Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Philippe on 06/04/2016 at 23:02:57,82. Microsoft Windows 10 Professionnel 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: F:\Téléchargements\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 06/04/2016 23:03:59 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\iTunes deleted successfully C:\PROGRA~2\LaCie deleted successfully C:\PROGRA~2\VideoLAN deleted successfully C:\Program Files\Adobe deleted successfully C:\Program Files\GIGABYTE deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\LaCie deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\Protexis deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully C:\Users\Philippe\AppData\LocalGoogle deleted successfully C:\Users\Philippe\AppData\Local\ActiveSync deleted successfully C:\Users\Philippe\AppData\Local\EmieSiteList deleted successfully C:\Users\Philippe\AppData\Local\EmieUserList deleted successfully C:\Users\Philippe\AppData\Local\NetworkTiles deleted successfully C:\Users\Philippe\AppData\Local\PeerDistRepub deleted successfully C:\Users\Philippe\AppData\Local\Secunia PSI deleted successfully C:\Users\philippe_2\AppData\Local\NetworkTiles deleted successfully C:\Users\philippe_2\AppData\Local\VirtualStore deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-340351237-3138872544-4233425257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_USERS\S-1-5-21-340351237-3138872544-4233425257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_USERS\S-1-5-21-340351237-3138872544-4233425257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_USERS\S-1-5-21-340351237-3138872544-4233425257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_USERS\S-1-5-21-340351237-3138872544-4233425257-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_CLASSES_ROOT\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-340351237-3138872544-4233425257-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\anti_banner@kaspersky.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\online_banking@kaspersky.com deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe C:\Users\Philippe\AppData\Local\Mixesoft\AppNHost\appnhost.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\Program Files\WindowsApps\Microsoft.BingNews_4.8.268.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe F:\Téléchargements\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\7x31ofwj.default ---- Lines yahoo removed from prefs.js ---- user_pref("extensions.lastpass.loginusers", "philippe.hornus%40yahoo.fr"); ---- Lines online_banking@kaspersky.com removed from prefs.js ---- user_pref("extensions.xpiState", "{\"app-profile\":{\"support@lastpass.com\":{\"d\":\"C:\\\\Users\\\\Philippe\\\\AppData\\\\Roaming\\\\Mozilla\\\\Fire ---- Lines DSE removed from prefs.js ---- user_pref("extensions.lastpass.52b306b15fa16e8bc5c2b5cf9b7bd052b22c6310b3def6d34488a71d0985c3d2.clearClipboardSecsVal", 30); ---- FireFox user.js and prefs.js backups ---- user_042016_2319_.backup prefs_042016_2319_.backup ProfilePath: C:\Users\Philippe\AppData\Roaming\Mozilla\Sunbird\Profiles\jblvb17w.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_042016_2319_.backup ProfilePath: C:\Users\Philippe\AppData\Roaming\Thunderbird\Profiles\1axb1wy7.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_042016_2319_.backup ProfilePath: C:\Users\Philippe\AppData\Roaming\Thunderbird\Profiles\1axb1wy7.default - Copie user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_042016_2319_.backup ProfilePath: C:\Users\PHILIP~1\AppData\Roaming\Mozilla\Firefox\Profiles\1iq80t1o.default ---- Lines online_banking@kaspersky.com removed from prefs.js ---- user_pref("extensions.xpiState", "{\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\ ---- FireFox user.js and prefs.js backups ---- user_042016_2319_.backup prefs_042016_2319_.backup ProfilePath: C:\Users\PHILIP~1\AppData\Roaming\Thunderbird\Profiles\mowe9clt.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_042016_2319_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\iTunes not found C:\PROGRA~2\LaCie not found C:\PROGRA~2\VideoLAN not found C:\Users\Philippe\AppData\Local\LaCie deleted C:\Users\Philippe\AppData\Roaming\calibre deleted C:\Users\Philippe\AppData\Roaming\Sublime Text 2 deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\7x31ofwj.default\jetpack deleted "C:\WINDOWS\Installer\37e3816.msi" deleted "C:\Users\Philippe\AppData\Roaming\driver\driver.html" deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome.manifest" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\install.rdf" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\npOnlineBanking.dll" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome.manifest" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\install.rdf" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\npOnlineBanking.dll" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF\manifest.mf" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF\mozilla.rsa" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF\mozilla.sf" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\browser_navigator_impl.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\cookies_headers_parser.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\namespace.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\online_banking_extension.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\overlay.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\overlay.xul" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tag.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tag.js.template" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tag_ob.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tracer.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\locales.manifest" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\skin\online_banking_extension_icon.png" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\skin\overlay.css" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\en\online_banking.dtd" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\pl\online_banking.dtd" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF\manifest.mf" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF\mozilla.rsa" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF\mozilla.sf" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\browser_navigator_impl.