Zoek.exe v5.0.0.0 Updated 04-November-2014 Tool run by Gebruiker on di 04/11/2014 at 7:42:59,34. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z11BBFCA\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 4/11/2014 7:47:34 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\AVS4YOU deleted successfully C:\Program Files\MyHeritage deleted successfully C:\Users\Gebruiker\AppData\Roaming\Nico Mak Computing deleted successfully C:\Users\Gebruiker\AppData\Roaming\WinRAR deleted successfully C:\Users\Gebruiker\AppData\Local\B8210F27-6BD6-40EF-A20C-F4923D5BF6B5 deleted successfully C:\Users\Gebruiker\AppData\Local\Lollipop_05301843 deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully HKEY_CLASSES_ROOT\CLSID\{5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{D0F4A166-B8D4-48B8-9D63-80849FE137CB} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{C547C6C2-561B-4169-A2A5-20BA771CA93B} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110411891178} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{431e686c-019b-49a0-8216-60e0921ded41} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{a615e327-b856-4f79-9b2e-fad2804eb9b9} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{d0a0c198-0e31-4589-8605-d6b10b4112b0} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{1ddb8fbb-6573-46b6-8599-8d8a2a4ed3ca} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{a2db6fbe-fcba-4347-9809-12ca66a4cff9} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{20ae4b14-0972-4156-88e2-74c430fed074} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{e3492f34-076c-4166-bd2f-af61b29efab0} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{913c22b8-bc9e-41d3-a83d-52b0cb3fd88e} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{575c217b-8668-4f53-9803-45da10cedef4} deleted successfully HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vToolbarUpdater18.1.9 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dgfkljlk deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\dgfkljlk deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ltufmllr deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ltufmllr deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nqspgfdh deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nqspgfdh deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserProtect deleted successfully ==== Deleting Files \ Folders ====================== C:\Program Files\Allin1Convert_8h not found C:\Program Files\Common Files\AVG Secure Search not found "C:\Windows\TEMP\{407B38B7-A945-4EAF-95A9-C4CF79174DEE}.exe" not found "C:\Windows\TEMP\{669A3648-8A9B-4AA8-8875-2623CD920A63}.exe" not found "C:\Windows\system32\drivers\dgfkljlk.sys" not found "C:\Windows\system32\drivers\ltufmllr.sys" not found "C:\Windows\system32\drivers\nqspgfdh.sys" not found C:\Users\Gebruiker\AppData\LocalLow\{4F16F5F3-F24F-5586-71A4-74D613B771F2} deleted C:\Users\Gebruiker\AppData\LocalLow\{C0BE3D59-119F-B3AC-9AA6-5B2B1C0BCCC3} deleted C:\PROGRA~2\ccf337187fcf1532 deleted C:\Users\Gebruiker\AppData\Local\4796 deleted C:\Program Files\Video Download Converter deleted C:\Program Files\iMesh Applications deleted C:\extensions.sqlite deleted C:\extensions.ini deleted C:\awh10C2.tmp deleted C:\awh17E3.tmp deleted C:\awh18AE.tmp deleted C:\awh19F5.tmp deleted C:\awh1A53.tmp deleted C:\awh1B6C.tmp