Zoek.exe v5.0.0.0 Updated 14-September-2014
Tool run by Johan Knoester on wo 17-09-2014 at 21:10:52,47.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\JOHANK~1\AppData\Local\Temp\Rar$EXa0.453\zoek.exe [Scan all users] [Script inserted] 
==== System Restore Info ======================
17-9-2014 21:13:56 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\TornTV.com deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\Datamngr deleted successfully
C:\PROGRA~3\IePluginServices deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Johan Knoester\AppData\Roaming\TP deleted successfully
C:\Users\Johan Knoester\AppData\Roaming\U3 deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Internet Explorer\SearchScopes\{08FE146F-6A56-4C52-85AB-CBDF6CABD4E0} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} deleted successfully
HKEY_USERS\.DEFAULT\Software\mozilla\Firefox\Extensions\{b64982b1-d112-42b5-b1e4-d3867c4533f8} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\mozilla\Firefox\Extensions\{b64982b1-d112-42b5-b1e4-d3867c4533f8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ocr@babylon.com deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\browser manager deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\browser manager deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdate deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\globalUpdate deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdatem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\globalUpdatem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MapsGalaxy_39Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MapsGalaxy_39Service deleted successfully
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Mozilla Firefox\user.js deleted
C:\PROGRA~2\SoftwareUpdater deleted
C:\PROGRA~2\SearchProtect deleted
C:\PROGRA~2\MapsGalaxy_39 deleted
C:\PROGRA~2\vGrabber-software deleted
C:\PROGRA~2\SupTab deleted
C:\PROGRA~2\globalUpdate deleted
C:\user.js deleted
C:\Users\Johan Knoester\AppData\Roaming\sweet-page deleted
C:\Users\Johan Knoester\AppData\Roaming\Systweak deleted
C:\PROGRA~3\Ask deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\WindowsMangerProtect deleted
C:\Users\Johan Knoester\AppData\Local\iLivid deleted
C:\Users\Johan Knoester\AppData\Local\globalUpdate deleted
C:\Users\Johan Knoester\AppData\Local\SearchProtect deleted
C:\Users\Johan Knoester\AppData\Local\IAC deleted
C:\Users\Johan Knoester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk deleted
C:\Users\Johan Knoester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted
C:\Users\Johan Knoester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Windows\Tasks\e29193b0-b61f-4d86-ada8-6277dd849368-11.job deleted
C:\Windows\Tasks\e29193b0-b61f-4d86-ada8-6277dd849368-2.job deleted
C:\Windows\Tasks\e29193b0-b61f-4d86-ada8-6277dd849368-3.job deleted
C:\Windows\Tasks\e29193b0-b61f-4d86-ada8-6277dd849368-4.job deleted
C:\Windows\Tasks\e29193b0-b61f-4d86-ada8-6277dd849368-7.job deleted
C:\windows\SysNative\Tasks\e29193b0-b61f-4d86-ada8-6277dd849368-11 deleted
C:\windows\SysNative\Tasks\e29193b0-b61f-4d86-ada8-6277dd849368-2 deleted
C:\windows\SysNative\Tasks\e29193b0-b61f-4d86-ada8-6277dd849368-3 deleted
C:\windows\SysNative\Tasks\e29193b0-b61f-4d86-ada8-6277dd849368-4 deleted
C:\windows\SysNative\Tasks\e29193b0-b61f-4d86-ada8-6277dd849368-7 deleted
C:\Users\Johan Knoester\Downloads\SoftonicDownloader_for_minecraft-server.exe deleted
C:\Users\Johan Knoester\Downloads\SoftonicDownloader_voor_google-sketchup.exe deleted
C:\Users\Johan Knoester\AppData\LocalLow\IAC deleted
C:\Users\Johan Knoester\AppData\LocalLow\BabylonToolbar deleted
C:\Users\Johan Knoester\AppData\LocalLow\MapsGalaxy_39 deleted
C:\Users\Johan Knoester\AppData\LocalLow\Incredibar.com deleted
C:\Windows\wininit.ini deleted
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job deleted
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job deleted
C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineCore deleted
C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineUA deleted
C:\windows\SysNative\tasks\RegClean Pro deleted
C:\windows\SysNative\tasks\RegClean Pro_DEFAULT deleted
C:\windows\SysNative\tasks\RegClean Pro_UPDATES deleted
C:\Windows\tasks\RegClean Pro_DEFAULT.job deleted
C:\Windows\tasks\RegClean Pro_UPDATES.job deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\sho2C2A.tmp deleted