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\cookies_headers_parser.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\namespace.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\online_banking_extension.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\overlay.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\overlay.xul" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tag.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tag.js.template" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tag_ob.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tracer.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\locales.manifest" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\skin\online_banking_extension_icon.png" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\skin\overlay.css" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\en\online_banking.dtd" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\pl\online_banking.dtd" not deleted "C:\Users\Philippe\AppData\Roaming\driver" deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\skin" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\en" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\pl" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\skin" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\en" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\pl" not deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-340351237-3138872544-4233425257-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Setpoint Mogitec"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" "OV3_Monitor"="C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe" "appnhost"="C:\Users\Philippe\AppData\Local\Mixesoft\AppNHost\appnhost.exe" "ultracopier"="C:\Program Files\Ultracopier\ultracopier.exe" "OneDrive"="C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Setpoint Mogitec"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" "OV3_Monitor"="C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe" "appnhost"="C:\Users\Philippe\AppData\Local\Mixesoft\AppNHost\appnhost.exe" "ultracopier"="C:\Program Files\Ultracopier\ultracopier.exe" "OneDrive"="C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GRC V2 Hyperappel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GRC V2 Hyperappel" "hkey"="HKCU" "command"="C:\\Program Files\\Le Robert\\Le Grand Robert & Collins\\GRCHA.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISUSPM" "hkey"="HKLM" "command"="C:\\ProgramData\\FLEXnet\\Connect\\11\\\\isuspm.exe -scheduler" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WinampAgent" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Winamp\\winampa.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Philippe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Envoyer … OneNote.lnk] "path"="C:\\Users\\Philippe\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Envoyer … OneNote.lnk" "backup"="C:\\Windows\\pss\\Envoyer … OneNote.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\MICROS~4\\root\\office15\\ONENOTEM.EXE /tsr" "item"="Envoyer … OneNote" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [26/03/2016 18:16] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/10/2015 12:43] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\Opera scheduled Autoupdate 1450198901" [C:\Program Files (x86)\Opera\launcher.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{3C1062B2-76A1-4EBD-8AE2-49D1180F60F1}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\{253D1E84-CE4E-4532-877F-8522A66B1056}" [C:\Program Files (x86)\Roxio Creator NXT Pro 3\Roxio Central\RoxioCentralFx.exe] "C:\WINDOWS\SysNative\tasks\{64D0B0B4-3458-4586-A939-71F73AF5B082}" [C:\Program Files (x86)\Roxio Creator NXT Pro 3\Roxio Central\RoxioCentralFx.exe] "C:\WINDOWS\SysNative\tasks\{BF6A3199-B82E-40A4-ACCF-5B82D9BC7D96}" [C:\Program Files (x86)\Roxio Creator NXT Pro 3\Roxio Central\RoxioCentralFx.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "online_banking_08806E@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com" [03/03/2016 13:06] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "DSE"="true" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\7x31ofwj.default - Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com - Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com - Online Banking - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com - LastPass - %ProfilePath%\extensions\support@lastpass.com - Blockulicious - %ProfilePath%\extensions\{91A6D6AB-3E9A-4C00-A3CF-B08CBE803A2E}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - Undetermined - %ProfilePath%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi ProfilePath: C:\Users\Philippe\AppData\Roaming\Mozilla\Sunbird\Profiles\jblvb17w.default - Timezone Definitions for Mozilla Calendar - C:\Program Files (x86)\Mozilla Sunbird\extensions\calendar-timezones@mozilla.org - Lightning stub extension for Sunbird - C:\Program Files (x86)\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} ProfilePath: C:\Users\Philippe\AppData\Roaming\Thunderbird\Profiles\1axb1wy7.default - British English Dictionary Updated - %ProfilePath%\extensions\en-gb@flyingtophat.co.uk - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} ProfilePath: C:\Users\Philippe\AppData\Roaming\Thunderbird\Profiles\1axb1wy7.default - Copie - Lightning - C:\Users\Philippe\AppData\Roaming\Thunderbird\Profiles\1axb1wy7.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} - British English Dictionary Updated - %ProfilePath%\extensions\en-gb@flyingtophat.co.uk - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} ProfilePath: C:\Users\PHILIP~1\AppData\Roaming\Mozilla\Firefox\Profiles\1iq80t1o.default - Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com - Online Banking - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com - Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com ProfilePath: C:\Users\PHILIP~1\AppData\Roaming\Thunderbird\Profiles\mowe9clt.default - Lightning - C:\Users\philippe_2\AppData\Roaming\Thunderbird\Profiles\mowe9clt.