Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Master on dim. 28/08/2016 at 8:20:59,34. Microsoft Windows 7 Professionnel 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Master\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean] ==== System Restore Info ====================== 28/08/2016 08:22:33 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Adobe deleted successfully C:\PROGRA~2\SecurityXploded deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Master\AppData\Roaming\Sun deleted successfully C:\Users\Master\AppData\Local\PDFCreator deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Adobe not found C:\PROGRA~2\SecurityXploded not found C:\Users\Master\AppData\Local\Adobe deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~3\Package Cache deleted C:\Users\Master\ZHPCleaner.exe deleted C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\rujlg72e.default\extensions\abs@avira.com deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Master\AppData\Local\Temp ==== 2016-08-26 06:55:28 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Master\AppData\Local\Temp\jrt\libiconv2.dll 2016-08-26 06:55:28 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Master\AppData\Local\Temp\jrt\libintl3.dll 2016-08-26 06:55:28 BD59D8A4565D1D1AB3C7CF81948C8DBE 86840 ----a-w- C:\Users\Master\AppData\Local\Temp\jrt\CreateRestorePoint.exe 2016-08-26 06:55:28 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Master\AppData\Local\Temp\jrt\pcre3.dll 2016-08-26 06:55:28 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Master\AppData\Local\Temp\jrt\regex2.dll 2016-08-26 06:55:28 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Master\AppData\Local\Temp\jrt\nfo\nircmdc.exe 2016-08-24 23:21:22 B0924D83128E730F278B4B05316FF89A 772672 ----a-w- C:\Users\Master\AppData\Local\Temp\sqlite3.dll 2016-08-24 23:21:22 1F5F004AA46F9B9B18952792B46BB7B1 2458672 ----a-w- C:\Users\Master\AppData\Local\Temp\libeay32.dll 2016-08-24 23:21:22 034CCADC1C073E4216E9466B720F9849 970912 ----a-w- C:\Users\Master\AppData\Local\Temp\msvcr120.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2016-08-26 05:19:27 F549CF4F85F6744F9BD836EFD0F2BB02 279040 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2016-08-26 05:19:27 F3EA89E72E6ADD295790092B57800DF8 91136 ----a-w- C:\Windows\SysWOW64\inseng.dll 2016-08-26 05:19:27 CF8D63650B723AD146882DE7238A21A4 346312 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2016-08-26 05:19:27 CAAFB21C8A0F20E3C422E284B077B28B 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2016-08-26 05:19:27 917A2834DD5B0715967C2B570B0F6307 497664 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2016-08-26 05:19:27 8CD353AE6565B8BA274DF7637F05F99A 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-26 05:19:27 64CEAFB38C22478231B1DA2A0BC6CDF7 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2016-08-26 05:19:27 586B9F1848F16DC8DD5E706ED1A3F27F 1316352 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2016-08-26 05:19:27 2E8B78648D278FCB07F5467F0431E3EF 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2016-08-26 05:19:27 2B46512370A9EC8A8833C42998B4AC20 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2016-08-26 05:19:27 227AABB662FFB3FA84D548CE0096D45E 130048 ----a-w- C:\Windows\SysWOW64\occache.dll 2016-08-26 05:19:27 0EC9E3CA8AFD25FD2DF1C1051C07C754 692736 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2016-08-26 05:19:26 F2905A16B566C8C7D32CF1F0BBEC3880 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2016-08-26 05:19:26 EB0157E1E081D4B24E39819054187803 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2016-08-26 05:19:26 B234B83E0EFCA74F50E9EB6F6F899928 20343808 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2016-08-26 05:19:26 8560664EC9AFDB4DB83F32A326509259 2055680 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2016-08-26 05:19:26 8394C481B63B959C1650AE5F73FF8E39 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2016-08-26 05:19:26 3398621BF58F9A352B01E56FB52C5EEE 2286592 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2016-08-26 05:19:26 29AA0A28C71C3DF34B651C43FCCACC6A 663552 ----a-w- C:\Windows\SysWOW64\jscript.dll 2016-08-26 05:19:26 10D8F6B20CDC95F058446A0A6468BB34 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2016-08-26 05:19:25 F8868261CE69123E9271AD9E12AB9693 476160 ----a-w- C:\Windows\SysWOW64\ieui.dll 2016-08-26 05:19:25 C8DD4301F421E2B5633F86A94F7E2F56 13808128 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2016-08-26 05:19:25 BCF01E6EFF578F68407CC0B36C38EF17 416256 