C:\Windows\Syswow64\sho53E9.tmp deleted
C:\Windows\Syswow64\sho55F6.tmp deleted
C:\Windows\Syswow64\sho7C90.tmp deleted
C:\Windows\Syswow64\sho80C7.tmp deleted
C:\Windows\Syswow64\shoC378.tmp deleted
C:\Windows\Syswow64\shoF894.tmp deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Johan Knoester\Desktop\Continue PDF Creator Installation.lnk deleted
"C:\Windows\Installer\a0119.msi" deleted
"C:\Users\Johan Knoester\AppData\Roaming\howto" deleted
"C:\Users\Johan Knoester\AppData\Roaming\images" deleted
"C:\Users\Johan Knoester\AppData\Roaming\laserjet" deleted
"C:\ProgramData\Analog Sync" deleted
"C:\ProgramData\Applause and Laugher" deleted
"C:\ProgramData\Application Support" deleted
"C:\ProgramData\manual" deleted
"C:\ProgramData\programs" deleted
"C:\ProgramData\vhosts" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\JOHANK~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-09-15 18:05:16 1F803674E36144DFF90BD62368E30FE8 17903792 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-14 13:45:35 297EF1AB73B8FCE76BCA1365C2E49AFC 440320 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-09-14 13:45:34 E3D7B3F64C30994409BDF8E48048A854 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-09-14 13:45:32 6DD476318F524D2DCB73AFEB2EE27B4A 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-14 13:45:30 84E96F4AF8A7748A3DE7C3EBBC6768E5 365056 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-09-14 13:45:30 42F6F28D4885505F687CAF0459FF9F90 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-09-14 13:45:30 010DFAF3EF93994B805BAA1493D47973 243200 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-09-14 13:45:29 CC8F34B345DA638D77BB48C035DA628D 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-09-14 13:45:29 4F2EDC301EC63F803C0FDB6CC87EDA24 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-09-14 13:45:28 D603AC77E17E5B9583E382F2EE0381A7 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-09-14 13:45:28 7C3D593AB1E2F5E5687D97772EF99AC7 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-09-14 13:45:28 13C2C87C35E52AAB1B439FB2E26DF2DE 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-09-14 13:45:28 074646C5A979DE79133DE4A8530A9C5D 603136 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-09-14 13:45:27 AA595171932ACC79DA9851067DCBDABF 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-09-14 13:45:27 8D4FCAB2643DFEF68040B70F1EDCCBC5 327872 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-09-14 13:45:27 2E2E40E5D92EEA979548E307C5781038 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-09-14 13:45:26 77F79126444896B5867E6761490735B8 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 13:45:25 5074835337862817DB3726558D0908DE 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-14 13:45:25 1D8C086A39B9794D7131384586811B25 678400 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-09-14 13:45:24 88EBB8526981D03C5777AB0A4AEBA8B4 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-14 13:45:20 FD96C05DE700F5FD26273D6DDB6495A7 2185728 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-09-14 13:45:18 D58988722C72D265B51A54103DFC2C6F 1812992 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-09-14 13:45:16 77B7DDF91F3ED2CDB6CF60224EE13433 4232704 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-09-14 13:45:16 6A3A809CA7A8F40C89E6F1D301898A66 2014208 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-09-14 13:45:16 41010A88B70A2168F801DC19EBD4CB4F 1190400 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-09-14 13:45:14 7BF1CE9240CB9DD27C3E30733176EB8E 17455104 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-09-14 13:45:12 A3560FAFC1686D5EE9830B33B5C74B66 11769856 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-09-14 13:35:08 2413D2216D08FAF7D7178D9E0B481AEB 2285056 ----a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-14 13:32:34 C212A43AA83A717AD38505F23ACDCB33 2363392 ----a-w- C:\Windows\SysWOW64\msi.dll
2014-09-14 13:32:30 43CD23B65CBF04D6F8ACA984B0EF93FE 1805824 ----a-w- C:\Windows\SysWOW64\authui.dll
2014-09-14 13:32:28 9DA1CCDBBF8136AC2383C2624CA8CD14 337408 ----a-w- C:\Windows\SysWOW64\msihnd.dll
2014-09-14 13:30:03 AF6655214DEBB2C8446DE843A02AAEBA 99480 ----a-w- C:\Windows\SysWOW64\infocardapi.dll
2014-09-14 13:30:02 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\SysWOW64\icardagt.exe
2014-09-14 13:29:57 370FC4421ADE62FC89AC93B345570388 8856 ----a-w- C:\Windows\SysWOW64\icardres.dll