deleted C:\awh1D5F.tmp deleted C:\awh1D6E.tmp deleted C:\awh1DAD.tmp deleted C:\awh1F14.tmp deleted C:\awh1F90.tmp deleted C:\awh20B9.tmp deleted C:\awh21F1.tmp deleted C:\awh2348.tmp deleted C:\awh2589.tmp deleted C:\awh2F88.tmp deleted C:\awh31AA.tmp deleted C:\awh31AB.tmp deleted C:\awh34D5.tmp deleted C:\awh38AC.tmp deleted C:\awh472D.tmp deleted C:\awh4D73.tmp deleted C:\awh4F86.tmp deleted C:\awh5051.tmp deleted C:\awh5215.tmp deleted C:\awh52E.tmp deleted C:\awh530F.tmp deleted C:\awh537C.tmp deleted C:\awh56A7.tmp deleted C:\awh5936.tmp deleted C:\awh60C5.tmp deleted C:\awh619F.tmp deleted C:\awh6F26.tmp deleted C:\awh7399.tmp deleted C:\awh76D4.tmp deleted C:\awh7925.tmp deleted C:\awh7A1E.tmp deleted C:\awh7C6F.tmp deleted C:\awh7C7F.tmp deleted C:\awh7C8E.tmp deleted C:\awh7C9E.tmp deleted C:\awh7D49.tmp deleted C:\awh7D88.tmp deleted C:\awh7EA1.tmp deleted C:\awh7F4C.tmp deleted C:\awh7FB.tmp deleted C:\awh8017.tmp deleted C:\awh80F1.tmp deleted C:\awh813F.tmp deleted C:\awh81A.tmp deleted C:\awh8268.tmp deleted C:\awh8381.tmp deleted C:\awh83FD.tmp deleted C:\awh847A.tmp deleted C:\awh849.tmp deleted C:\awh84B9.tmp deleted C:\awh84C8.tmp deleted C:\awh8593.tmp deleted C:\awh85D1.tmp deleted C:\awh861F.tmp deleted C:\awh864E.tmp deleted C:\awh866D.tmp deleted C:\awh86FA.tmp deleted C:\awh8767.tmp deleted C:\awh8777.tmp deleted C:\awh8822.tmp deleted C:\awh88DD.tmp deleted C:\awh890C.tmp deleted C:\awh893B.tmp deleted C:\awh896A.tmp deleted C:\awh896B.tmp deleted C:\awh8AA2.tmp deleted C:\awh8B0F.tmp deleted C:\awh8BAB.tmp deleted C:\awh8EB7.tmp deleted C:\awh8EE6.tmp deleted C:\awh8F53.tmp deleted C:\awh8FD0.tmp deleted C:\awh8FD1.tmp deleted C:\awh901E.tmp deleted C:\awh906C.tmp deleted C:\awh90C9.tmp deleted C:\awh9127.tmp deleted C:\awh9146.tmp deleted C:\awh91A4.tmp deleted C:\awh92BD.tmp deleted C:\awh92FB.tmp deleted C:\awh92FC.tmp deleted C:\awh930B.tmp deleted C:\awh932A.tmp deleted C:\awh9349.tmp deleted C:\awh9387.tmp deleted C:\awh94A0.tmp deleted C:\awh952D.tmp deleted C:\awh959A.tmp deleted C:\awh95F7.tmp deleted C:\awh9617.tmp deleted C:\awh9636.tmp deleted C:\awh9684.tmp deleted C:\awh96A3.tmp deleted C:\awh9701.tmp deleted C:\awh979D.tmp deleted C:\awh97DB.tmp deleted C:\awh97EB.tmp deleted C:\awh97FA.tmp deleted C:\awh980A.tmp deleted C:\awh9839.tmp deleted C:\awh9961.tmp deleted C:\awh9990.tmp deleted C:\awh9A0D.tmp deleted C:\awh9A3B.tmp deleted C:\awh9A5B.tmp deleted C:\awh9A6A.tmp deleted C:\awh9AA9.tmp deleted C:\awh9AE7.tmp deleted C:\awh9AE8.tmp deleted C:\awh9B35.tmp deleted C:\awh9B83.tmp deleted C:\awh9C4E.tmp deleted C:\awh9CF.tmp deleted C:\awh9D09.tmp deleted C:\awh9D19.tmp deleted C:\awh9D86.tmp deleted C:\awh9DC4.tmp deleted C:\awh9E70.tmp deleted C:\awh9E7F.tmp deleted C:\awh9E8F.tmp deleted C:\awh9EAE.tmp deleted C:\awh9FB7.tmp deleted C:\awh9FB8.tmp deleted C:\awh9FD7.tmp deleted C:\awh9FD8.tmp deleted C:\awhA073.tmp deleted C:\awhA092.tmp deleted C:\awhA10F.tmp deleted C:\awhA247.tmp deleted C:\awhA248.tmp deleted C:\awhA2D3.tmp deleted C:\awhA4C6.tmp deleted C:\awhA505.tmp deleted C:\awhA524.tmp deleted C:\awhA572.tmp deleted C:\awhA5A1.tmp deleted C:\awhA66B.tmp deleted C:\awhA727.tmp deleted C:\awhA736.tmp deleted C:\awhA755.tmp deleted C:\awhA83F.tmp deleted C:\awhA85F.tmp deleted C:\awhA88D.tmp deleted C:\awhA89D.tmp deleted