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2016-08-26 05:19:25 A63EB09E14B5502C489262D4DE9C1FF3 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2016-08-26 05:19:24 B269D6CE33447A716668291DBD9E5C22 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2016-08-26 05:19:24 74F975346D32CAB73552A9331CDA8C42 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll 2016-08-26 05:19:24 64829F4ED34D8339EC39D32204718ADD 2393088 ----a-w- C:\Windows\SysWOW64\wininet.dll 2016-08-26 05:19:24 616FE9AB9C7A398500CA7D0921F0FF85 4608000 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2016-08-26 05:19:24 56610536AAA4C3D96FEAEF7595034007 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2016-08-26 05:19:24 56276DD3F64D583675B2F183B1BEFF03 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2016-08-26 05:19:24 2B9F2BBB8FE8A95A81D2388B60C3E042 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2016-08-25 15:02:40 AD27563BC16AB1EAACAE3033E99C2F78 194048 ----a-w- C:\Windows\SysWOW64\elshyph.dll 2016-08-25 15:02:39 C1A6E565B2782C09BC40AD749B46D9ED 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2016-08-25 15:02:39 9B8701A380CEE1B05D651B4ED4048C8F 645120 ----a-w- C:\Windows\SysWOW64\jsIntl.dll 2016-08-25 15:02:39 298FDE634538B62CEEEC266D8773B21A 182272 ----a-w- C:\Windows\SysWOW64\msls31.dll 2016-08-25 15:02:38 F7B6E341F4B1947BEC0E14EEBE3C627E 111616 ----a-w- C:\Windows\SysWOW64\IEAdvpack.dll 2016-08-25 15:02:38 CFCE4EFF1D6D909EE2EA3AFCB8F1E677 233472 ----a-w- C:\Windows\SysWOW64\url.dll 2016-08-25 15:02:38 C17139EAF939964142C7A1AEEE02DC81 616104 ----a-w- C:\Windows\SysWOW64\ieapfltr.dat 2016-08-25 15:02:38 AE6A2C5ECD3E96556E22F12816842F60 48640 ----a-w- C:\Windows\SysWOW64\mshtmler.dll 2016-08-25 15:02:38 ABDFC692D9FE43E2BA8FE6CB5A8CB95A 13312 ----a-w- C:\Windows\SysWOW64\mshta.exe 2016-08-25 15:02:38 AB3B2CA52AFB695AFCDD2620A21E5B21 24576 ----a-w- C:\Windows\SysWOW64\licmgr10.dll 2016-08-25 15:02:38 9E170B0AF156B478BD2B1FD6A2250C9E 62464 ----a-w- C:\Windows\SysWOW64\tdc.ocx 2016-08-25 15:02:38 9A33FDDD687A836A1FD478B43C5A95FD 151552 ----a-w- C:\Windows\SysWOW64\iexpress.exe 2016-08-25 15:02:38 887055A3C8DD6C87D200D11EAFDBD45B 74240 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe 2016-08-25 15:02:38 83F49FD1BC0A999B006D564C540C7258 86016 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2016-08-25 15:02:38 6EB0B7301E00F717BD68A742D1391FAF 36352 ----a-w- C:\Windows\SysWOW64\imgutil.dll 2016-08-25 15:02:38 6A92CEC8532056791C6832B2725D170D 139264 ----a-w- C:\Windows\SysWOW64\wextract.exe 2016-08-25 15:02:38 55969AADF0210A614700F89B48976F68 43008 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll 2016-08-25 15:02:38 53FC62C51CB18C9100A7DFAF2D2A6C47 12800 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe 2016-08-25 15:02:38 4F032F1FDEFEA5EC8EEA3562643B5EE8 69120 ----a-w- C:\Windows\SysWOW64\icardie.dll 2016-08-25 15:02:38 4BCC7EB5F20840DA67943BD86AE95735 56832 ----a-w- C:\Windows\SysWOW64\pngfilt.dll 2016-08-25 15:02:38 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\SysWOW64\ieuinit.inf 2016-08-25 15:02:38 1AFBAA54BDF637F69B8E02A5578286B0 116736 ----a-w- C:\Windows\SysWOW64\iepeers.dll 2016-08-17 05:39:43 9DE2ECE436DCD0A3237565AC1F66B7B3 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2016-08-26 05:19:27 FB5E30FD58CFCB42C4C58AC4F6B193B4 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2016-08-26 05:19:27 F34FCCD107EEE8F32E973B88B1B6879F 724992 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2016-08-26 05:19:27 C6CBF1C307BD7FBC15DF4245C4466B13 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2016-08-26 05:19:27 30AA13DD3AB392D31EE1F8280F02419F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2016-08-26 05:19:27 231B7E1CF644F83DEE1D14C96D1CE64A 107520 ----a-w- C:\Windows\Sysnative\inseng.dll 2016-08-26 05:19:27 1DCC47231EF77587C6058D0DB1C619BE 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2016-08-26 05:19:27 0795C990F18769F138B9C6DF757A1262 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2016-08-26 05:19:26 F20E4D8EB4B99BCC109AE599193243FD 394440 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2016-08-26 05:19:26 F13C89FB78ACFF5540F198EBF36FCA9F 152064 ----a-w- C:\Windows\Sysnative\occache.dll 2016-08-26 05:19:26 BE5436294A01E3C7DD4DD231C724F5C4 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2016-08-26 05:19:26 3E154893570038A59F73A8F7418DCF75 1550848 ----a-w- C:\Windows\Sysnative\urlmon.dll 2016-08-26 05:19:25 F09B558573C9BBBC949FA6B3D3200456 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2016-08-26 