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} AppDir: C:\Program Files (x86)\Mozilla Firefox - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\7x31ofwj.default 18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013 88C9284589B5AEEF93AAF8016BA1290D - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll - Microsoft Office 2013 7C67580DFE143EF19E7418B0F054B5F6 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll - Shockwave Flash ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted Fake profile C:\Users\DefaultAppPool\AppData\Local\Google\Chrome deleted Fake profile C:\Users\philippe_2\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dbhjdbfgekjfcfkkfjjmlmojhbllhbho - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[] hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[] hdokiejnpimakedhajhdlcegeplioahd - C:\Program Files (x86)\LastPass\lpchrome.crx[03/08/2013 19:00] pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[] Google Docs - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Sudoku - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aookmoafnahlnklpgpdigokidihfbhog Google Drive - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Webmail Ad Blocker - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp selector is not a valid CSS selector - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Anna Sui - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib Google Search - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Translate - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eabpnaalfnhpmkmikmldgeakligaclon Google Calendar - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn Google Docs Offline - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi ClickClean - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod Vanilla - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj AdBlock - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom LastPass - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd Speed Test Internet - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhbmnfdcklajeaeikfinieljfegamko Instant Translate: Translator and Dictionary - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke Dropbox - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl Lettre Compte Triple - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjeddnjjfojmepmehcknfgdlefcolomp Google Maps - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh Chrome Web Store Payments - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Play learn vocabulary for TOEFL Exam. 1350 words. Easy tests. Game. - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohimbonnfmkmlgnhbmgcbcfoffckpohp Picasa - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb Evernote Web Clipper - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc Gmail - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GIWA_frFR547 HKCU\SearchScopes\{9BC33F5B-07ED-4C26-8C2F-C3621E218C22} - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GIWA_frFR547 ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Philippe\Desktop\Disque C.lnk - C:\ C:\Users\Philippe\Desktop\donnee_base_snl.lnk - F:\0000_00_10_developpement\566_nigeria\2013_nigeria_siat_snl\100_2016_01_mission\donnee_base_demande_snl C:\Users\Philippe\Desktop\hp12cp.lnk - C:\Program Files (x86)\HP\Hp\hp12cp.exe C:\Users\Philippe\Desktop\HPScan.lnk - C:\Program Files (x86)\HP\HP Officejet Pro 8600\bin\HPScan.exe C:\Users\Philippe\Desktop\journal_visite.lnk - F:\0000_00_10_developpement\566_nigeria\2013_nigeria_siat_snl\100_2016_01_mission\mission_journal_visite C:\Users\Philippe\Desktop\Loisirs_Photos H.lnk - H:\ C:\Users\Philippe\Desktop\Musique I.lnk - I:\ C:\Users\Philippe\Desktop\Outlook 2013.lnk - C:\Users\Philippe\Desktop\Protection bancaire.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe -safebanking C:\Users\Philippe\Desktop\Travail F.lnk - F:\ C:\Users\Philippe\Desktop\Téléchargements.lnk - C:\Users\Philippe\Desktop\ZHPCleaner.lnk - C:\Users\Philippe\AppData\Roaming\ZHP\ZHPCleaner.exe C:\Users\Philippe\Desktop\ZHPDiag.lnk - C:\Users\Philippe\AppData\Roaming\ZHP\ZHPDiag3.exe C:\Users\Philippe\Desktop\Développement\documentation_palmier.lnk - C:\Users\Philippe\Desktop\Développement\gabon_100_2016_01_mission.lnk - C:\Users\Philippe\Desktop\Développement\gopdc_100_2016_01_mission.lnk - C:\Users\Philippe\Desktop\Développement\presco_100_2016_01_mission.lnk - C:\Users\Philippe\Desktop\photographie\aigueze.lnk - H:\2014_00_00_Photographies\2014_09_15_aigueze C:\Users\Philippe\Desktop\photographie\cadres.lnk - H:\2000_00_00_cadres C:\Users\Philippe\Desktop\photographie\definitives.lnk - H:\2014_00_00_Photographies\2014_09_15_aigueze\definitives C:\Users\Philippe\Desktop\photographie\exposition.lnk - H:\2014_00_00_Photographies\2014_09_15_aigueze\aa_exposition C:\Users\Philippe\Desktop\photographie\retouchees.lnk - H:\2014_00_00_Photographies\2014_09_15_aigueze\retouchees C:\Users\Philippe\Desktop\photographie\transfert.lnk - H:\00000_transfert C:\Users\Philippe\Desktop\Site internet\15_technique_siat - Raccourci.lnk - F:\0000_documentation\agriculture\50_cultures\palmier\15_technique_siat C:\Users\Philippe\Desktop\Site internet\old - Raccourci.lnk - F:\0000_00_20_site_palmier\old C:\Users\Philippe\Desktop\Site internet\version_2007_08_06 - Raccourci.lnk - F:\0000_00_20_site_palmier\version_2007_08_06 C:\Users\Philippe\Desktop\Site internet\version_2016_03_28 - Raccourci.lnk - F:\0000_00_20_site_palmier\version_2016_03_28 C:\Users\Philippe\Desktop\technick_photo\Camera Updater.lnk - C:\Program Files (x86)\OLYMPUS\CameraUpdateTool\CameraUpdate.exe C:\Users\Philippe\Desktop\technick_photo\Digital Photo Professional.lnk - C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe C:\Users\Philippe\Desktop\technick_photo\OLYMPUS Digital Camera Updater.lnk - C:\Program Files (x86)\OLYMPUS\CameraUpdateTool\CameraUpdate.exe C:\Users\Philippe\Desktop\technick_photo\Photo Slideshow Creator.lnk - C:\Program Files (x86)\Photo Slideshow Creator\PhotoShow.exe C:\Users\Philippe\Desktop\technick_photo\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Philippe\Desktop\Valid html css\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe C:\Users\Philippe\Desktop\Valid html css\Safari.lnk - C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe C:\Users\philippe_2\Desktop\firefox - Raccourci.