C:\awhA8BC.tmp deleted C:\awhAA42.tmp deleted C:\awhAAAF.tmp deleted C:\awhAADE.tmp deleted C:\awhAB.tmp deleted C:\awhAB8A.tmp deleted C:\awhABC8.tmp deleted C:\awhAC07.tmp deleted C:\awhAC55.tmp deleted C:\awhAC74.tmp deleted C:\awhAC93.tmp deleted C:\awhACA3.tmp deleted C:\awhACF1.tmp deleted C:\awhAD2F.tmp deleted C:\awhAD8D.tmp deleted C:\awhAE57.tmp deleted C:\awhAF8F.tmp deleted C:\awhAFFD.tmp deleted C:\awhB01C.tmp deleted C:\awhB03B.tmp deleted C:\awhB05A.tmp deleted C:\awhB192.tmp deleted C:\awhB2AB.tmp deleted C:\awhB431.tmp deleted C:\awhB450.tmp deleted C:\awhB672.tmp deleted C:\awhB6FF.tmp deleted C:\awhB700.tmp deleted C:\awhB76C.tmp deleted C:\awhB875.tmp deleted C:\awhB8E2.tmp deleted C:\awhB98E.tmp deleted C:\awhBA1A.tmp deleted C:\awhBB62.tmp deleted C:\awhBD36.tmp deleted C:\awhBD46.tmp deleted C:\awhBD47.tmp deleted C:\awhBD84.tmp deleted C:\awhBE30.tmp deleted C:\awhBEFA.tmp deleted C:\awhBF96.tmp deleted C:\awhC2D1.tmp deleted C:\awhC35E.tmp deleted C:\awhC66A.tmp deleted C:\awhC6C7.tmp deleted C:\awhC6E.tmp deleted C:\awhC773.tmp deleted C:\awhC7C1.tmp deleted C:\awhC8BA.tmp deleted C:\awhCA31.tmp deleted C:\awhCAEC.tmp deleted C:\awhCC53.tmp deleted C:\awhCCC.tmp deleted C:\awhCCD0.tmp deleted C:\awhCD9A.tmp deleted C:\awhCE17.tmp deleted C:\awhCE27.tmp deleted C:\awhCF30.tmp deleted C:\awhD078.tmp deleted C:\awhD190.tmp deleted C:\awhD1B0.tmp deleted C:\awhD26B.tmp deleted C:\awhD410.tmp deleted C:\awhD4DB.tmp deleted C:\awhD519.tmp deleted C:\awhD69F.tmp deleted C:\awhD6FD.tmp deleted C:\awhD70C.tmp deleted C:\awhD816.tmp deleted C:\awhD8C1.tmp deleted C:\awhDAB4.tmp deleted C:\awhDB50.tmp deleted C:\awhDE2E.tmp deleted C:\awhDF46.tmp deleted C:\awhE021.tmp deleted C:\awhE168.tmp deleted C:\awhE3F8.tmp deleted C:\awhE53F.tmp deleted C:\awhE61.tmp deleted C:\awhE9D1.tmp deleted C:\awhE9F0.tmp deleted C:\awhEAAC.tmp deleted C:\awhEC22.tmp deleted C:\awhECBE.tmp deleted C:\awhF066.tmp deleted C:\awhF0D.tmp deleted C:\awhF2A7.tmp deleted C:\awhF2B7.tmp deleted C:\awhF40E.tmp deleted C:\awhF4C9.tmp deleted C:\awhF4F8.tmp deleted C:\awhF5A4.tmp deleted C:\awhF5C3.tmp deleted C:\awhF6A.tmp deleted C:\awhF768.tmp deleted C:\awhFA64.tmp deleted C:\awhFB9C.tmp deleted C:\awhFE0C.tmp deleted C:\user.js deleted C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk deleted C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\337 GAMES.lnk deleted C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\337 GAMES.lnk deleted C:\PROGRA~2\Avg_Update_0814tb deleted C:\PROGRA~2\boost_interprocess deleted C:\PROGRA~2\Package Cache deleted C:\Users\Gebruiker\AppData\Local\iMesh deleted C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk deleted C:\Users\Gebruiker\Downloads\iMeshV11.exe deleted C:\Users\Gebruiker\AppData\LocalLow\SkwConfig.bin deleted C:\Users\Gebruiker\AppData\LocalLow\imeshtoolbar2 deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted C:\Windows\system32\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted C:\Windows\system32\Tasks\LaunchSignup deleted C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job deleted C:\Windows\system32\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv deleted C:\Windows\System32\mjcm deleted C:\Windows\system32\GroupPolicy\Machine deleted C:\Windows\system32\GroupPolicy\User deleted