Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Kouterstraat on wo 20/07/2016 at 11:50:14,10. Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 WMI=failure Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kouterstraat\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 20/07/2016 11:52:42 Zoek.exe System Restore Point Created Successfully. ==== Possible Rootkit Infection ====================== C:\Users\Kouterstraat\AppData\Local\{13f9c9c8-265f-5d86-d889-be5b79c3d563}\L C:\Users\Kouterstraat\AppData\Local\{13f9c9c8-265f-5d86-d889-be5b79c3d563}\U C:\Windows\installer\{13f9c9c8-265f-5d86-d889-be5b79c3d563}\L C:\Windows\installer\{13f9c9c8-265f-5d86-d889-be5b79c3d563}\U ==== Empty Folders Check ====================== C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\CorelDRAW Graphics Suite X6 deleted successfully C:\Users\Kouterstraat\AppData\Roaming\Bandoo deleted successfully C:\Users\Kouterstraat\AppData\Roaming\Media Player Classic deleted successfully C:\Users\Kouterstraat\AppData\Roaming\Replay Media Catcher 4.bak deleted successfully C:\Users\Kouterstraat\AppData\Roaming\Vso deleted successfully C:\Users\Kouterstraat\AppData\Local\Bundled software uninstaller deleted successfully C:\Users\Kouterstraat\AppData\Local\CrashDumps deleted successfully C:\Users\Kouterstraat\AppData\Local\DriverToolkit deleted successfully C:\Users\Kouterstraat\AppData\Local\PackageAware deleted successfully C:\Users\Kouterstraat\AppData\Local\Unity deleted successfully C:\Users\Kouterstraat\AppData\Local\WMTools Downloaded Files deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2510642803-3573545929-395777864-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully HKEY_USERS\S-1-5-21-2510642803-3573545929-395777864-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully HKEY_USERS\S-1-5-21-2510642803-3573545929-395777864-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-2510642803-3573545929-395777864-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully HKEY_USERS\S-1-5-21-2510642803-3573545929-395777864-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully HKEY_CLASSES_ROOT\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\KOUTER~1\AppData\Roaming\Mozilla\Firefox\Profiles\0 ---- FireFox user.js and prefs.js backups ---- user_20162007_1202_.backup prefs_20162007_1202_.backup ProfilePath: C:\Users\KOUTER~1\AppData\Roaming\TomTom\HOME\Profiles\jpfx7b2w.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20162007_1202_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}] ==== Batch Command(s) Run By Tool====================== C:\Windows\system32\appdata deleted ==== Deleting Files \ Folders ====================== "C:\$RECYCLE.BIN\S-1-5-18\$13f9c9c8265f5d86d889be5b79c3d563" not found C:\PROGRA~2\Opera x64 deleted C:\PROGRA~2\Windows Live SkyDrive deleted C:\Program Files (x86)\Conduit deleted C:\Users\Kouterstraat\AppData\Roaming\DVDVideoSoftIEHelpers deleted C:\Users\Kouterstraat\AppData\Local\DirectDownloader deleted C:\Program Files\Conduit deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\TB deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\user.js deleted C:\Users\Kouterstraat\AppData\Roaming\AutoGK.ini deleted C:\Users\Kouterstraat\AppData\Roaming\burnaware.ini deleted C:\Users\Kouterstraat\AppData\Roaming\LiveSupport.exe_log.txt deleted C:\Users\Kouterstraat\AppData\Roaming\regsvr32.exe_log.txt deleted C:\Users\Kouterstraat\AppData\Roaming\pcouffin.log deleted C:\Users\Kouterstraat\AppData\Roaming\Thinstall deleted C:\Users\Kouterstraat\AppData\Roaming\ValueApps deleted C:\Users\Kouterstraat\AppData\Roaming\Babylon deleted C:\Users\Kouterstraat\AppData\Roaming\GetRightToGo deleted C:\PROGRA~3\SPL21DA.tmp deleted C:\PROGRA~3\SPL2E3F.tmp deleted C:\PROGRA~3\SPL446.tmp deleted C:\PROGRA~3\SPL5B58.tmp deleted C:\PROGRA~3\SPL66BD.tmp deleted C:\PROGRA~3\SPL6834.tmp deleted C:\PROGRA~3\SPL7070.tmp deleted C:\PROGRA~3\SPL9ED4.tmp deleted C:\PROGRA~3\SPLA347.tmp deleted C:\PROGRA~3\SPLAEDF.tmp deleted C:\PROGRA~3\SPLB4DD.tmp deleted C:\PROGRA~3\SPLE51F.tmp deleted C:\PROGRA~3\SPLE8DE.tmp deleted C:\PROGRA~3\SPLF6A4.tmp deleted C:\PROGRA~3\jejinmj.reg deleted C:\PROGRA~3\jejinmj.bat deleted C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted C:\PROGRA~3\Package Cache deleted C:\Users\Kouterstraat\AppData\Local\{13f9c9c8-265f-5d86-d889-be5b79c3d563} deleted C:\Users\Kouterstraat\AppData\Local\CrashRpt deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Local\{13f9c9c8-265f-5d86-d889-be5b79c3d563} deleted C:\Users\Kouterstraat\AppData\LocalLow\Unity deleted