05:19:25 D30B023DC798FAC4ABA25D0B637C568A 315392 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2016-08-26 05:19:25 C588FEF8EE8AD70A1A739B23EF4B987A 969216 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2016-08-26 05:19:25 7EE91314F7FFC8A566ADDCD13DD51242 806400 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2016-08-26 05:19:25 50828D61E8A3205B337DC49A7C3FFF38 2131456 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2016-08-26 05:19:25 22336934420C6862F0847DED6C437B76 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2016-08-26 05:19:24 F685AC29447B34F623D85C973E028287 572416 ----a-w- C:\Windows\Sysnative\vbscript.dll 2016-08-26 05:19:24 EFB4DC94975BAFFE5FB0465E64A1E54B 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2016-08-26 05:19:24 C7C7C333FDBECF16C29A39635B84A1EA 2894336 ----a-w- C:\Windows\Sysnative\iertutil.dll 2016-08-26 05:19:24 8F9762BB257CAC7B119CB643212AAD75 489984 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2016-08-26 05:19:24 679442D0595FBF5A6D91705D364784A3 615936 ----a-w- C:\Windows\Sysnative\ieui.dll 2016-08-26 05:19:23 CA73619BE9ADCEB3934551C223F6ADD0 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2016-08-26 05:19:23 C29752ECB73D5C92003568123975EA7C 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2016-08-26 05:19:23 8BE7C72DB66A760B2DC57DE1D99EDCA1 6047744 ----a-w- C:\Windows\Sysnative\jscript9.dll 2016-08-26 05:19:23 76A937F27F14BE9AB31901319335CED6 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll 2016-08-26 05:19:23 710634B4F8003066FB7329D776D0C5BE 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2016-08-26 05:19:23 429E72773966866CE5F6BBA9E07B750D 817664 ----a-w- C:\Windows\Sysnative\jscript.dll 2016-08-26 05:19:23 311416EBB1CFB6F39D0AE6176E79D2C2 15412224 ----a-w- C:\Windows\Sysnative\ieframe.dll 2016-08-26 05:19:23 2FC7C339A0310E9E7A55384B2B798F06 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2016-08-26 05:19:22 E3E3B1226692DB497226CCD7F43AD7DF 25808384 ----a-w- C:\Windows\Sysnative\mshtml.dll 2016-08-26 05:19:22 51BD4D3D74CDF4EFB6C8023C86914C6D 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2016-08-26 05:19:22 33821B684222F236711F7F8C78AA9247 2868224 ----a-w- C:\Windows\Sysnative\wininet.dll 2016-08-26 05:19:22 2BCC67A19D5C041AE694DBCA3BA0A290 417792 ----a-w- C:\Windows\Sysnative\html.iec 2016-08-26 05:19:22 133BDD30B98E9158649E73B38434F673 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2016-08-25 15:02:39 8F7FBD0177F79727CF945ABDA657A0AC 235008 ----a-w- C:\Windows\Sysnative\elshyph.dll 2016-08-25 15:02:38 6F1AF8E1206E92256459E3012C20472A 942592 ----a-w- C:\Windows\Sysnative\jsIntl.dll 2016-08-25 15:02:38 4399857346DD183683332921500046B1 86016 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2016-08-25 15:02:38 2EBD0C5B090125AECF017C57344C45AB 247808 ----a-w- C:\Windows\Sysnative\msls31.dll 2016-08-25 15:02:37 E70D4270C43CE6C46841B684315B9EFF 62464 ----a-w- C:\Windows\Sysnative\pngfilt.dll 2016-08-25 15:02:37 E4A6577D74B2439974C8018AB5F1BFEA 13312 ----a-w- C:\Windows\Sysnative\msfeedssync.exe 2016-08-25 15:02:37 D31AE751B6DACAFD0D7CC99EAE9606C2 131072 ----a-w- C:\Windows\Sysnative\IEAdvpack.dll 2016-08-25 15:02:37 CE8831D2DCB5803A4CBC8EDCCBBC2A05 77312 ----a-w- C:\Windows\Sysnative\tdc.ocx 2016-08-25 15:02:37 C92173481A58935BE15172079CF122B8 235520 ----a-w- C:\Windows\Sysnative\url.dll 2016-08-25 15:02:37 C17139EAF939964142C7A1AEEE02DC81 616104 ----a-w- C:\Windows\Sysnative\ieapfltr.dat 2016-08-25 15:02:37 9675B272086CF5D22B83B541FAA8D4EA 30208 ----a-w- C:\Windows\Sysnative\licmgr10.dll 2016-08-25 15:02:37 95828D670CFD3B16EE188168E083C3C5 13824 ----a-w- C:\Windows\Sysnative\mshta.exe 2016-08-25 15:02:37 5141B67F14E2B6CBB6ADF851ABE364A5 90112 ----a-w- C:\Windows\Sysnative\SetIEInstalledDate.exe 2016-08-25 15:02:37 46FD16F9B1924A2EA8CD5C6716CC654F 167424 ----a-w- C:\Windows\Sysnative\iexpress.exe 2016-08-25 15:02:37 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\Sysnative\ieuinit.inf 2016-08-25 15:02:37 2405D24AA28CCC4CC7E0CC0AE008746F 48640 ----a-w- C:\Windows\Sysnative\mshtmler.dll 2016-08-25 15:02:37 1EA6500C25A80E8BDB65099C509AF993 143872 ----a-w- C:\Windows\Sysnative\wextract.exe 2016-08-25 15:02:37 0FBEBD36FEFFEE5AF25FDAEE5E35EE99 105984 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2016-08-25 15:02:37 0A9D5716CB1F3AFA73703F39647BB8C2 81408 ----a-w- C:\Windows\Sysnative\icardie.dll 2016-08-25 15:02:37 038ABC9BCC86DFF9E181D44E43E2CEBA 52224 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll 2016-08-25 15:02:36 ADA5C3D49A12CED9F07913DC00E547A8 