C:\Windows\system32\GroupPolicy\gpt.ini deleted C:\Windows\System32\searchplugins deleted C:\Windows\System32\Extensions deleted C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader@ftdownloader.com.xpi deleted C:\Users\Public\Desktop\Emoticons for your messenger!.url deleted C:\Users\Public\Desktop\YTD Video Downloader.lnk deleted C:\Users\Gebruiker\Desktop\iMesh.lnk deleted C:\Users\Gebruiker\Desktop\Sync Folder.lnk deleted "C:\Users\Gebruiker\AppData\Local\{8309E57B-C3DB-4F91-806A-2C31413E3689}" deleted "C:\Users\Gebruiker\AppData\Local\{BE5B7171-F0D6-45BA-8902-2C6144524182}" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== 2014-11-01 15:07:14 027562FF4840DFB992BB7FA6CC197E24 20851056 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\Sony\Sony PC Companion\AutoUpdate\Sony PC Companion_2.10.228_NetStorage.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2014-11-03 14:59:27 E89B115E1DD297DCB694B22CFA90BF61 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-11-03 14:59:27 7A6526C8BD114DB7CA8930AB22D52A0B 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-10-18 18:07:40 CD9214A6AE17D188D17C3CF8CB9CC693 184320 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2014-10-18 18:07:39 6C5139E4283249518F7743D7043775B3 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-11-03 09:31:39 -------- d-----w- C:\Program Files\trend micro 2014-10-27 19:14:53 -------- d-----w- C:\Program Files\Common Files\Citrix 2014-10-27 19:14:46 -------- d-----w- C:\Program Files\Citrix ======= C: ===== ====== C:\Users\Gebruiker\AppData\Roaming ====== 2014-10-27 19:16:16 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\ICAClient 2014-10-27 19:14:51 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Citrix ====== C:\Users\Gebruiker ====== 2014-10-27 19:16:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix 2014-10-27 19:15:45 -------- d-----w- C:\ProgramData\Citrix ====== C: exe-files == 2014-11-03 09:31:39 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Gebruiker.exe 2014-11-03 09:30:11 18945C5676B47FE7894EDA50C99E3A27 135415 ----a-w- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5ITIF76\RSIT[1].exe 2014-11-03 09:27:47 E60A227D5124220644DDAF5AD315472B 59071 ----a-w- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5NTXY2I\RSIT[1].exe 2014-11-01 15:08:25 6E0105823B4FE91632C9DA8314418417 655536 ----a-w- C:\Program Files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe 2014-11-01 15:07:14 027562FF4840DFB992BB7FA6CC197E24 20851056 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\Sony\Sony PC Companion\AutoUpdate\Sony PC Companion_2.10.228_NetStorage.exe === C: other files == 2014-11-03 14:59:27 E89B115E1DD297DCB694B22CFA90BF61 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-11-03 14:59:27 7A6526C8BD114DB7CA8930AB22D52A0B 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-11-03 10:27:39 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AU0055MV\widgets.xrosview[2].com 2014-11-02 12:07:38 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GN2ZVIF6\widgets.xrosview[1].com 2014-11-02 12:03:51 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9IBA6F6\widgets.xrosview[2].com 2014-11-01 16:36:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFC7CVOU\bol[1].com 2014-10-31 13:23:15 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9IBA6F6\www.finnair[1].com 