C:\Users\Kouterstraat\AppData\LocalLow\Toolbar4 deleted C:\END deleted C:\Windows\Syswow64\RENCEC.tmp deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\KOUTER~1\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi deleted "C:\Windows\tasks\DriverToolkit Autorun.job" deleted "C:\$RECYCLE.BIN\S-1-5-21-2510642803-3573545929-395777864-1000\$13f9c9c8265f5d86d889be5b79c3d563\@" deleted "C:\$RECYCLE.BIN\S-1-5-21-2510642803-3573545929-395777864-1000\$13f9c9c8265f5d86d889be5b79c3d563" deleted "C:\$RECYCLE.BIN\S-1-5-21-2510642803-3573545929-395777864-1000\$13f9c9c8265f5d86d889be5b79c3d563\L" deleted "C:\$RECYCLE.BIN\S-1-5-21-2510642803-3573545929-395777864-1000\$13f9c9c8265f5d86d889be5b79c3d563\U" deleted ==== Registry Search Results for "$13f9c9c8265f5d86d889be5b79c3d563" ====================== No instances of string "$13f9c9c8265f5d86d889be5b79c3d563" found. No instances of string "$13f9c9c8265f5d86d889be5b79c3d563" found. ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\KOUTER~1\AppData\Local\Temp ==== 2016-07-18 07:48:51 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Kouterstraat\AppData\Local\Temp\GURBDE1.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2016-07-16 20:10:06 7457B7747A4C3D1088F02904A7E198E0 6079168 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-07-19 07:54:02 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Kouterstraat\AppData\Roaming ====== 2016-07-16 19:03:21 -------- d-----w- C:\Users\Kouterstraat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ====== C:\Users\Kouterstraat ====== 2016-07-19 07:53:08 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Kouterstraat\Desktop\RSITx64.exe ====== C: exe-files == 2016-07-19 07:54:02 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Kouterstraat.exe 2016-07-19 07:53:08 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Kouterstraat\Desktop\RSITx64.exe 2016-07-18 07:48:51 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Kouterstraat\AppData\Local\Temp\GURBDE1.exe 2016-07-16 20:10:06 7457B7747A4C3D1088F02904A7E198E0 6079168 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2016-07-16 19:04:08 C2F3E677623A3236865BF013FA295891 73768 ----a-w- C:\Program Files (x86)\Opera\38.0.2220.41\wow_helper.exe 2016-07-16 19:04:08 55B76C48B75C9F013B1C7BCC4AE10D51 592424 ----a-w- C:\Program Files (x86)\Opera\38.0.2220.41\opera_crashreporter.exe 2016-07-16 19:04:07 FAEEE99018711D692C03621162B2B56E 710184 ----a-w- C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe 2016-07-16 19:04:07 2905913604330358E3ABEC97D8F06A00 1635368 ----a-w- C:\Program Files (x86)\Opera\38.0.2220.41\installer.exe 2016-07-16 19:04:07 2399DBE2A2980B115D5FF6E5667F1F8E 2296360 ----a-w- C:\Program Files (x86)\Opera\38.0.2220.41\opera_autoupdate.exe 2016-07-16 19:03:20 BB242E830280CD96ED8177C5103FE739 25200 ----a-w- C:\Users\Kouterstraat\AppData\Roaming\Dropbox\bin\driver_x86\dbxsvc.exe 2016-07-16 19:03:20 57635D7D9F08DB05EB4FB9BC620A9EEA 24204648 ----a-w- C:\Users\Kouterstraat\AppData\Roaming\Dropbox\bin\Dropbox.exe 2016-07-16 19:03:20 4E327D0F1F771DFC7A512CFF8ADA3362 173288 ----a-w- C:\Users\Kouterstraat\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe 2016-07-16 19:03:20 3F05A4777AD9C8994BD1BD972408A803 25712 ----a-w- C:\Users\Kouterstraat\AppData\Roaming\Dropbox\bin\driver_amd64\dbxsvc.exe 2016-07-16 18:59:45 571776390E36780212CF9C7E594113E7 69312208 ----a-w- C:\Users\Kouterstraat\AppData\Local\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\6.4.14\DropboxClient_6.4.14.exe === C: other files == 2016-07-20 09:50:20 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Users\Kouterstraat\AppData\Local\Temp\scripttest.vbs 2016-07-16 19:04:08 F6B685306C89EE40A4B687A1F0758DCA 218650 ----a-w- C:\Program Files (x86)\Opera\38.0.2220.41\resources\standard_themes\default_theme.zip 2016-07-16 19:04:08 B9E7A356DBFD03D6EC62607A3F7A267B 53056 ----a-w- C:\Program Files (x86)\Opera\38.0.2220.41\resources\standard_themes\reine.zip 2016-07-16 19:04:08 9BB699BFD48DC443711F1BE8077B5677 289 ----a-w- C:\Program Files (x86)\Opera\38.0.2220.41\resources\standard_themes\grey.zip 2016-07-16 19:04:08 8B86C14C2676D3611194F6E932A0C71A 299162 ----a-w- C:\Program Files (x86)\Opera\38.0.2220.41\resources\standard_themes\landscape_photo.zip 2016-07-16 19:04:08 62228B983D05274DE44E7D8BB013873A 265703 ----a-w- C:\Program Files (x86)\Opera\38.0.2220.41\resources\standard_themes\mesh.zip 2016-07-16 19:04:08 57BD727A9E6668CEA21EA9A52CA65767 243193 ----a-w- C:\Program Files (x86)\Opera\38.0.2220.41\resources\standard_themes\darkbreeze.zip 2016-07-16 19:04:08 1127D381AF5E0E02DA0B4FF4D264F899 