48128 ----a-w- C:\Windows\Sysnative\imgutil.dll 2016-08-25 15:02:36 1FCBE949A67939ADEAE7279E423AA684 135680 ----a-w- C:\Windows\Sysnative\iepeers.dll 2016-08-17 05:39:43 77F7A37A1AF97A0050448F2A40072A4E 2048 ----a-w- C:\Windows\Sysnative\tzres.dll ====== C:\Windows\Sysnative\drivers ===== 2016-08-10 07:45:51 CFBA6BCBBDC7E33813D92FFB3460FA07 95464 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-08-10 07:45:51 CE66825289EE8326CB52C4E9E785ACB0 154856 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-08-10 07:45:51 B7FADA5E1E55BB63F90EB9F8F016113B 159744 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2016-08-10 07:45:51 34AFF1849B3EC042C40C5EEC9D78562A 291328 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-08-10 07:45:51 058CE7A55E140EB0C72FBA6FD2FA72DE 129536 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys ====== C:\Windows\Tasks ====== 2016-08-25 07:24:43 E33F734D7271152B740132F3CB4C493B 3812 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore1d0e155d0c95b7f 2016-08-25 07:24:43 0846609287F89DEC3CDCB89B98FE6B95 4064 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA1d0e155d0fbb623 2016-08-07 14:41:28 DB2594FE13C6A1C83CA2A13A9ED1FA66 3930 ----a-w- C:\Windows\Sysnative\Tasks\DropboxUpdateTaskMachineCore 2016-08-07 14:41:28 D0D6355B3AE33237A5DC1ADDE0ADFF80 1182 ----a-w- C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-08-07 14:41:28 8D00C7BA7A23514C2E4949811997A1A3 1186 ----a-w- C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-08-07 14:41:28 5351965D772AA8A95610D75E0C074064 4182 ----a-w- C:\Windows\Sysnative\Tasks\DropboxUpdateTaskMachineUA ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2016-08-25 15:25:15 -------- d-----w- C:\PROGRA~2\ZHPFix 2016-08-12 11:10:01 -------- d-----w- C:\PROGRA~2\Passdet 2016-08-12 10:52:41 -------- d-----w- C:\PROGRA~2\Passware 2016-08-07 14:41:27 -------- d-----w- C:\PROGRA~2\Dropbox ======= C: ===== ====== C:\Users\Master\AppData\Roaming ====== 2016-08-25 07:28:15 4E2D88BAC115D18379724A2FD430D07C 7625 ----a-w- C:\Users\Master\AppData\Local\resmon.resmoncfg 2016-08-24 17:47:05 -------- d-----w- C:\Users\Master\AppData\Locallow\uTorrent 2016-08-20 06:37:25 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Dropbox 2016-08-20 06:37:13 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Dropbox 2016-08-07 14:41:31 -------- d-----w- C:\Users\Master\AppData\Roaming\Dropbox 2016-08-07 14:41:23 -------- d-----w- C:\Users\Master\AppData\Local\Dropbox ====== C:\Users\Master ====== 2016-08-26 14:06:05 8C4D25AC331A066D200C24811BB1EEC5 2396160 ----a-w- C:\Users\Master\Desktop\FRST64.exe 2016-08-26 13:55:16 8D3E80E2C72253C24590533FA9EF0DBF 2349056 ----a-w- C:\Users\Master\Desktop\ZHPCleaner.exe 2016-08-26 06:54:31 D212E9E2992483DA6E4B9C382BEEC7D4 1610560 ----a-w- C:\Users\Master\Desktop\JRT.exe 2016-08-26 06:29:36 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\Users\Master\Desktop\mbam-setup-2.2.1.1043.exe 2016-08-25 15:25:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2016-08-24 17:36:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-08-20 06:37:24 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Documents 2016-08-20 06:37:24 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Desktop 2016-08-14 16:19:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2016-08-12 11:10:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passdet 2016-08-12 10:52:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passware 2016-08-07 14:43:39 -------- d-----r- C:\Users\Master\Dropbox 2016-08-07 14:41:23 -------- d-----w- C:\ProgramData\Dropbox ====== C: exe-files == 2016-08-27 15:40:45 D2ABC102A51083B674BC1701EA9C5244 29403160 ----a-w- C:\Users\Master\AppData\Roaming\TomTom\HOME\Profiles\6n8uhd8h.default\Updates\v2_9_91_411_win.exe 2016-08-26 14:06:05 8C4D25AC331A066D200C24811BB1EEC5 2396160 ----a-w- C:\Users\Master\Desktop\FRST64.exe 2016-08-26 13:55:16 8D3E80E2C72253C24590533FA9EF0DBF 2349056 ----a-w- C:\Users\Master\Desktop\ZHPCleaner.exe 2016-08-26 06:55:28 BD59D8A4565D1D1AB3C7CF81948C8DBE 86840 ----a-w- C:\Users\Master\AppData\Local\Temp\jrt\CreateRestorePoint.exe 2016-08-26 06:55:28 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Master\AppData\Local\Temp\jrt\nfo\nircmdc.exe 2016-08-26 06:54:31 D212E9E2992483DA6E4B9C382BEEC7D4 1610560 ----a-w- C:\Users\Master\Desktop\JRT.exe 2016-08-26 06:29:36 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\Users\Master\Desktop\mbam-setup-2.2.1.1043.exe 2016-08-26 06:20:34 C0911E31A3B31A6E0E4FFC0697215AB5 3826240 ----a-w- C:\Users\Master\Desktop\réparation