Zoek.exe v5.0.0.0 Updated 13-01-2015 Tool run by gkottier on di 13-01-2015 at 20:33:23,38. Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\gkottier\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-01-12-233250.log 43960 bytes ==== Empty Folders Check ====================== C:\Program Files\UpgradeStance deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3885368765-3702246031-3820816764-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53F6FCCD-9E22-4d71-86EA-6E43136192AB} deleted successfully HKEY_USERS\S-1-5-21-3885368765-3702246031-3820816764-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{53F6FCCD-9E22-4d71-86EA-6E43136192AB} deleted successfully HKEY_USERS\S-1-5-21-3885368765-3702246031-3820816764-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{925DAB62-F9AC-4221-806A-057BFB1014AA} deleted successfully HKEY_USERS\S-1-5-21-3885368765-3702246031-3820816764-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{925DAB62-F9AC-4221-806A-057BFB1014AA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- "rec_nl_1"=- "rec_nl_2"=- ==== Deleting Files \ Folders ====================== "C:\Program Files\rec_nl_1\rec_nl_1.exe" deleted "C:\Program Files\rec_nl_2\rec_nl_2.exe" deleted "C:\Program Files\MyDrive Connect\DeviceController.dll" deleted "C:\Program Files\MyDrive Connect\DeviceDetection.dll" deleted "C:\Program Files\MyDrive Connect\DeviceNavManager.dll" deleted "C:\Program Files\MyDrive Connect\libeay32.dll" deleted "C:\Program Files\MyDrive Connect\MyDriveConnect.exe" deleted "C:\Program Files\MyDrive Connect\QtCore4.dll" deleted "C:\Program Files\MyDrive Connect\QtGui4.dll" deleted "C:\Program Files\MyDrive Connect\QtNetwork4.dll" deleted "C:\Program Files\MyDrive Connect\QtXml4.dll" deleted "C:\Program Files\MyDrive Connect\ssleay32.dll" deleted "C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll" deleted "C:\Program Files\MyDrive Connect\TomTomSupporterCore.dll" deleted "C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll" deleted "C:\Program Files\MyDrive Connect\Plugins\DeviceNavEthernetManager.dll" deleted "C:\Program Files\rec_nl_1" deleted "C:\Program Files\rec_nl_2" deleted "C:\Program Files\MyDrive Connect" deleted "C:\Program Files\MyDrive Connect\Plugins" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\gkottier\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-01-08 23:40:04 742BD1F196FEFC94A6379BA039D3CD00 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== 2015-01-09 02:28:39 85B6EA1B86B55ECF9B2C66C9F56CC418 3598 ----a-w- C:\Windows\system32\Tasks\Maxthon Update ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-13 00:31:05 -------- d-----w- C:\Program Files\trend micro 2015-01-09 02:28:19 -------- d-----w- C:\Program Files\Maxthon 2015-01-08 23:40:18 -------- d-----w- C:\Program Files\Common Files\Java 2015-01-05 23:10:37 -------- d-----w- C:\Program Files\TomTom International B.V ======= C: ===== ====== C:\Users\gkottier\AppData\Roaming ====== 2015-01-12 23:27:11 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-01-12 23:27:11 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-01-12 23:27:11 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\Temp 2015-01-12 23:27:11 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-01-12 23:27:11 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-01-12 23:27:10 -------- d-----w- C:\Users\gkottier\AppData\Local\Temp 2015-01-09 02:28:30 -------- d-----w- C:\Users\gkottier\AppData\Roaming\Maxthon3 2015-01-05 23:10:39 -------- d-----w- C:\Users\gkottier\AppData\Local\TomTom 2014-12-29 12:41:33 -------- d-----w- C:\Users\gkottier\AppData\Local\rec_nl_2 2014-12-18 01:02:46 -------- d-----w- C:\Users\gkottier\AppData\Local\rec_nl_1 ====== C:\Users\gkottier ====== 2015-01-13 00:28:05 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\gkottier\Desktop\RSIT.exe 2015-01-12 23:51:55 3A582BF6FD39DC6A52AAF316126B40BA 638888 ----a-w- C:\Users\gkottier\Desktop\chromeinstall-8u25.exe 2015-01-09 02:28:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser 2015-01-09 02:22:37 DF4D60C048B3657578E4D6ED03589AC6 41337328 ----a-w- C:\Users\gkottier\Desktop\mx4.4.2.2000.exe 2015-01-08 23:39:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-08 23:24:18 -------- d-----w- C:\ProgramData\Oracle 2015-01-08 23:22:12 B02DE97F5B3024F63A5C108BBFFD905B 638376 ----a-w- C:\Users\gkottier\Desktop\jre-8u25-windows-i586-iftw.exe 2015-01-08 21:33:12 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\gkottier\Desktop\adwcleaner_4.107 (3).exe 2015-01-07 21:51:20 BBD3CCC83A3970C51F027CC0733D1AE6 13290 ----a-w- C:\Users\gkottier\mezenpot.docx 2015-01-05 23:46:52 E4801A9F7CEF7F316C35AFB60ED31754 2653006 ----a-w- C:\Users\gkottier\TomTom gebruikershandleiding.pdf 2015-01-05 23:10:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom 2014-12-19 22:09:08 E7FA8E66EC969D2716BEC4B4D98D85AB 6097007 ----a-w- C:\Users\gkottier\@ACHTERGRONDMUZIEK (Your Work).wma 2014-12-17 01:12:19 BE127A710496B27F41CF90C929D2E9DE 18899 ----a-w- C:\Users\gkottier\IGLO.xlsm 2014-12-17 01:08:25 