2014-09-14 13:29:27 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-14 13:28:51 386BF6FD9FC562B1A5558C49E1C3A6FB 12874240 ----a-w- C:\Windows\SysWOW64\shell32.dll
2014-09-14 13:27:41 A8DDB7ACB122FC36FF0D7C9B3099A380 793600 ----a-w- C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-14 13:22:15 79896A78039C9A63C56197843CFBAD0B 1987584 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll
2014-09-14 13:21:33 B094390B6B2D0456821384771020870B 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2014-09-14 13:21:33 1B85FA0D0A93C011B76678733F39DB6C 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2014-09-14 13:21:33 10826DA2FC073702AEAB93AF3D73B066 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2014-09-14 13:20:39 980305AC3AF53C1964A11190451ABB32 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll
2014-09-14 13:20:35 D8BED6BA298DBAAF6F3D746739FCD333 664064 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll
2014-09-14 12:46:00 372218B80DEF827063049EBEE76B7501 92672 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2014-09-14 12:45:59 867148EBF47E7E7E7B21C07B4A981929 581600 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2014-09-14 12:45:59 255F0417EC31C71585824269522EC8E9 36320 ----a-w- C:\Windows\SysWOW64\wups.dll
2014-09-14 12:45:25 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2014-09-14 12:45:25 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-09-14 13:45:36 9EFF09364ABDC86770FA0B1BCC9CA3C3 596480 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-09-14 13:45:34 1BE1D1942825BE2146941DA274D2B92F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-09-14 13:45:32 EF79F0B9E0F277F5797C475DF4248B97 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-09-14 13:45:32 A0600300428AB73664050659E738F11F 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-09-14 13:45:31 EE6B22396FA99639A163B1B7E9736669 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-09-14 13:45:31 305D5395A65D00C74A94AEA40E9909E9 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-09-14 13:45:31 0113777A28BEC88A50C2566F346E4B58 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-09-14 13:45:30 786ECD92C9D77F571134283E0FABAF1A 289280 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-09-14 13:45:30 641068C626DE3AD348871D0D7931A3FA 547328 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-09-14 13:45:30 4CF33E458BAEDA917CAE9F2E8338479C 446464 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-09-14 13:45:30 2D95BDB699FA1D531B642EA18464FE05 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-09-14 13:45:29 E76C23C71345ACBC65ED8F6E87AD01D1 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-09-14 13:45:29 C067D863FCD53B91A5BF78AE1CE88E54 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-09-14 13:45:28 C07D636B0237172345E68AE8B70A2984 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-09-14 13:45:28 2AEFBA4339A34C8EF021B49D23D1F1DF 727040 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-09-14 13:45:27 A1BB4CFB25F7CE1D4F67DD71111823AA 374968 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-09-14 13:45:27 68B0077C0D09D1B669A260F2921FD6B9 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-09-14 13:45:27 33BAC6F66DB5FE5F7E20D41B025F490E 707072 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-09-14 13:45:26 920BD93A0B64657A20CA66C2EBB167EA 23591424 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-09-14 13:45:25 227303FC6E95547EA274F4337BBC7278 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-09-14 13:45:25 1439630B47D717960D59423958754394 775168 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-09-14 13:45:24 698C19E198F832E071778A1427E942C8 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-09-14 13:45:24 5A0C72B9D3CCA42D8AB74890C19443B2 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-09-14 13:45:24 4C8838D7C13E9080AF4B548CA791896B 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-09-14 13:45:19 75498A52C2AE248DEE5BDF5209768963 2793984 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-09-14 13:45:19 39EBB9708453036A74C30C9A294023FF 2310656 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-09-14 13:45:17 F6304AACC5744016770C8C797CAA2AF7 5833728 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-09-14 13:45:16 FECA80905D551074E1A9298BD98103B7 1447424 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-09-14 13:45:15 97752927B6E2401011A96E0D6082E403 2104832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-09-14 13:45:13 BA56C68CCB912C4C08C97DD32C47AD31 13588480 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-09-14 13:35:08 3469B9FAE899139FEE7356E91693376A 2777088 ----a-w- C:\Windows\Sysnative\msmpeg2vdec.dll
