Zoek.exe v5.0.0.0 Updated 27-01-2015 Tool run by Joep on za 31-01-2015 at 14:05:59,10. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Joep\Desktop\zoek.exe.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 31-1-2015 14:08:18 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-519158937-2157163378-2175981314-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully HKEY_USERS\S-1-5-21-519158937-2157163378-2175981314-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully HKEY_USERS\S-1-5-21-519158937-2157163378-2175981314-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully HKEY_USERS\S-1-5-21-519158937-2157163378-2175981314-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A647857E-2A41-7118-A0F0-DDFE7ECD47D4} deleted successfully HKEY_USERS\S-1-5-21-519158937-2157163378-2175981314-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A647857E-2A41-7118-A0F0-DDFE7ECD47D4} deleted successfully HKEY_USERS\S-1-5-21-519158937-2157163378-2175981314-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B637857E-2A63-7647-A0F0-AAFE7CED46A3} deleted successfully HKEY_USERS\S-1-5-21-519158937-2157163378-2175981314-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B637857E-2A63-7647-A0F0-AAFE7CED46A3} deleted successfully HKEY_USERS\S-1-5-21-519158937-2157163378-2175981314-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B747846A-6B41-7335-E0F1-CCFA7ECD64D7} deleted successfully HKEY_USERS\S-1-5-21-519158937-2157163378-2175981314-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B747846A-6B41-7335-E0F1-CCFA7ECD64D7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A647857E-2A41-7118-A0F0-DDFE7ECD47D4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A647857E-2A41-7118-A0F0-DDFE7ECD47D4} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B637857E-2A63-7647-A0F0-AAFE7CED46A3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B637857E-2A63-7647-A0F0-AAFE7CED46A3} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B747846A-6B41-7335-E0F1-CCFA7ECD64D7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B747846A-6B41-7335-E0F1-CCFA7ECD64D7} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A647857E-2A41-7118-A0F0-DDFE7ECD47D4}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B637857E-2A63-7647-A0F0-AAFE7CED46A3}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B747846A-6B41-7335-E0F1-CCFA7ECD64D7}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Babylon Client"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\Babylon deleted C:\Program Files\Babylon deleted C:\Users\Joep\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk deleted C:\Users\Joep\AppData\Roaming\Babylon deleted C:\PROGRA~3\OberonGameConsole deleted C:\Users\Joep\AppData\Local\Exact.Update.OA.exe.log deleted C:\Users\Joep\AppData\Local\Babylon deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Public\Desktop\Babylon.lnk deleted "C:\Users\Joep\AppData\Roaming\autostarter.exe" deleted "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonDocTranslation64PI.dll" deleted "C:\PROGRA~2\Babylon\Babylon-Pro\Utils\BabylonDocTranslation64PI.dll" deleted "C:\Program Files (x86)\Babylon\Babylon-Pro" not deleted "C:\PROGRA~2\Babylon" not deleted "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils" not deleted "C:\PROGRA~2\Babylon\Babylon-Pro" not deleted "C:\PROGRA~2\Babylon\Babylon-Pro\Utils" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Joep\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-01-31 13:00:57 13D186FA6F19823C598335443CE233BC 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-01-29 14:24:31 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-01-29 14:23:44 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2015-01-29 14:23:44 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-01-29 14:23:44 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2015-01-14 10:32:00 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== 2015-01-30 09:59:35 0DDE517F2D174D08E24DABB3F4703AF8 3256 ----a-w- C:\Windows\Sysnative\Tasks\{2E065525-012F-4FF5-87C2-A1317314963C} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-01-31 13:01:03 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-01-31 12:59:40 -------- d-----w- C:\PROGRA~2\Java ======= C: ===== ====== C:\Users\Joep\AppData\Roaming ====== 2015-01-29 14:23:29 -------- d-----w- C:\Users\Joep\AppData\Local\Programs 2015-01-17 18:55:44 EF7EC414F2E5F3C64C7F7EE101C155A3 26686 ----a-w- C:\Users\Joep\AppData\Roaming\url.txt 2015-01-17 18:44:51 91759EAEB07BEC88DFD1CC704CB44114 78573539 ----a-w- C:\Users\Joep\AppData\Roaming\autosearch ====== C:\Users\Joep ====== 2015-01-31 13:00:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-31 12:59:46 -------- d-----w- C:\ProgramData\Oracle 2015-01-19 09:00:12 E738EAAC858873B6014C426CF2702606 1194992 ----a-w- C:\Users\Joep\Downloads\StartIsBackPlus_setup.exe ====== C: exe-files == 2015-01-31 13:00:17 B0D46640968F989830413EB88F43E0D0 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-01-31 13:00:17 52C8B9FD016E6317FDB151296FF90877 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-01-31 