Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Daems Jonas on za 28/05/2016 at 16:05:58,88. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: d:\Users\Daems Jonas\Downloads\zoek (4).exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-05-26-092856.log 30015 bytes C:\zoek-results2016-05-26-110534.log 111667 bytes C:\zoek-results2016-05-27-105130.log 11685 bytes ==== Empty Folders Check ====================== C:\Users\Daems Jonas\AppData\Local\ActiveSync deleted successfully C:\Users\Daems Jonas\AppData\Local\VirtualStore deleted successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Search Results for "secure" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\network\secure] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Fusion\References\Microsoft.SecureBoot.Commands, Version=10.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Fusion\References\Microsoft.SecureBoot.Commands, Version=10.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\{2EC93463-B0C3-45E1-8364-327E96AEA856}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Fusion\References\Microsoft.SecureBoot.Commands, Version=10.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=x86] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Fusion\References\Microsoft.SecureBoot.Commands, Version=10.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=x86\{2EC93463-B0C3-45E1-8364-327E96AEA856}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Fusion\References\Microsoft.SecureBoot.Commands.Resources, Version=10.0.0.0, Culture=en, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Fusion\References\Microsoft.SecureBoot.Commands.Resources, Version=10.0.0.0, Culture=en, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\{2EC93463-B0C3-45E1-8364-327E96AEA856}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Fusion\References\Microsoft.SecureBoot.Commands.Resources, Version=10.0.0.0, Culture=en, PublicKeyToken=31bf3856ad364e35, processorArchitecture=x86] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Fusion\References\Microsoft.SecureBoot.Commands.Resources, Version=10.0.0.0, Culture=en, PublicKeyToken=31bf3856ad364e35, processorArchitecture=x86\{2EC93463-B0C3-45E1-8364-327E96AEA856}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\Microsoft.SecureBoot.Commands, Version=10.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=x86] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\Microsoft.SecureBoot.Commands, Version=10.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=x86\0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Account Manager\Preconfigured\Active Directory GC] "LDAP Secure Connection"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\BLOCKMIXEDIMAGES] "Text"="Block unsecured images with other mixed content" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SECURE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SECURE] "Text"="Warn if changing between secure and not secure mode" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SSL2.0] "ValueName"="SecureProtocols" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\SSL3.0] "ValueName"="SecureProtocols" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.0] "ValueName"="SecureProtocols" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1] "ValueName"="SecureProtocols" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2] "ValueName"="SecureProtocols" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}] "AppPath"="C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\ScriptHelperInstaller\\40.3.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC] "AllowOnlySecureRpcCalls"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC] "FallbackToUnsecureRPCIfNecessary"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM] "DefaultSecuredHost"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Secure] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\High] "DisplayName"="High safety (very secure)" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\Low] "DisplayName"="Low safety (very insecure)" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedLow] "DisplayName"="Intranet recommended safety (less