explorateur\adwcleaner_6.010.exe 2016-08-26 06:15:52 E427437E24F0F3BC0F667660E8E1F76F 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3402112518-1966006777-3619279464-1000\$IFXZH9Q.exe 2016-08-26 06:11:52 6BF9CBE2A4A0722D636D4BFED559025E 1583096 ----a-w- C:\Users\Master\AppData\Local\Google\Chrome\User Data\SwReporter\10.66.3\software_reporter_tool.exe 2016-08-26 05:19:27 F34FCCD107EEE8F32E973B88B1B6879F 724992 ----a-w- C:\Windows\System32\ie4uinit.exe 2016-08-26 05:19:27 83F98F75E0F3ED7C02B35B17853F6CAB 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2016-08-26 05:19:27 0795C990F18769F138B9C6DF757A1262 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2016-08-26 05:19:26 F782AA6A534AE1536E2EB33A85E23A7B 474112 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2016-08-26 05:19:26 C5481C540C36793450318BCA4AD219DC 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2016-08-26 05:19:26 BEEA90201596E8E30E9543A0E05837A6 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2016-08-26 05:19:25 C588FEF8EE8AD70A1A739B23EF4B987A 969216 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2016-08-26 05:19:25 6DC6F88B59CAE7DDEB356BF6075B90D6 491008 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2016-08-26 05:19:24 C734F16AB9C08927D6C118E73DFE70FC 814280 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2016-08-26 05:19:24 2B9F2BBB8FE8A95A81D2388B60C3E042 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2016-08-26 05:19:23 710634B4F8003066FB7329D776D0C5BE 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2016-08-25 15:25:15 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Program Files (x86)\ZHPFix\catchme.exe 2016-08-25 15:25:15 C573A6CB885554F9B162AC4709A78407 3061760 ----a-w- C:\Program Files (x86)\ZHPFix\ZHPFix.exe 2016-08-25 15:25:15 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files (x86)\ZHPFix\ZHPhep.exe 2016-08-25 15:25:15 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Program Files (x86)\ZHPFix\mbr.exe 2016-08-25 15:25:15 9658565C1728E9B7F9F45C907E2028D9 694736 ----a-w- C:\Program Files (x86)\ZHPFix\unins000.exe 2016-08-25 15:25:15 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Program Files (x86)\ZHPFix\subinacl.exe 2016-08-25 15:25:15 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Program Files (x86)\ZHPFix\setacl32.exe 2016-08-25 15:25:15 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Program Files (x86)\ZHPFix\setacl64.exe 2016-08-25 15:24:42 78546FB86AC0BDA85879BE7BBAF36FDB 3521617 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3402112518-1966006777-3619279464-1000\$RFXZH9Q.exe 2016-08-25 15:02:39 C1A6E565B2782C09BC40AD749B46D9ED 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2016-08-25 15:02:38 ABDFC692D9FE43E2BA8FE6CB5A8CB95A 13312 ----a-w- C:\Windows\SysWOW64\mshta.exe 2016-08-25 15:02:38 9A33FDDD687A836A1FD478B43C5A95FD 151552 ----a-w- C:\Windows\SysWOW64\iexpress.exe 2016-08-25 15:02:38 887055A3C8DD6C87D200D11EAFDBD45B 74240 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe 2016-08-25 15:02:38 7F7F391491C315A4A72EFCAC0D34FA93 25600 ----a-w- C:\Program Files (x86)\Internet Explorer\ExtExport.exe 2016-08-25 15:02:38 6A92CEC8532056791C6832B2725D170D 139264 ----a-w- C:\Windows\SysWOW64\wextract.exe 2016-08-25 15:02:38 53FC62C51CB18C9100A7DFAF2D2A6C47 12800 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe 2016-08-25 15:02:38 4399857346DD183683332921500046B1 86016 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2016-08-25 15:02:37 E4A6577D74B2439974C8018AB5F1BFEA 13312 ----a-w- C:\Windows\System32\msfeedssync.exe 2016-08-25 15:02:37 95828D670CFD3B16EE188168E083C3C5 13824 ----a-w- C:\Windows\System32\mshta.exe 2016-08-25 15:02:37 5141B67F14E2B6CBB6ADF851ABE364A5 90112 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe 2016-08-25 15:02:37 46FD16F9B1924A2EA8CD5C6716CC654F 167424 ----a-w- C:\Windows\System32\iexpress.exe 2016-08-25 15:02:37 41F922D6A794C0F8425C8436D7077C84 359632 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe 2016-08-25 15:02:37 1EA6500C25A80E8BDB65099C509AF993 143872 ----a-w- C:\Windows\System32\wextract.exe 2016-08-25 07:24:54 76D51C09CAF3F08577BB6297D57BE9D7 51040856 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\52.0.2743.116\52.0.2743.116_chrome_installer.exe 2016-08-25 07:24:43 C75B240057A7169179DB2EC9E059D4C5 96920 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleUpdateBroker.exe 2016-08-25 07:24:43 A2AFEE318C51D8A2BF85A4E46E715565 96920 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe 2016-08-25 07:24:43 