----a-w-	C:\Program Files (x86)\SoulseekQt\uninstall.exe
2014-08-05 08:11:41	E1BAA9DFA9C4B80597B09FCF09112B45	203776	----a-w-	C:\Users\Koen\AppData\Roaming\unpacked27130\wpennybeed.exe
2014-08-05 05:37:00	738B47DC30A3FF8814FA2473A49C250D	484352	----a-w-	C:\Users\Koen\AppData\Roaming\unpacked27130\pennybee.exe
2014-08-05 05:36:47	FCA65EC780B49E13B9983FCB2E54BF9B	825344	----a-w-	C:\Users\Koen\AppData\Local\tmp27104\dag27104.exe
2014-08-04 09:49:51	E1BAA9DFA9C4B80597B09FCF09112B45	203776	----a-w-	C:\Users\Koen\AppData\Roaming\unpacked23919\wpennybeed.exe
2014-08-04 09:49:50	738B47DC30A3FF8814FA2473A49C250D	484352	----a-w-	C:\Users\Koen\AppData\Roaming\unpacked23919\pennybee.exe
2014-08-04 09:49:49	FCA65EC780B49E13B9983FCB2E54BF9B	825344	----a-w-	C:\Users\Koen\AppData\Local\tmp23915\dag23915.exe
=== C: other files ==
2014-08-10 16:35:23	F5412F8F0D1DFAD14046C3F557DE8FAA	119	----a-w-	C:\Users\Seppe\AppData\Roaming\Gameo\hide.vbs
2014-08-10 16:35:23	D678721580C8037C16BDA76489648978	159	----a-w-	C:\Users\Seppe\AppData\Roaming\Gameo\restart.bat
2014-08-10 16:34:28	4D70DB4FB71842754D617BD7C04DF9FA	34262002	----a-w-	C:\Users\Seppe\AppData\Roaming\Gameo\gameo.zip
2014-08-07 14:30:08	6DD8590E4F5EBDDB68CF2273BBDD16BB	7701166	----a-w-	C:\Users\Koen\Downloads\fotos.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2043100165-3502898724-762426204-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Koen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Akamai NetSession Interface"="C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"uTorrent"="C:\Users\Koen\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Koen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Akamai NetSession Interface"="C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"uTorrent"="C:\Users\Koen\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Koen\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FlashPlayerUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="FlashPlayerUpdate"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe -update activex"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GarminExpressTrayApp"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify"
"hkey"="HKCU"
"command"="\"C:\\Users\\Koen\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\Koen\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\Koen\\AppData\\Roaming\\uTorrent\\uTorrent.exe\"  /MINIMIZED"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Koen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
"item"="Dropbox"
"path"="C:\\Users\\Koen\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"
"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Koen\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/07/2014 18:48]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2043100165-3502898724-762426204-1000Core.job --a------ C:\Users\Koen\AppData\Local\Facebook\Update\FacebookUpdate.exe [09/11/2013 19:58]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2043100165-3502898724-762426204-1000UA.job --a------ C:\Users\Koen\AppData\Local\Facebook\Update\FacebookUpdate.exe [09/11/2013 19:58]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/10/2013 18:40]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/10/2013 18:40]
C:\Windows\tasks\pennybee Runner.job --a------ C:\PROGRA3\pennybee\pennybee.exe []
C:\Windows\tasks\Tempo Runner.job --a------ C:\PROGRA3\pennybee\pennybee.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe]
"C:\Windows\SysNative\tasks\ASP" ["C:\Program Files (x86)\RegClean Pro\SystweakASP.exe"]
"C:\Windows\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"]
"C:\Windows\SysNative\tasks\BitGuard" [C:\Windows\system32\sc.exe start BitGuard]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\Express FilesUpdate" [C:\Program Files (x86)\ExpressFiles\EFUpdater.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2043100165-3502898724-762426204-1000Core" [C:\Users\Koen\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2043100165-3502898724-762426204-1000UA" [C:\Users\Koen\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoforFilesUpdate" [C:\Program Files (x86)\GoforFiles\GFFUpdater.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Optimizer Pro Schedule" ["C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe"]
"C:\Windows\SysNative\tasks\pennybee Runner" [C:\PROGRA~3\pennybee\pennybee.exe]
"C:\Windows\SysNative\tasks\Tempo Runner" [C:\PROGRA~3\pennybee\pennybee.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []

==== Chrome Look ======================

Google Wallet - Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Seppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - seppe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - seppe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - seppe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - seppe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - seppe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - seppe2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "http://www.sweet-page.com/?type=hp&ts=1406412885&from=cor&uid=HitachiXHTS723232L9A360_090819FCC400NEHB36AGX" ],


==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== C:\zoek_backup content ======================

C:\zoek_backup (files=64 folders=25 171751971 bytes)

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\ProgramData\pennybee"  not found
"C:\ProgramData\IePluginServices"  not found

==== EOF on zo 10/08/2014 at 19:48:02,82 ======================