360861 ----a-w- C:\Program Files (x86)\Opera\38.0.2220.41\resources\standard_themes\feathers.zip 2016-07-16 19:03:20 D54A14EF632698CEB089654B5394F929 63600 ----a-w- C:\Users\Kouterstraat\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-dev.sys 2016-07-16 19:03:20 602534C6AF65E07ACD260AFA55D89D0F 52848 ----a-w- C:\Users\Kouterstraat\AppData\Roaming\Dropbox\bin\driver_x86\dbx-stable.sys 2016-07-16 19:03:20 602534C6AF65E07ACD260AFA55D89D0F 52848 ----a-w- C:\Users\Kouterstraat\AppData\Roaming\Dropbox\bin\driver_x86\dbx-canary.sys 2016-07-16 19:03:20 5A83DA46A3C55A0756230C8A02CA8696 63088 ----a-w- C:\Users\Kouterstraat\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-stable.sys 2016-07-16 19:03:20 5A83DA46A3C55A0756230C8A02CA8696 63088 ----a-w- C:\Users\Kouterstraat\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-canary.sys 2016-07-16 19:03:20 006F32093B0FF58A3839FF84288A2DE1 53360 ----a-w- C:\Users\Kouterstraat\AppData\Roaming\Dropbox\bin\driver_x86\dbx-dev.sys ==== Orphaned Tasks deleted from Registry ====================== SystemToolsDailyTest_once deleted tmp398C deleted tmp90BE deleted tmpFAA6 deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2510642803-3573545929-395777864-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\Kouterstraat\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Dropbox Update"="C:\Users\Kouterstraat\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "ShwiconXP9106"="C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" "StartCCC"="c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "THX Audio Control Panel"="C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe /r" "Dell DataSafe Online"="C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" "RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" "Desktop Disc Tool"="C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min" "Avira SystrayStartTrigger"="C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\Kouterstraat\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Dropbox Update"="C:\Users\Kouterstraat\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "dldtmon.exe"="C:\Program Files (x86)\Dell V305\dldtmon.exe" "dldtamon"="C:\Program Files (x86)\Dell V305\dldtamon.exe" "DellStage"=""C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "GoogleDriveSync"="\"C:\\Program Files (x86)\\Google\\Drive\\googledrivesync.exe\" /autostart" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "UpdReg"="C:\\Windows\\UpdReg.EXE" "Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\"" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "AccuWeatherWidget"="\"C:\\Program Files (x86)\\Dell Stage\\Dell Stage\\AccuWeather\\accuweather.exe\" \"C:\\Program Files (x86)\\Dell Stage\\Dell Stage\\AccuWeather\\start.umj\" --startup" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "RunDLLEntry_THXCfg"="TRY THXCFG64" "RunDLLEntry_EptMon"="64" "Broadcom Wireless Manager UI"=" CARD\\WLTRAY.EXE" ==== Startup Folders ====================== 2015-02-10 16:55:55 1167 ----a-w- C:\Users\Kouterstraat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [16/07/2016 22:10] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2510642803-3573545929-395777864-1000Core.job --a------ C:\Users\Kouterstraat\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19/06/2015 08:25] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2510642803-3573545929-395777864-1000UA.job --a------ C:\Users\Kouterstraat\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19/06/2015 08:25] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2510642803-3573545929-395777864-1000Core.job --a------ C:\Users\Kouterstraat\AppData\Local\Facebook\Update\FacebookUpdate.exe [26/08/2013 17:05] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2510642803-3573545929-395777864-1000UA.job --a------ C:\Users\Kouterstraat\AppData\Local\Facebook\Update\FacebookUpdate.exe [26/08/2013 17:05] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/08/2015 22:25] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/08/2015 22:25] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2510642803-3573545929-395777864-1000Core" [C:\Users\Kouterstraat\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2510642803-3573545929-395777864-1000UA" [C:\Users\Kouterstraat\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2510642803-3573545929-395777864-1000Core" [C:\Users\Kouterstraat\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2510642803-3573545929-395777864-1000UA" [C:\Users\Kouterstraat\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1416653229" [C:\Program Files (x86)\Opera\launcher.exe] "C:\Windows\SysNative\tasks\PCDDataUploadTask" ["uaclauncher.exe"] "C:\Windows\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\Dell\SupportAssist\sessionchecker.exe"] "C:\Windows\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\Dell\SupportAssist\uaclauncher.