8ECEE61C9EFE194B6ACA6030DFE3990E 96920 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleUpdateWebPlugin.exe 2016-08-25 07:24:43 656F9C244E8B5251DD3A528CEC16318A 1065376 ----a-w- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleUpdateSetup.exe 2016-08-25 07:24:42 BF76E03E95FD83C31B32639472A8EDCC 174232 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleUpdateComRegisterShell64.exe 2016-08-25 07:24:42 A8FD9222E4D72596BB37DA8BE95C0BA4 153752 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleUpdate.exe 2016-08-25 07:24:42 788321A2C0C45F16820E00A8BA8FD3DA 366232 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe 2016-08-25 07:24:42 58332C83C4A329A744B0B98F934934BB 288920 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe 2016-08-24 17:36:15 F5461BC7A9031C6E9DA37A50D2ED79AD 23889496 ----a-w- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 2016-08-24 17:36:15 CD2441A8669DAFCF63884BC087F35526 25200 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbxsvc.exe 2016-08-24 17:36:15 9FF67D9D1C4F5E87381586D812C6BF8F 173288 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe 2016-08-24 17:36:15 06D550C2767DBC288F2D1AD7C55AC057 25712 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbxsvc.exe 2016-08-24 17:36:01 6EE4A53055928E7836F6822D89A41839 69021240 ----a-w- C:\Program Files (x86)\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\8.4.21\DropboxClient_8.4.21.exe === C: other files == 2016-08-26 06:55:28 B4DB25F4C5008E12791E8E07C8BE8986 128122 ----a-w- C:\Users\Master\AppData\Local\Temp\jrt\get.bat 2016-08-24 17:36:15 602534C6AF65E07ACD260AFA55D89D0F 52848 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-stable.sys 2016-08-24 17:36:15 03316C2B560AF4ECAAEB5AA5EE9F7C95 55408 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-dev.sys 2016-08-24 17:36:15 006F32093B0FF58A3839FF84288A2DE1 53360 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-canary.sys 2016-08-24 17:36:14 D54A14EF632698CEB089654B5394F929 63600 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-canary.sys 2016-08-24 17:36:14 653F4F0B5A25F3147621FD88A3F1F481 64112 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-dev.sys 2016-08-24 17:36:14 5A83DA46A3C55A0756230C8A02CA8696 63088 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-stable.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3402112518-1966006777-3619279464-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "HP Photosmart 5520 series (NET)"="C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe -deviceID CN37Q1309V0602:NW -scfn HP Photosmart 5520 series (NET) -AutoStart 1" "Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe -SpeechUX -Startup" "FileHippo.com"="C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe /background" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe -startwithoutDA" "TomTomHOME.exe"="E:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe -s" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files (x86)\Avira\Antivirus\avgnt.exe /min" "Avira SystrayStartTrigger"="C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "HP Photosmart 5520 series (NET)"="C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe -deviceID CN37Q1309V0602:NW -scfn HP Photosmart 5520 series (NET) -AutoStart 1" "Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe -SpeechUX -Startup" "FileHippo.com"="C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe /background" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe -startwithoutDA" "TomTomHOME.exe"="E:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe -s" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\(default)] "command"="" "hkey"="HKLM" "item"="(default)" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\appnhost] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="appnhost" "hkey"="HKCU" "command"="C:\\Users\\Master\\AppData\\Local\\Mixesoft\\AppNHost\\appnhost.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgnt" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Avira\\Antivirus\\avgnt.exe\" /min" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Avira SystrayStartTrigger] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Avira SystrayStartTrigger" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Avira\\Launcher\\Avira.SystrayStartTrigger.