secure)" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\XWizards\Components\{C100BED3-D33A-4A4B-BF23-BBEF4663D017}\Children\{D34BD150-6D84-443E-83EE-04C7682377E4}] @="Unsecured Net Connect Control Page" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\XWizards\Components\{D34BD150-6D84-443E-83EE-04C7682377E4}] @="Unsecured Net Connect Control Page" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "EnableSecureUIAPaths"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "PromptOnSecureDesktop"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\https:] "{37A61C8B-7F8E-4d08-B12B-248D73E9AB4F}"="Secure Http Scheme Handler" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\httpsd:] "{37A61C8B-7F8E-4d08-B12B-248D73E9AB4F}"="Secure Http Scheme Handler" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot] "ScreenSaverIsSecure"="USR:Control Panel\\Desktop" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/EnableSecureUIAPaths] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/PromptOnSecureDesktop] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/SecurePipeServers/Winreg/AllowedExactPaths/Machine] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/SecurePipeServers/Winreg/AllowedPaths/Machine] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SealSecureChannel] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SignSecureChannel] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Media.Protection.PlayReady.PlayReadySecureStopIterable] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Media.Protection.PlayReady.PlayReadySecureStopServiceRequest] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{889d462e-ca69-3675-8b10-53aa9b377c5f}] "ActivatableClassId"="Windows.Media.Protection.PlayReady.PlayReadySecureStopIterable" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{8e79c3ec-41d8-3bdf-9d70-3729fca347ef}] "ActivatableClassId"="Windows.Media.Protection.PlayReady.PlayReadySecureStopServiceRequest" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}] @="Microsoft WMI Provider Subsystem Secured Host" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{49BD2028-1523-11D1-AD79-00C04FD8FDFF}] @="Microsoft WBEM Unsecured Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}] @="Microsoft WMI Provider Subsystem Secured Host" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37A61C8B-7F8E-4d08-B12B-248D73E9AB4F}] @="Secure Http Scheme Handler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D34BD150-6D84-443E-83EE-04C7682377E4}] @="Unsecured Net Connect Control Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1CFABA8C-1523-11D1-AD79-00C04FD8FDFF}] @="IUnsecuredApartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1DCB3A0D-33ED-11D3-8470-00C04F79DBC0}] @="ISCPSecureQuery" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1DCB3A0E-33ED-11D3-8470-00C04F79DBC0}] @="ISCPSecureExchange" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1DCB3A0F-33ED-11D3-8470-00C04F79DBC0}] @="ISCPSecureAuthenticate" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{25f2ce20-8b1d-4971-a7cd-549dae201fc0}] @="IMsRdpClientSecuredSettings2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31739D04-3471-4CF4-9A7C-57A44AE71956}] @="IWbemUnsecuredApartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{605BEFCF-39C1-45CC-A811-068FB7BE346D}] @="IMsRdpClientSecuredSettings" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C62FC7B-2690-483F-9D44-0A20CB35577C}] @="ISCPSecureExchange2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB4E77E4-8908-4B17-BD2A-B1DBE6DD69E1}] @="ISCPSecureExchange3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B580CFAE-1672-47E2-ACAA-44BBECBCAE5B}] @="ISCPSecureAuthenticate2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7EDD1A2-4DAB-484B-B3C5-AD39B8B4C0B1}] @="ISCPSecureQuery3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C9D65442-A0F9-45B2-8F73-D61D2DB8CBB6}] @="IMsTscSecuredSettings" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBE17E25-4FD7-4632-AF46-6D93D4FCC72E}] @="ISCPSecureQuery2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}] @="Microsoft WMI Provider Subsystem Secured Host" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{37A61C8B-7F8E-4d08-B12B-248D73E9AB4F}] @="Secure Http Scheme Handler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D34BD150-6D84-443E-83EE-04C7682377E4}] @="Unsecured