13:00:17 3E72E1AB196855916E2065C604674631 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-01-31 12:59:59 F9D744CD9BC58F287F8FA59D32508EDD 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\orbd.exe 2015-01-31 12:59:59 DBB5C8AE19ACFA2857CFB90C7305AC56 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssvagent.exe 2015-01-31 12:59:59 DA34E76DE9CD93471F24E7BD43139958 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\kinit.exe 2015-01-31 12:59:59 CDB1FE0DCF2ADB755EBF65C8AEBBC871 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\servertool.exe 2015-01-31 12:59:59 AF82EA1498FEC5C49B8A1AE5AA0A5F6C 77224 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe 2015-01-31 12:59:59 A8884FB8246655C84F110E77DF5E1B4A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\ktab.exe 2015-01-31 12:59:59 90C02BD6D01BBC1C620323F9E330E89C 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\jjs.exe 2015-01-31 12:59:59 8B6DF9CD28359C5E819446FD79CE3948 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\rmiregistry.exe 2015-01-31 12:59:59 7479DA0BED071427A3F0017AC51CC27B 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\unpack200.exe 2015-01-31 12:59:59 69BD74EE834B5629226BF89468B8020B 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\keytool.exe 2015-01-31 12:59:59 5F7C51E0DCA813D647F14FC12AE675F2 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\policytool.exe 2015-01-31 12:59:59 577F5DCBA4DE4C345631873670F84E79 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\tnameserv.exe 2015-01-31 12:59:59 52C8B9FD016E6317FDB151296FF90877 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaws.exe 2015-01-31 12:59:59 3E72E1AB196855916E2065C604674631 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe 2015-01-31 12:59:59 39685FC75B6FB2144E793595F1AB111D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\pack200.exe 2015-01-31 12:59:59 2F77C9862B1A2401278C4A5B932DA69D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\klist.exe 2015-01-31 12:59:59 0FB2ACAC796B166F6486B593B604A3FF 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\rmid.exe 2015-01-31 12:59:58 F5EA785B2BCC08DC28CBC2D96E05F2C1 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe 2015-01-31 12:59:58 DF1C8EDDAF14D2960A06A9DF7B2D0A89 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\java-rmi.exe 2015-01-31 12:59:58 B0D46640968F989830413EB88F43E0D0 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\java.exe 2015-01-31 12:59:58 063A1044A451660B159426B9C5E75957 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\jabswitch.exe 2015-01-30 10:51:52 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMLXMR5I\AdwCleaner.exe 2015-01-30 10:04:32 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\Joep.exe 2015-01-29 15:02:46 7CB99E1320D002BE01B5D13FC647E398 129903344 ----a-w- C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15BYCAN1\msert (1).exe 2015-01-29 15:02:33 7CB99E1320D002BE01B5D13FC647E398 129903344 ----a-w- C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15BYCAN1\msert.exe 2015-01-27 19:27:09 220A0B7B557EFEF7C399CDC1E9DBDA2D 875088 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.93\40.0.2214.93_40.0.2214.91_chrome_updater.exe 2015-01-27 18:40:19 6924FCC2DFDC213550BDC25DACD6957B 1160208 ----a-w- C:\Program Files\Trend Micro\Titanium\plugin\tmupgrade.exe === C: other files == 2015-01-31 12:59:59 3315140254247E248C3531F159C79109 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\lib\deploy\ffjcext.zip 2015-01-31 12:56:16 CA2522F1E480FA299060C05B859DE16D 639912 ----a-w- C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15BYCAN1\JavaSetup8u31.com 2015-01-30 10:43:00 398117373B841BDB356CA8BAD54200B8 482 ----a-w- C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO4HW3S9\SysOutlook[1].vbs 2015-01-29 15:24:21 808E3B962378A9FD9C21B5222191F27A 86813 ----a-w- C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15BYCAN1\cports.zip 2015-01-29 15:23:57 B2F98463BCDE33F70F1AB43E9C11207D 1933 ----a-w- C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMLXMR5I\cports_dutch1.zip 2015-01-29 14:24:31 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-01-29 14:23:44 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-01-29 14:23:44 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-01-29 14:23:44 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-519158937-2157163378-2175981314-1001\Software\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "GUDelayStartup"="C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe -delayrun" "iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-519158937-2157163378-2175981314-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe -update activex" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0" "UpdatePSTShortCut"="C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Cyberlink\DVD Suite UpdateWithCreateOnce Software\CyberLink\PowerStarter" "ATKOSD2"="c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" "ATKMEDIA"="c:\program files (x86)\asus\atk package\atk media\dmedia.exe" "HControlUser"="c:\program files (x86)\asus\atk package\atk hotkey\hcontroluser.exe" "Wireless Console 3"="c:\program files (x86)\asus\wireless console 3\wcourier.