2014-09-14 13:32:35 3B39F9D51E4D8BAABDA6518955B58C13 3241984 ----a-w- C:\Windows\Sysnative\msi.dll
2014-09-14 13:32:33 5DFFC12BF7DB53BDB401804A3C3A475E 1941504 ----a-w- C:\Windows\Sysnative\authui.dll
2014-09-14 13:32:29 B0F8CCA08DBC392442E27377B98DD0CD 112064 ----a-w- C:\Windows\Sysnative\consent.exe
2014-09-14 13:32:29 A6D0DC3B30F6BB1421DAA92537424822 504320 ----a-w- C:\Windows\Sysnative\msihnd.dll
2014-09-14 13:30:03 9C44FB5B3A8A192FCE1103AC9BA4E576 171160 ----a-w- C:\Windows\Sysnative\infocardapi.dll
2014-09-14 13:30:02 8A08BB0D12BE40DC09632CD5D04A48A0 1389208 ----a-w- C:\Windows\Sysnative\icardagt.exe
2014-09-14 13:29:57 EE415EC9288182BCFB6E6896A376EA53 8856 ----a-w- C:\Windows\Sysnative\icardres.dll
2014-09-14 13:29:27 E4312738B500577BABC232A49F67A67D 35480 ----a-w- C:\Windows\Sysnative\TsWpfWrp.exe
2014-09-14 13:28:53 AE57F6C7AB3ED244B5F14151C4EA0057 14175744 ----a-w- C:\Windows\Sysnative\shell32.dll
2014-09-14 13:27:41 EFF3FF9D9E5BFD2A05390D959A1C3AD0 1031168 ----a-w- C:\Windows\Sysnative\TSWorkspace.dll
2014-09-14 13:22:16 224C2EEBAAF39CD93DE5332DBE5E5A95 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll
2014-09-14 13:21:34 33EF550DCCC58C93F5B65FD75BAD9832 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll
2014-09-14 13:21:33 EE4B105F1DBE1E864AFC72E7F0315432 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2014-09-14 13:20:40 A347EF56B7CD8360B3EF7772FEA597B9 3163648 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-09-14 13:20:39 860528C9E50AB84935843B23A80E665E 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll
2014-09-14 13:20:32 E2BCB58869598B392D6A78953F61A2D9 578048 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-09-14 13:20:31 88BC88D0BDFB6BBE5765D5ABB233C110 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
2014-09-14 12:46:45 EAD9E413A6CEB9FD8E2AD9DC0716C061 58336 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2014-09-14 12:46:45 E76F105AD039B9E4DA9ECE839298C4A2 44512 ----a-w- C:\Windows\Sysnative\wups2.dll
2014-09-14 12:46:45 6335F8B4B89F002A3801473C1A799237 2620928 ----a-w- C:\Windows\Sysnative\wucltux.dll
2014-09-14 12:46:45 61FF576450CCC80564B850BC3FB6713A 2477536 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2014-09-14 12:46:00 7EC6617005F76714C7E16605E7A8AB06 38880 ----a-w- C:\Windows\Sysnative\wups.dll
2014-09-14 12:46:00 1180B5ADFB507258DA10F51B46681A33 97792 ----a-w- C:\Windows\Sysnative\wudriver.dll
2014-09-14 12:46:00 0DB2758CF1BAFE22E0970FDA0785B74C 700384 ----a-w- C:\Windows\Sysnative\wuapi.dll
2014-09-14 12:45:24 45D4BDEA136E72E75CF008D3C38D949A 198600 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2014-09-14 12:45:10 29FE783F75362AD6D2D9C0555BA83BD2 36864 ----a-w- C:\Windows\Sysnative\wuapp.exe
====== C:\Windows\Sysnative\drivers =====
2014-09-14 13:32:01 F59E2FE2687A5C30598F9099F318EB73 986560 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-15 18:08:07 -------- d-----w- C:\Program Files\trend micro
2014-09-14 12:46:41 -------- d-----w- C:\Program Files\iPod
2014-09-14 12:46:38 -------- d-----w- C:\Program Files\iTunes
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Johan Knoester\AppData\Roaming ======
2014-09-17 17:32:49 -------- d-----w- C:\Users\Johan Knoester\AppData\Local\F-Secure
====== C:\Users\Johan Knoester ======
2014-09-15 17:57:53 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Johan Knoester\Desktop\RSITx64.exe
====== C: exe-files ==
2014-09-17 16:22:04 E8A50A9E177661FA99EE0871C3B16FDB 39982160 ----a-w- C:\Program Files (x86)\Google\Update\Install\{C25E28BD-A866-46C9-98C2-F20CF7FB2456}\37.0.2062.120_chrome_installer.exe
2014-09-17 16:20:50 E8A50A9E177661FA99EE0871C3B16FDB 39982160 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.120\37.0.2062.120_chrome_installer.exe
2014-09-15 18:19:52 2FADF4E793B9971BECDEB03CA76823B7 8847440 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.120\37.0.2062.120_36.0.1985.125_chrome_updater.exe
2014-09-15 18:08:23 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Johan Knoester.exe