2014-10-28 19:06:17 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KSS2MEAX\hbhanghua.en.alibaba[1].com ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1722000691-2551148484-3720757338-1000\Software\Microsoft\Windows\CurrentVersion\Run] "SanDiskSecureAccess_Manager.exe"="C:\Users\Gebruiker\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "EaseUS EPM tray"="C:\Program Files\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe" "ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SanDiskSecureAccess_Manager.exe"="C:\Users\Gebruiker\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" ==== Startup Folders ====================== 2014-10-27 19:16:40 2821 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk 2012-03-07 17:03:18 964 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SanDisk Media Manager.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23/09/2014 22:01] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\{7C9BCD1A-EB08-46B5-9452-9EB00B21D9F0}" [C:\Program Files\Skype\Phone\Skype.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [13/07/2013 19:32] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cdigkkamccnhblfionlgijikpahapdfi - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta6073\ch\VideoPlayerV3beta6073.crx[] cjipahocojmnikgidjdomlhkepghbaan - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1944\ch\MediaViewerV1alpha1944.crx[] dfmiddhgbaabkcbekocinoofclfhmojg - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3262\ch\MediaBuzzV1mode3262.crx[] eammkehbockolnlonapmjdeghgeadlkd - C:\Program Files\MediaViewV1\MediaViewV1alpha227\ch\MediaViewV1alpha227.crx[] kfmikagihdiekiameomefklgcmdnedjn - C:\Program Files\MediaWatchV1\MediaWatchV1home863\ch\MediaWatchV1home863.crx[] lbpomceegdickpjadeklafaidpdoecji - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha3048\ch\TrustMediaViewerV1alpha3048.crx[] lfhphoblaekpogcalaiigcepmnnemnmd - C:\Program Files\MediaViewV1\MediaViewV1alpha9287\ch\MediaViewV1alpha9287.crx[] npoolekpjjbmkcifjmheeloiommbgpbd - C:\Program Files\RichMediaViewV1\RichMediaViewV1release206\ch\RichMediaViewV1release206.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_nlBE403" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cdigkkamccnhblfionlgijikpahapdfi deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjipahocojmnikgidjdomlhkepghbaan deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dfmiddhgbaabkcbekocinoofclfhmojg deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eammkehbockolnlonapmjdeghgeadlkd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kfmikagihdiekiameomefklgcmdnedjn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lbpomceegdickpjadeklafaidpdoecji deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lfhphoblaekpogcalaiigcepmnnemnmd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\npoolekpjjbmkcifjmheeloiommbgpbd deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RichMediaViewV1release206 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\imeshtoolbar2 deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z11BBFCA will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=660 folders=62 110890779 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z11BBFCA" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on di 04/11/2014 at 8:22:35,21 ======================