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\philippe_2\Desktop\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe C:\Users\philippe_2\Desktop\Protection bancaire.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe -safebanking ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Kaspersky Total Security.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloader Qobuz\Downloader Qobuz.lnk - C:\Program Files (x86)\Downloader Qobuz\Downloader Qobuz.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloader Qobuz\Désinstaller.lnk - C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - .lnk - C:\WINDOWS\system32\RunDll32.exe "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2A8B2H2R05KD;CONNECTION=USB;MONITOR=1; C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Officejet Pro 8600.lnk - C:\WINDOWS\system32\RunDll32.exe "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2A8B2H2R05KD;CONNECTION=USB;MONITOR=1; ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk - C:\Program Files\GIMP 2\bin\gimp-2.8.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ant Renamer\Ant Renamer.lnk - C:\Program Files (x86)\Ant Renamer\Renamer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Evernote.lnk - C:\WINDOWS\Installer\{CC4235DA-F2CA-11E5-8B13-005056951CAD}\Evernote.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\BaseCamp (2D only).lnk - C:\Program Files (x86)\Garmin\BaseCamp /Disable3D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\BaseCamp.lnk - C:\Program Files (x86)\Garmin\BaseCamp\BaseCamp.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\MapInstall.lnk - C:\Program Files (x86)\Garmin\MapInstall\MapInstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\WebUpdater.lnk - C:\Program Files (x86)\Garmin\WebUpdater\WebUpdater.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\A propos de Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_77\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurer Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_77\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Rechercher les mises à jour.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Contrôle de mission Java.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Clavier et souris\Paramètres du clavier et de la souris.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Unifying\Logiciel Logitech Unifying.lnk - C:\Program Files\Common Files\LogiShrd\Unifying\DJCUHost.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Désinstaller Malwarebytes Anti-Malware.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\OUTLOOK.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configurer la Visionneuse de photos Picasa.lnk - C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe /reconfig C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Désinstaller.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk - C:\Program Files\GIMP 2\bin\gimp-2.8.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE /recycle C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Sunbird.lnk - C:\Program Files (x86)\Mozilla Sunbird\sunbird.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk - C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Neat Image.lnk - C:\Program Files (x86)\Neat Image\NeatImage.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Photo Slideshow Creator.lnk - C:\Program Files (x86)\Photo Slideshow Creator\PhotoShow.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PSPad.lnk - C:\Program Files (x86)\PSPad editor\PSPad.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XnView.lnk - C:\Program Files (x86)\XnView\xnview.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\HP Scan.lnk - C:\Program Files (x86)\HP\HP Officejet Pro 8600\bin\HPScan.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paramètres du clavier et de la souris.lnk - C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Spotify.lnk - C:\Users\Philippe\AppData\Roaming\Spotify\Spotify.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Access 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\MSACCESS.EXE C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Acrobat X Pro.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000005}\_SC_Acrobat.ico C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AIMP.lnk - C:\Program Files (x86)\AIMP\AIMP.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Bing Maps 3D.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://go.microsoft.com/fwlink/?LinkId=75722 C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Corel CAPTURE X4.lnk - c:\Windows\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF012}\NewShortcut8.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Corel PHOTO-PAINT X4.lnk - c:\Windows\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF014}\NewShortcut2.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CorelDRAW X4.lnk - c:\Windows\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF013}\NewShortcut1.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Evernote.exe - Raccourci.lnk - C:\Program Files (x86)\Evernote\Evernote\Evernote.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\EXCEL.EXE C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gestionnaire audio HD Realtek.lnk - C:\Program Files (x86)\Realtek\Audio\HDA\RtkNGUI64.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GIMP 2.lnk - C:\Program Files\GIMP 2\bin\gimp-2.8.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Le Grand Robert & Collins.lnk - C:\Program Files (x86)\Le Robert\Le Grand Robert & Collins\RobertCollins.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Lupas Rename.lnk - C:\Program Files (x86)\Lupas Rename 2000\LupasRename.