63462B29C12583331F97CF5DEFCF3346 29696 ----a-w- C:\Users\gkottier\yoghurt.xls ====== C: exe-files == 2015-01-13 00:31:06 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\gkottier.exe 2015-01-13 00:28:05 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\gkottier\Desktop\RSIT.exe 2015-01-12 23:51:55 3A582BF6FD39DC6A52AAF316126B40BA 638888 ----a-w- C:\Users\gkottier\Desktop\chromeinstall-8u25.exe 2015-01-12 14:29:08 6E42CF0D47AF25DEA4CECDBE093D521C 10134 ----a-r- C:\Users\gkottier\AppData\Roaming\Microsoft\Installer\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}\ARPPRODUCTICON.exe 2015-01-09 02:28:32 4E429B3FFB76C3EABC748ED3AFE54CF8 1794840 ----a-w- C:\Program Files\Maxthon\_AppData\Maxthon3\Public\MxUp\MxUp.exe 2015-01-09 02:28:30 E230DEEEF1B7B8C1845E9A20F0E7DCB0 191488 ----a-w- C:\Program Files\Maxthon\Addons\Mobile\android\Adb.exe 2015-01-09 02:28:30 4E429B3FFB76C3EABC748ED3AFE54CF8 1794840 ----a-w- C:\Users\gkottier\AppData\Roaming\Maxthon3\Public\MxUp\MxUp.exe 2015-01-09 02:28:29 D8FC3C2755C4933563254FD4A5CEAA18 76088 ----a-w- C:\Program Files\Maxthon\Bin\MxAppLoader.exe 2015-01-09 02:28:29 79E92CC8D96ECEE9C070410BA74B3D2F 796472 ----a-w- C:\Program Files\Maxthon\Bin\Mx3UnInstall.exe 2015-01-09 02:28:29 7745AF3A195DE53C2C6C592A0984A8D1 258840 ----a-w- C:\Program Files\Maxthon\Bin\Maxthon.exe 2015-01-09 02:28:29 4E429B3FFB76C3EABC748ED3AFE54CF8 1794840 ----a-w- C:\Program Files\Maxthon\Bin\MxUp.exe 2015-01-09 02:28:29 3B2E3C0D55543D3B79BB9BCFC35F9031 245048 ----a-w- C:\Program Files\Maxthon\Bin\MxCrashReport.exe 2015-01-09 02:28:23 787431C4CEA33BF5C8ED2F8DDD0BA889 86768 ----a-w- C:\Program Files\Maxthon\Core\Webkit\Npplugins\gameloader.exe 2015-01-09 02:28:22 3FC13D29444027A9272203B4F0AA5F60 2685752 ----a-w- C:\Program Files\Maxthon\Modules\MxDock\MxDock.exe 2015-01-09 02:22:37 DF4D60C048B3657578E4D6ED03589AC6 41337328 ----a-w- C:\Users\gkottier\Desktop\mx4.4.2.2000.exe 2015-01-08 23:39:42 AA3520FB0133A56BEE1DB34D74DBEF64 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-01-08 23:39:42 75D477E868CA51EC1B09D730570F322B 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-01-08 23:39:42 691D49FB44EDE9788288CABE4F7E0DAF 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-01-08 23:39:25 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\unpack200.exe 2015-01-08 23:39:24 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ssvagent.exe 2015-01-08 23:39:24 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\tnameserv.exe 2015-01-08 23:39:23 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmid.exe 2015-01-08 23:39:23 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\policytool.exe 2015-01-08 23:39:23 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmiregistry.exe 2015-01-08 23:39:23 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\servertool.exe 2015-01-08 23:39:22 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\pack200.exe 2015-01-08 23:39:22 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\orbd.exe 2015-01-08 23:39:21 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\keytool.exe 2015-01-08 23:39:21 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\kinit.exe 2015-01-08 23:39:21 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\klist.exe 2015-01-08 23:39:21 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ktab.exe 2015-01-08 23:39:20 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jp2launcher.exe 2015-01-08 23:39:19 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jjs.exe 2015-01-08 23:39:18 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaws.exe 2015-01-08 23:39:17 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe 2015-01-08 23:39:17 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe 2015-01-08 23:39:16 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java.exe 2015-01-08 23:39:15 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jabswitch.exe 2015-01-08 23:39:15 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java-rmi.exe 2015-01-08 23:22:12 B02DE97F5B3024F63A5C108BBFFD905B 638376 ----a-w- C:\Users\gkottier\Desktop\jre-8u25-windows-i586-iftw.exe 2015-01-08 21:33:12 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\gkottier\Desktop\adwcleaner_4.107 (3).exe === C: other files == 2015-01-08 23:39:26 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files\Java\jre1.8.0_25\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-3885368765-3702246031-3820816764-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\gkottier\AppData\Local\Google\Update\GoogleUpdate.exe /c" "MyDriveConnect.exe"="C:\Program Files\MyDrive Connect\MyDriveConnect.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\gkottier\AppData\Local\Google\Update\GoogleUpdate.exe /c" "MyDriveConnect.exe"="C:\Program Files\MyDrive Connect\MyDriveConnect.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" c:\\progra~1\\google\\google~2\\goec62~1.dll" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Casema Installatie] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Casema Installatie" "hkey"="HKLM" "command"="\"C:\\Program Files\\Casema\\casema.