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"] "C:\Windows\SysNative\tasks\{3AB22810-5DD7-4878-8FBA-F8F0948FB1D9}" [C:\Program Files (x86)\Nero Burner\nero9 PRECRACKED.exe] "C:\Windows\SysNative\tasks\{4E10A2C8-24E5-42B0-9098-14522A70E2E1}" [C:\Program Files (x86)\Nero Burner\nero9 PRECRACKED.exe] "C:\Windows\SysNative\tasks\{83717D8D-8068-44A6-B1BA-ED46D90795D3}" [C:\Program Files (x86)\Cossacks\dmcr.exe] "C:\Windows\SysNative\tasks\{85B63FE1-DE64-4929-9D3C-9C3764A183B7}" ["c:\program files\opera x64\opera.exe"] "C:\Windows\SysNative\tasks\{FE7F50A7-6381-4690-A32A-87ED0C56D683}" [C:\Program Files (x86)\Nero Burner\nero9 PRECRACKED.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\KOUTER~1\AppData\Roaming\TomTom\HOME\Profiles\jpfx7b2w.default - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] dhkplhfnhceodhffomolpfigojocbpcb - No path found[] jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found[] jplinpmadfkdgipabgcdchbdikologlh - No path found[] Google Docs - Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo GeoGebra - Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee selector is not a valid CSS selector - Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Bookmark Manager - Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Value apps - Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon Google Wallet - Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Slides - Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Recent Bookmarks - Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kflnfelkapcbhbfphepknnbelnoknhnp Last updated at time on date - Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knebimhcckndhiglamoabbnifdkijidd Chrome Web Store Payments - Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Preferences "startup_urls": [ "http://www.google.be/" ] ==== Chromium Fix ====================== C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ad.360yield.com_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ad.360yield.com_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ads.happyidiots.nl_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ads.happyidiots.nl_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ads.prntscr.com_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ads.prntscr.com_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ads.travelaudience.com_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ads.travelaudience.com_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ads2.opensubtitles.org_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ads2.opensubtitles.org_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_adsomenoise.cdn01.rambla.be_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_adsomenoise.cdn01.rambla.be_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.meteoservices.be_0.localstorage deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.meteoservices.be_0.localstorage-journal deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon deleted successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcnnhcneegeeojhgpfijnlnocjdmlaon_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/?gws_rd=ssl" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{49606DC7-976D-4030-A74E-9FB5C842FA68}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/?gws_rd=ssl" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{49606DC7-976D-4030-A74E-9FB5C842FA68}" HKLM\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} - http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox HKLM\Wow6432Node\SearchScopes "DefaultScope"="{49606DC7-976D-4030-A74E-9FB5C842FA68}" HKLM\Wow6432Node\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} - http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} - No_Url_Value ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kouterstraat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Kouterstraat\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Kouterstraat\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=851 folders=234 2352666963 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Kouterstraat\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\KOUTER~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 20/07/2016 at 12:21:23,04 ======================