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MapInfo Professional 8.0.lnk - C:\Windows\Installer\{309AFCC1-C343-40A0-B23A-568073036409}\NewShortcut2_CD9B92ADF5F84C4D93414D9B1BD5A8C0.EXE C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Neat Image.lnk - C:\Program Files (x86)\Neat Image\NeatImage.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OLYMPUS Digital Camera Updater.lnk - C:\Program Files (x86)\OLYMPUS\CameraUpdateTool\CameraUpdate.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OLYMPUS Viewer 3.lnk - C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OLYMPUS Viewer 3.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\pathscan.lnk - C:\Program Files (x86)\pathscan\pathscan.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PowerPoint 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\POWERPNT.EXE C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\psi.exe - Raccourci.lnk - C:\Program Files (x86)\Secunia\PSI\psi.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Publisher 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\MSPUB.EXE C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Qobuz Desktop.lnk - C:\Users\Philippe\AppData\Local\QobuzDesktop\QobuzDesktop.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WinMerge.lnk - C:\Program Files (x86)\WinMerge\WinMergeU.exe C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\WINWORD.EXE C:\Users\philippe_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\philippe_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\philippe_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\philippe_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\firefox - Raccourci.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\philippe_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Bing Maps 3D.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9E7242934AF92DC499BEDF351AB2CDAD deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hakdifolhalapjijoafobooafbilfakh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pjldcfjmnllhmgjclecdnfampinooman deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{392427E9-9FA4-4CD2-99EB-FD53A12BDCDA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9E7242934AF92DC499BEDF351AB2CDAD deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Philippe\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Philippe\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Philippe\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Philippe\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Philippe\AppData\Local\Mozilla\Firefox\Profiles\7x31ofwj.default\cache2 emptied successfully C:\Users\philippe_2\AppData\Local\Mozilla\Firefox\Profiles\1iq80t1o.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Philippe\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1600 folders=99 31779127 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Philippe\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome.manifest" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\install.rdf" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\npOnlineBanking.dll" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome.manifest" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\install.rdf" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\npOnlineBanking.dll" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF\manifest.mf" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF\mozilla.rsa" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF\mozilla.sf" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\browser_navigator_impl.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\cookies_headers_parser.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\namespace.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\online_banking_extension.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\overlay.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\overlay.xul" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tag.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tag.js.template" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tag_ob.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tracer.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\locales.manifest" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\skin\online_banking_extension_icon.png" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\skin\overlay.css" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\en\online_banking.dtd" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\pl\online_banking.dtd" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF\manifest.mf" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF\mozilla.rsa" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\META-INF\mozilla.sf" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\browser_navigator_impl.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\cookies_headers_parser.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\namespace.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\online_banking_extension.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\overlay.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\overlay.xul" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tag.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tag.js.template" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tag_ob.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\content\tracer.js" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\locales.manifest" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\skin\online_banking_extension_icon.png" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\skin\overlay.css" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\en\online_banking.dtd" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\chrome\locales\pl\online_banking.dtd" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com" not deleted "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com" not deleted ==== EOF on 06/04/2016 at 23:25:36,42 ======================