2014-09-14 13:45:35 665256B575BF83E4B188BE73450C5C29 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-09-14 13:45:35 4DABFE3A9D3C67E9D9AD83C7F8FAD855 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-09-14 13:45:35 0D75A74E925F00D9F256F6A53733DAF8 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-09-14 13:45:34 ED689CF5DA7A0374D2A8E3A8550522F7 483328 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-09-14 13:45:16 EEA63B8CF19E59C4A51AD2D9A59DDA25 812216 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-09-14 13:45:16 9540F3F5489747E71101E8AC9850CC79 810168 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
=== C: other files ==
2014-09-14 13:01:48 AC26E6992C7931220B2FF74B4BD5D5E8 768184 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys
2014-09-14 13:01:48 33FC774AD3AB2805B7D8F31CB3EF3ECB 433240 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /nosplash /minimized"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPQuickWebProxy"="C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Nikon Message Center 2"="C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup"
"F-Secure Hoster (45329)"="C:\Program Files (x86)\UPC Smart Guard\fshoster32.exe -app -hosterid:1"
"F-Secure Manager"="C:\Program Files (x86)\UPC Smart Guard\apps\ComputerSecurity\Common\FSM32.EXE /splash"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /nosplash /minimized"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll c:\\progra~3\\browse~1\\23787~1.43\\{16cdf~1\\browse~1.dll c:\\progra~3\\browse~1\\22643~1.41\\{16cdf~1\\browse~1.dll,C:\\PROGRA~2\\Citrix\\ICACLI~1\\RSHook.dll"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SetDefault"="C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitComet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BitComet"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\BitComet\\BitComet.exe\" /tray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MapsGalaxy Search Scope Monitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MapsGalaxy Search Scope Monitor"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~2\\MAPSGA~2\\bar\\1.bin\\39srchmn.exe\" /m=2 /w /h"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MapsGalaxy_39 Browser Plugin Loader]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MapsGalaxy_39 Browser Plugin Loader"
"hkey"="HKLM"
"command"="C:\\PROGRA~2\\MAPSGA~2\\bar\\1.bin\\39brmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15-09-2014 20:05]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24-08-2012 10:45]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24-08-2012 10:45]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{28DF2831-56DA-43FE-AD56-1C19988FE7B0}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{DF3D814F-6300-4A34-BCC3-51E973338A6A}" ["c:\program files\internet explorer\iexplore.exe" [url=http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=12002]Downloading[/url]]
"C:\Windows\SysNative\tasks\{E705A6AD-4212-4122-8E78-937F69B3847E}" ["c:\program files (x86)\internet explorer\iexplore.exe" [url=http://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsWLM]Download Skype op uw computer ? Windows, Mac en Linux ? download Skype[/url]]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[EMAIL="39ffxtbr@MapsGalaxy_39.com"="C:\Program"]39ffxtbr@MapsGalaxy_39.com"="C:\Program[/EMAIL] Files (x86)\MapsGalaxy_39\bar\1.bin" []
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bfmogjcijkfeahcajecmmegieipfbdcc - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[18-08-2011 00:51]
pgafcinpmmpklohkojmllohd****efph - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx[]
Google Docs - Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Website Logon - Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc
YouTube - Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
PlusHD-V1.9 - Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhbpoeinkhpajikalhfpjjafpfgjnmgk
Google Wallet - Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Startpages ======================
C:\Users\Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "[url=http://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MCEAAC822-7BCE-44A8-BB8D-36643269D834&SearchSource=55&CUI=&UM=5&UP=SP1EDA083B-5745-4D04-B003-09DA1BDBE0E7&SSPV=&SSPV]Zoeken[/url]=",
"startup_urls": [ "[url=http://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MCEAAC822-7BCE-44A8-BB8D-36643269D834&SearchSource=55&CUI=&UM=5&UP=SP1EDA083B-5745-4D04-B003-09DA1BDBE0E7&SSPV=&SSPV]Zoeken[/url]=" ],