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "APSDaemon"="c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "VirtualCloneDrive"="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe /s" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "GUDelayStartup"="C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe -delayrun" "iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe -update activex" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS WebStorage"="c:\program files (x86)\asus\asus webstorage\service\asuswsservice.exe" "Trend Micro Client Framework"="C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe " "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "hkey"="HKLM" "item"="Adobe Reader Speed Launcher" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmIcoSinglun64] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AmIcoSinglun64" "hkey"="HKLM" "command"="c:\\program files (x86)\\amicosinglun\\amicosinglun64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ETDWare] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ETDWare" "hkey"="HKLM" "command"="%programfiles%\\elantech\\etdctrl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg" "hkey"="HKLM" "command"="c:\\program files\\realtek\\audio\\hda\\ravbg64.exe /sf3 " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" "hkey"="HKLM" "item"="RtHDVCpl" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SonicMasterTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SonicMasterTray" "hkey"="HKLM" "command"="c:\\program files (x86)\\asus\\sonicmaster\\sonicmastertray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk" "backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe " "item"="Bluetooth" ==== Startup Folders ====================== 2015-01-17 18:44:53 923 ----a-w- C:\Users\Joep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk 2014-08-29 11:27:53 1932 ----a-w- C:\Users\Joep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Officejet Pro 8600 (netwerk).lnk 2010-11-22 12:41:20 2617 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [01-01-2015 14:31] C:\Windows\tasks\GlaryInitialize 5.job --a------ :C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ASUSControlDeck" [C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GlaryInitialize 5" [C:\Program Files (x86)\Glary Utilities 5\Initialize.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GU5SkipUAC" [C:\Program Files (x86)\Glary Utilities 5\Integrator.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\Titanium BTC" [C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "tmbepff@trendmicro.com"="C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension" [27-08-2014 07:42] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ocr@babylon.com"="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com" [] ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.93 (Up to date, latest Stable version: 40.0.2214.93) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bmiabdepfhhiieiipmeecdmeljggmfee - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\chrome_tmbep.crx[] dflinnddekagfkncpgojoppgnppfkbkj - No path found[] Google Slides - Joep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Joep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Joep\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Joep\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Joep\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Joep\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Wallet - Joep\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Joep\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUT_nlNL580" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-519158937-2157163378-2175981314-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{38783831-6098-4faa-A9C9-1EE1E343F4D2} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ocr@babylon.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15BYCAN1 will be deleted at reboot C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMLXMR5I will be deleted at reboot C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HQJ0UPPG will be deleted at reboot C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M0CHLZBF will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Joep\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2473 folders=233 532939654 bytes) ==== Empty Temp Folders ====================== C:\Users\Joep\AppData\Local\Temp will be emptied at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Joep\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Babylon\Babylon-Pro" not found "C:\PROGRA~2\Babylon" not found "C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15BYCAN1" deleted "C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMLXMR5I" deleted "C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HQJ0UPPG" not found "C:\Users\Joep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M0CHLZBF" not found ==== EOF on za 31-01-2015 at 15:03:48,00 ======================