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CLMLServer" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerCinema\\Kernel\\CLML\\CLMLSvc.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FujiKeyboard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FujiKeyboard" "hkey"="HKLM" "command"="c:\\Acer\\Preload\\Autorun\\DRV\\FUJI Keyboard\\ABoard.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Desktop Search" "hkey"="HKLM" "command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\gkottier\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IconixOEAddOn] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IconixOEAddOn" "hkey"="HKLM" "command"="\"C:\\Program Files\\Iconix\\OEAddOn\\OEdmn_6.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSC" "hkey"="HKLM" "command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCMAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PCMAgent" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerCinema\\PCMAgent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PlayMovie] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PlayMovie" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PlayMovie\\PMVService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="RtHDVCpl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Setresolution] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Setresolution" "hkey"="HKLM" "command"="C:\\ACER\\config\\1440x900.cmd" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skytel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skytel" "hkey"="HKLM" "command"="Skytel.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmpcSys] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SmpcSys" "hkey"="HKLM" "command"="C:\\Program Files\\Packard Bell\\SetupMyPC\\SmpSys.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Defender" "hkey"="HKLM" "command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Search] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Yahoo! Search" "hkey"="HKCU" "command"="C:\\Users\\gkottier\\AppData\\Local\\Pay-By-Ads\\Yahoo! Search\\1.3.15.4\\dsrlte.exe" ==== Startup Folders ====================== 2014-12-08 21:38:28 1777 ----a-w- C:\Users\gkottier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 1510 series.lnk 2010-05-08 08:09:42 917 ----a-w- C:\Users\gkottier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09-12-2014 20:47] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21-10-2014 22:35] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21-10-2014 22:35] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3885368765-3702246031-3820816764-1000Core.job --a------ C:\Users\gkottier\AppData\Local\Google\Update\GoogleUpdate.exe [27-10-2014 23:48] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3885368765-3702246031-3820816764-1000UA.job --a------ C:\Users\gkottier\AppData\Local\Google\Update\GoogleUpdate.exe [27-10-2014 23:48] C:\Windows\tasks\PCConfidential.job --a------ C:\Program Files\Winferno\PC Confidential\PCConfidential.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3885368765-3702246031-3820816764-1000Core" [C:\Users\gkottier\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3885368765-3702246031-3820816764-1000UA" [C:\Users\gkottier\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Maxthon Update" ["C:\Program Files\Maxthon\Bin\Maxthon.exe"] "C:\Windows\system32\tasks\Opera scheduled Autoupdate 1417036710" [C:\Program Files\Opera\launcher.exe] "C:\Windows\system32\tasks\PCConfidential" [C:\Program Files\Winferno\PC Confidential\PCConfidential.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [13-08-2014 23:49] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[13-08-2014 23:48] YouTube - gkottier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - gkottier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Analytics Opt-out Add-on by Google - gkottier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh AdBlock - gkottier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom JWPlayer - gkottier\AppData\Local\Google\Chrome\User Data\Default\Extensions\lobpfnbmdknanjmkehfheladddgpbikg Google Wallet - gkottier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - gkottier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {59FF1E4C-E918-40F4-BBA7-DB3FFA7739E3} Google Url="https://www.google.com/search?q={searchTerms}" {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\gkottier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\gkottier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\gkottier\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\gkottier\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=369 folders=90 60466377 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\gkottier\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\gkottier\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\gkottier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on di 13-01-2015 at 21:17:08,51 ======================