==== Chromium Fix ======================
C:\Users\Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhbpoeinkhpajikalhfpjjafpfgjnmgk deleted successfully
C:\Users\Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mhbpoeinkhpajikalhfpjjafpfgjnmgk_0.localstorage deleted successfully
C:\Users\Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mhbpoeinkhpajikalhfpjjafpfgjnmgk_0.localstorage-journal deleted successfully
C:\Users\Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mhbpoeinkhpajikalhfpjjafpfgjnmgk_0 deleted successfully
C:\Users\Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhbpoeinkhpajikalhfpjjafpfgjnmgk deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="[url=http://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MCEAAC822-7BCE-44A8-BB8D-36643269D834&SearchSource=55&CUI=&UM=5&UP=SP1EDA083B-5745-4D04-B003-09DA1BDBE0E7&SSPV=&SSPV]Zoeken[/url]="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="[url=http://www.sweet-page.com/web/?type=ds&ts=1404496009&from=sof&uid=TOSHIBAXMK5076GSX_12U4SD56SXX12U4SD56S&q={searchTerms]{searchTerms - Elex Yahoo-Zoekresultaten[/url]}"
"Search Page"="[url=http://www.sweet-page.com/web/?type=ds&ts=1404496009&from=sof&uid=TOSHIBAXMK5076GSX_12U4SD56SXX12U4SD56S&q={searchTerms]{searchTerms - Elex Yahoo-Zoekresultaten[/url]}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="[url=http://www.sweet-page.com/web/?type=ds&ts=1404496009&from=sof&uid=TOSHIBAXMK5076GSX_12U4SD56SXX12U4SD56S&q={searchTerms]{searchTerms - Elex Yahoo-Zoekresultaten[/url]}"
"Search Page"="[url=http://www.sweet-page.com/web/?type=ds&ts=1404496009&from=sof&uid=TOSHIBAXMK5076GSX_12U4SD56SXX12U4SD56S&q={searchTerms]{searchTerms - Elex Yahoo-Zoekresultaten[/url]}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="[url=http://www.google.com/search?q=%s]%s - Google Search[/url]"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="[url=http://www.google.com/ie]Upgrade to Google Chrome[/url]"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="[url=http://www.google.com]Google[/url]"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="[url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]"
"Search Page"="[url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="[url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]"
"Search Page"="[url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="[url=http://search.msn.com/results.asp?q=%s]%s - Bing[/url]"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="[url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="[url=http://www.google.com/search?q={searchTerms]{searchTerms - Google Search[/url]}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="[url=http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC]{searchTerms} - Bing[/url]"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="[url=http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7]{searchTerms} - Google Search[/url]"
{d43b3890-80c7-4010-a95d-1e77b5924dc3} Unknown  Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1757150116-1078823578-363070555-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\39ffxtbr@MapsGalaxy_39.com deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCCC6B633C793CB488092A7E870C30E7 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohd****efph deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{36B6CCCF-97C3-4BC3-8890-A2E778C0037E} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MapsGalaxy_39bar Uninstall deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FCCC6B633C793CB488092A7E870C30E7 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MapsGalaxy Search Scope Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MapsGalaxy_39 Browser Plugin Loader deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Johan Knoester\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Johan Knoester\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Johan Knoester\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Johan Knoester\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Johan Knoester\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=2058 folders=173 140268652 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Johan Knoester\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\JOHANK~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on do 18-09-2014 at  7:57:55,01 ======================