Net Connect Control Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1CFABA8C-1523-11D1-AD79-00C04FD8FDFF}] @="IUnsecuredApartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1DCB3A0D-33ED-11D3-8470-00C04F79DBC0}] @="ISCPSecureQuery" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1DCB3A0E-33ED-11D3-8470-00C04F79DBC0}] @="ISCPSecureExchange" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1DCB3A0F-33ED-11D3-8470-00C04F79DBC0}] @="ISCPSecureAuthenticate" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{25f2ce20-8b1d-4971-a7cd-549dae201fc0}] @="IMsRdpClientSecuredSettings2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31739D04-3471-4CF4-9A7C-57A44AE71956}] @="IWbemUnsecuredApartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{605BEFCF-39C1-45CC-A811-068FB7BE346D}] @="IMsRdpClientSecuredSettings" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6C62FC7B-2690-483F-9D44-0A20CB35577C}] @="ISCPSecureExchange2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4E77E4-8908-4B17-BD2A-B1DBE6DD69E1}] @="ISCPSecureExchange3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B580CFAE-1672-47E2-ACAA-44BBECBCAE5B}] @="ISCPSecureAuthenticate2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B7EDD1A2-4DAB-484B-B3C5-AD39B8B4C0B1}] @="ISCPSecureQuery3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9D65442-A0F9-45B2-8F73-D61D2DB8CBB6}] @="IMsTscSecuredSettings" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EBE17E25-4FD7-4632-AF46-6D93D4FCC72E}] @="ISCPSecureQuery2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}] @="Microsoft WMI Provider Subsystem Secured Host" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\AppID\{49BD2028-1523-11D1-AD79-00C04FD8FDFF}] @="Microsoft WBEM Unsecured Apartment" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa] "SecureBoot"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecureBoot] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecureBoot\State] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecureBoot\State] "UEFISecureBootEnabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurePipeServers] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurePipeServers\winreg] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurePipeServers\winreg\AllowedExactPaths] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurePipeServers\winreg\AllowedPaths] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\kernel] "ObUnsecureGlobalNames"=hex(7):6e,65,74,66,78,63,75,73,74,6f,6d,70,65,72,66,63,\ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Power] "SecurePagesProcessed"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters] "SealSecureChannel"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters] "SignSecureChannel"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\SecureTimeLimits] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\SecureTimeLimits] "SecureTimeConfidence"=dword:00000006 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\SecureTimeLimits] "SecureTimeEstimated"=hex(b):95,63,f5,20,eb,b8,d1,01 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\SecureTimeLimits] "SecureTimeHigh"=hex(b):95,cb,b9,82,f3,b8,d1,01 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\SecureTimeLimits] "SecureTimeLow"=hex(b):95,fb,30,bf,e2,b8,d1,01 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\SecureTimeLimits] "SecureTimeTickCount"=hex(b):6c,b6,27,04,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\TimeProviders\NtpServer] "RequireSecureTimeSyncRequests"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WindowsTrustedRTProxy] "DisplayName"="@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service" [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DeviceIds\{4E815EE1-20F8-41EF-8CFF-3C283F02D722}\SecureService] [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\genericusbfn.inf_amd64_39deff39eb161e07\Configurations\genericusbfn.InstallSecure.NT] [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\genericusbfn.inf_amd64_39deff39eb161e07\Descriptors\USBFN\IpOverUSB] "Configuration"="genericusbfn.InstallSecure.NT" [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\genericusbfn.inf_amd64_39deff39eb161e07\Descriptors\USBFN\MTP] "Configuration"="genericusbfn.InstallSecure.NT" [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\sdbus.inf_amd64_be681b1aca076232\Strings] "acpi\\armh_pl180.devicedesc"="ARM