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"E:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Photos Backup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Photos Backup" "hkey"="HKCU" "command"="\"C:\\Users\\Master\\AppData\\Local\\Programs\\Google\\Google Photos Backup\\Google Photos Backup.exe\" /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Master\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_10C9933D0F6F7947DC35F397EE3EFA3C] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleChromeAutoLaunch_10C9933D0F6F7947DC35F397EE3EFA3C" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window /prefetch:5" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleDriveSync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleDriveSync" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\Drive\\googledrivesync.exe\" /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Photosmart 5520 series (NET)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Photosmart 5520 series (NET)" "hkey"="HKCU" "command"="\"C:\\Program Files\\HP\\HP Photosmart 5520 series\\Bin\\ScanToPCActivationApp.exe\" -scfn \"HP Photosmart 5520 series (NET)\" -AutoStart 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon] "command"="\"C:\\Program Files\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIconLaunch.exe\" \"C:\\Program Files\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe\" 60" "hkey"="HKLM" "item"="IAStorIcon" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KeyScrambler] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KeyScrambler" "hkey"="HKLM" "command"="E:\\Program Files (x86)\\KeyScrambler\\keyscrambler.exe /a" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LWS] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LWS" "hkey"="HKLM" "command"="E:\\Program Files (x86)\\Logitech\\LWS\\Webcam Software\\LWS.exe -hide" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Nikon Message Center 2" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Nikon\\Nikon Message Center 2\\NkMC2.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvBackend] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvBackend" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg_DTS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg_DTS" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /DTSU2P " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RTHDVCPL" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ShadowPlay" "hkey"="HKLM" "command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\system32\\nvspcap64.dll,ShadowPlayOnSystemStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TomTomHOME.exe" "hkey"="HKCU" "command"="\"E:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\asComSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Avira.ServiceHost] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Backupper Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\dbupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\dbupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DigitalWave.Update.Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DTSAudioSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FirebirdServerMAGIXInstance] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Freemake Improver] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAStorDataMgrSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IDriverT] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MaConfigAgent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvNetworkService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvStreamSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PDF Architect 3] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PDF Architect 3 CrashHandler] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PDF Architect 3 Creator] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\rpcapd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Stereo Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TomTomHOMEService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UMVPFSrv] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [31/01/2016 08:51] C:\Windows\tasks\DropboxUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [07/08/2016 16:41] C:\Windows\tasks\DropboxUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [07/08/2016 