Holdings PL180 Secure Digital host controller" [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\sdbus.inf_amd64_be681b1aca076232\Strings] "pci\\ven_1180&dev_0822&subsys_c01a144d&rev_17"="Ricoh Secure Digital host controller R5C841" [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\sdbus.inf_amd64_be681b1aca076232\Strings] "acpi\\qcom7002.devicedesc"="Qualcomm SoC Secure Digital host controller" [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\sdbus.inf_amd64_be681b1aca076232\Strings] "acpi\\qcom2465.devicedesc"="Qualcomm SoC Secure Digital host controller" [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\sdbus.inf_amd64_be681b1aca076232\Strings] "acpi\\qcom2466.devicedesc"="Qualcomm SoC Secure Digital host controller" [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\sdbus.inf_amd64_be681b1aca076232\Strings] "pci\\ven_1106&dev_401b.devicedesc"="VIA Secure Digital host controller" [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\sdbus.inf_amd64_be681b1aca076232\Strings] "pci\\ven_1106&dev_365b.devicedesc"="VIA Secure Digital host controller" [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\sdbus.inf_amd64_be681b1aca076232\Strings] "pci\\ven_1106&dev_95d0.devicedesc"="VIA Secure Digital host controller" [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\sdbus.inf_amd64_be681b1aca076232\Strings] "acpi\\qcom24bf.devicedesc"="Qualcomm SoC Secure Digital host controller" [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\sdbus.inf_amd64_be681b1aca076232\Strings] "pci\\ven_104c&dev_ac9f.devicedesc"="Texas Instruments Secure Digital host controller" [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\windowstrustedrtproxy.inf_amd64_577dd325df739ac9\Descriptors\{4E815EE1-20F8-41EF-8CFF-3C283F02D722}\SecureService] [HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\windowstrustedrtproxy.inf_amd64_577dd325df739ac9\Strings] "windowstrustedrtproxy.devicedesc"="Microsoft Windows Trusted Runtime Secure Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "SecureBoot"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\State] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\State] "UEFISecureBootEnabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedExactPaths] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel] "ObUnsecureGlobalNames"=hex(7):6e,65,74,66,78,63,75,73,74,6f,6d,70,65,72,66,63,\ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power] "SecurePagesProcessed"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] "SealSecureChannel"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] "SignSecureChannel"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits] "SecureTimeConfidence"=dword:00000006 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits] "SecureTimeEstimated"=hex(b):95,63,f5,20,eb,b8,d1,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits] "SecureTimeHigh"=hex(b):95,cb,b9,82,f3,b8,d1,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits] "SecureTimeLow"=hex(b):95,fb,30,bf,e2,b8,d1,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits] "SecureTimeTickCount"=hex(b):6c,b6,27,04,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer] "RequireSecureTimeSyncRequests"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsTrustedRTProxy] "DisplayName"="@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service" [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC] "Data"="ct%3D1464250546%26hashalg%3DSHA256%26bver%3D12%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253ECS5En25iBUr2QPpAnzQzqy2Lx40SUY/aS%252BbyYf%252BRftuV9CEsnrYzh5VRdjINECtrXHDfMrx3zwCA%252B4fVQwsqqSPD8k6JYwbj3mpix9f%252Bkrnt4uEIkqqapX7sHEbH%252BKNSFTj3jBFKDr/GWiEWh1bhOFTEx3f4e1UtxrKWxux5dKI14XIZZhn2oo8Jri/0IPEvlSKco8czMQ3h0YZcl9atJcEqIyx5oBNHgojYIAShoXRkIcxsjxHDOShnfaH2mBfD%252BLRvCPLt0yA1QzblWaHXkgRzv7frKXPOI2Q24lPlQ5x6o7ybrr8gFRSv715nJXI1Vja2LNP0YkWc2kb2bFWF84UrkCdhvqEWZUPoRxprHQT%252BlQ1f2cPaWno/orfK2W9b7372y6lnCqIlFT2yZbA5aQK6DxXwCczfecMqofHvtzeY/sLEw0xBbyYGoShMith2MDW7kjM%252BcnljyHniQ5OPdiO3GjOEOTYqggWpsNuJX8otwbbbJksFM5f4GMBxKP01YgarmDuMC%252Bk2AlLITjSO983RA%252BdioX20JnmuysvqPLx2WUMffrFYslZMMqYPA1EtheFL3C4hxT%252BopfJVAgEqlfk/GoLw/4zMKibgs57isjWwskx7g/YTPXYQdauaomJbH3oKII9SM10KRukJWQMYBWXrNmxKBvItWIyuVyuGQHCyrXCr9U8APhfav0xCoIx%252BQ2%252BNF%252Bighu4kYrNgd0u7WQMTYr/OWOb7KvQrsIrGwPau%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3DZfxd4s8TzLEvU50psxLowaNtViSgfAEz%26hash%3DGHeY7EM9KlBabnVBIbqAb2rt4idHaaptKq0RRJ13aw4%253D%26dd%3D1; path=/; domain=login.live.com; secure; httponly" [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] "SecureProtocols"=dword:00000a80 