16:41] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d0e155d0c95b7f" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d0e155d0fbb623" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\{0380DBC3-B33F-4121-94F1-7B38F60F4EE1}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{175C9F59-F40B-4C91-87D4-5939B82BC48B}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{2678E40B-EBE6-43D6-B21D-CEA617396F22}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{4B62D382-2606-4B51-AC8E-A959853A3119}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{53C83059-499B-44CD-8969-4D54EFCC827E}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{553D3585-C816-45DB-AA4C-8343D0405031}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{573CAD29-36F1-4CB8-80F2-4AB080F2122D}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{6D2119F8-640D-43C3-9EF2-0F874F6805D3}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{82649BEE-9892-44C2-84DE-61CD708E482B}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{91BE22EA-6433-439A-BE06-15F87BF10B39}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{94A50DF8-F8BB-4FDC-9EB9-DB6E9BB3821E}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{9D6AEE75-B3AE-4ECF-A436-A9278A055281}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{F010D69B-0606-4156-9E4E-36B255BB45A7}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{F5542953-F9DB-4AA1-A897-F1FB4589F756}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [14/05/2016 09:23] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\rujlg72e.default - Avira Safe Search Plus - %ProfilePath%\extensions\safesearchplus@avira.com.xpi ProfilePath: C:\Users\Master\AppData\Roaming\TomTom\HOME\Profiles\6n8uhd8h.default - Map status indicator - E:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - E:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== Profilepath: C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\rujlg72e.default A107920551356DAEE665F0884F34D2D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll - Shockwave Flash AF8A94BCB98C299C49B28CC12EBC0ED2 - C:\Users\Master\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll - Google Update 9A7BBD9622623180A6B93DDA4345A8E1 - E:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll - PDF-XChange Viewer ==== Chromium Look ====================== Google Chrome Version: 48.0.2560.0 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions khjilmcjipkeokomeekfnhkpbnhmgaje - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[08/01/2016 11:47] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\Master\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[09/08/2014 17:03] lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Facebook Notifications - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainkhhbgcdbenmmbaoacambbhjfgnmmm Google Drive - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google URL Shortener - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnjjjinhhbgfapfngmpekkbhefjfblj Facebook - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm selector is not a valid CSS selector - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb AddThis - Share & Bookmark (new) - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde Dropbox for Gmail - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec Mini Radio Player - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffeaebedjghkdbccfenjbiilalegknlj Google Analytics Opt-out Add-on by Google - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh Avira Browser Safety - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk PDF Compressor - Smallpdf.com - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\gealeehfjeflamgnohlhabaefbfjfjgc Google Docs Offline - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi ClickClean - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod HP Smart Print - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi PDF Mergy - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha Dropbox - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl Skype - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Drive App Launcher - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh Google Mail Checker - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff Chrome Web Store Payments - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Picasa - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb Chrome Media Router - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=459 folders=110 158109628 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Master\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted "C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted "C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted "C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted "C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted "C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage" not deleted ==== EOF on dim. 28/08/2016 at 8:37:01,08 ======================