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC] "Data"="ct%3D1463142101%26hashalg%3DSHA256%26bver%3D12%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253ECRo/g6/hWs6TQWUI7DIWwwMMzRLW2EQBk6MVUoscdRc2FHNvvLOFf/KFDS6FQo03AaGgfnXkUH%252B6pmn/4BeBc7EsBObsuxWTshM1646SJeQzUbiJ/sX68b1VV1r%252BHC%252BVKrmCkBxZojXTlVrofVDVr3WzjM2a%252Bk3EO0tsBvgkjm4eg8ao8pxrGbMqXqsEGwo4WjWytMocctL6/xVUGSyeNdfULBVcO0saqufohvzUv1nT/5d/3dIfj80Gd8c/%252BBpwXmdRPJNiA72ONpNAFrWkLJqL/aIRfTp2Xojbuf6sfam50bm8E6gv5qm2ko0julWNwu0zfjkCajSEAg4BuTKOmZYeBcRd87vsxwJ5gI1yojm1WUunKwQWgHZ%252BWMlYWokeCPNx90tKKfDuJpxTGScSiAJQkQeg2oHekYAx%252BVnQLmE6IKevD1qSQHpPKHuahQ2MCQy3kWd9fQK0heJLZIXzEqv1DDOKmbJFKb9LujDdcoLeME2nydWqjCD4qHlrPiEooxRwipjwORUx70Kd5BnburT0KVg7XQOnlZBF9Rym70KU4ZqiT6UGZC5ibKuUTzTdcYIBLsqNieg6HojNcCuTDq0SHE5/6Pys7GwKxNkLKmu0AZRKCVXKden8KLwMOFCFe/fMXWUO0q2ID7KX/1TGHl%252BHrOOKuWlRzmr/KAKERIJx/0f%252BzwD4jO1mqSJanCrdOApsGlH/N0DNl5Hn5QTAxVkBiHtKMk0CvkluPa9S4mge%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3DDLNkWqH6voN1uCxcLRPCN%252B0zkAAb6Nh%252B%26hash%3DsbFF5Zl6WyhJbzSh00dR8nMYQlHGh9X2PkDarqwy5u8%253D%26dd%3D1; path=/; domain=login.live.com; secure; httponly" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] "SecureProtocols"=dword:00000a80 [HKEY_USERS\S-1-5-21-3437685781-3899522879-2098296170-1001\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC] "Data"="ct%3D1464420768%26hashalg%3DSHA256%26bver%3D12%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253ECShNw5dXNMGfdIQGd2xwlwOABTzMo0GsIHLsDh5WIdgphtgaIWlMEnCloN3DCjG/2QWUmhUv839KeKfG1bk2n1tBN4fOPKOwMFGAPBDD5521TStGkeUNGbiOfmiQsJGNmk9jGIdcwMxwPp/MRn9Oe/dUW2tI44akvTLvjETD2uneON2Eb95zwfdXb0F/eCfxZVE8lnxqLv1bDkEAhz28YlWs1wnh2oYFnX139fIbUYPA1NBCFNV6J6kFYCz13wnLKUSSYbzh86Q/ftTs/dfSErQhDDgVTG5mur0aFKF3X1YUpYZMyqRWGg6ovMgAVv%252BHOORAaDsXOficcS/cC8KIEzlM%252BG29o/WCgq/ywY%252BED4dVEQm3RoXClcnl7keADqzYExntvN5qiCo0qmLX58ASADcGnfbG4kHFZMN52pBywpRGYCxCzPm%252BPySHpCWH1mnkBAXfRvuKNNS6NCxWIxSTQv3tf2vwcw8liglXUhKVC48Jrdl5AxXVNKTgTqu5HflBP7c5lMqCRy7u5LRxLXpRYxlz869e/7hekStVc6a%252BncEazfmcHwv5VhDTbhZmYptr5C4LwNWWSFI2sTVWm7t7EobgzjTL53%252BnBgRoFU2VjALeZ0d5yV8ZVaJA0yZ9HBdvxJxZbhHmVFp5dZ4ROK7cbwjPvh0OCw%252BxQbi2fT97O9%252BUwINZA3txZ5oGNHtsz8YIicwUVk4bSBOPqet53viG%252BjxOI6kx0ZvCEDa%252B8GiaUyBu%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3DSjUL%252BR3LmA72krqNwVdQOkKRuqdwtRAg%26hash%3DrmGvm0mzLIq1D9Rz1o0jQ3GvDIz9GRGMAHnsrKVFp48%253D%26dd%3D1; path=/; domain=login.live.com; secure; httponly" [HKEY_USERS\S-1-5-21-3437685781-3899522879-2098296170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] "SecureProtocols"=dword:00000a80 [HKEY_USERS\S-1-5-21-3437685781-3899522879-2098296170-1001\SOFTWARE\Microsoft\Windows Live Mail\mail] "Secure Safe Attachments"=dword:00000001 ==== Registry Search Results for "TuneUp" ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources] "LangTuneUp"="OfficeCompleted" [HKEY_USERS\S-1-5-21-3437685781-3899522879-2098296170-1001\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources] "LangTuneUp"="OfficeCompleted" [HKEY_USERS\S-1-5-18\Software\Microsoft\Office\16.0\Common\LanguageResources] "LangTuneUp"="OfficeCompleted" ==== Chromium Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Daems Jonas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Daems Jonas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Daems Jonas\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Daems Jonas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=491 folders=151 225314256 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\DAEMSJ~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 28/05/2016 at 16:23:21,42 ======================