Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Lucho on vr 11-04-2014 at 19:29:38,63. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Lucho\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 11-4-2014 19:36:15 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Settings Manager deleted successfully C:\PROGRA~2\Browser Manager deleted successfully C:\PROGRA~2\BrowserProtect deleted successfully C:\PROGRA~2\CanonEPP deleted successfully C:\PROGRA~2\CanonIJEPPEX2 deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\PROGRA~2\Wincert deleted successfully C:\PROGRA~2\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~2\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\Lucho\AppData\Local\calibre-cache deleted successfully C:\Users\Lucho\AppData\Local\GHISLER deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] ==== Deleting Files \ Folders ====================== C:\ProgramData\BrowserProtect not found C:\ProgramData\Browser Manager not found C:\ProgramData\BitGuard not found C:\ProgramData\Wincert not found C:\Program Files\Settings Manager not found C:\Users\Lucho\AppData\Roaming\Mozilla\Firefox\Profiles\5zz7sru7.default-1393455409765\extensions\extension@linkeyproject.com deleted C:\Users\Lucho\AppData\Roaming\Mozilla\Firefox\Profiles\5zz7sru7.default-1393455409765\extensions\{E52BC4EE-EBFD-E79D-375E-EE5BF07B5C4C} deleted C:\Program Files\SearchProtect deleted C:\Program Files\CPU Speed Pro deleted "C:\Users\Lucho\AppData\Roaming\Mozilla\Firefox\Profiles\5zz7sru7.default-1393455409765\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome\dwhelper.jar" deleted "C:\Users\Lucho\AppData\Roaming\Mozilla\Firefox\Profiles\5zz7sru7.default-1393455409765\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}" deleted "C:\Users\Lucho\AppData\Roaming\Mozilla\Firefox\Profiles\5zz7sru7.default-1393455409765\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-04-10 15:38:06 7ED438C44B90AF7B01609A942C7E7196 212480 ----a-w- C:\Windows\PCDLIB32.DLL ====== C:\Users\Lucho\AppData\Local\Temp ==== 2014-04-10 05:59:14 77A02A1FCB3E7A0A894938F145DEFA34 1877008 ----a-w- C:\Windows\system32\config\systemprofile\AppData\Local\Temp\nsb4E5C.tmp\Helper.dll 2014-04-08 14:34:00 AC5F4BF090EC982B6A16615E2CA1E185 59408 ----a-w- C:\Windows\system32\config\systemprofile\AppData\Local\Temp\nsb4E5C.tmp\Starter.exe ====== Java Cache ===== 2014-04-06 04:48:34 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Yvonne.Lucho-PC\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-6bf3970f ====== C:\Windows\system32 ===== 2014-04-11 17:10:59 CE6921D33682C6C3DB8A45853CC69402 455168 ----a-w- C:\Windows\System32\vbscript.dll 2014-04-11 17:10:58 AA12D7A960DB78DD9690AB5B5DAE6586 440832 ----a-w- C:\Windows\System32\ieui.dll 2014-04-11 17:10:54 A127D17C354B473B0F4C6265538F5A2C 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-04-11 17:10:52 116632CE6DF92EA78C2B849E1279B1FA 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-04-11 17:10:51 BB185D4A9362AA17CBCEC0768CDBF249 704512 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-04-11 17:10:50 EDACA6C44D9CE200F899B7DB0F201DFF 164864 ----a-w- C:\Windows\System32\msrating.dll 2014-04-11 17:10:49 EBC35FE64056910A84485BEEB6DCCAC6 524288 ----a-w- C:\Windows\System32\msfeeds.dll 2014-04-11 17:10:49 31385A6CAA31BE9D07B0B32E5AA99ABB 43008 ----a-w- C:\Windows\System32\jsproxy.dll 2014-04-11 17:10:48 7E9FE7DB43BC204E44F159F843E35C15 367616 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-04-11 17:10:47 E5E97E94DD9D69D8EE90CFA96156CD8A 575488 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-04-11 17:10:47 34FC79C948EE2C5FD0CD699E7D7F91B7 244224 ----a-w- C:\Windows\System32\dxtrans.dll 2014-04-11 17:10:46 82287FCFFA4A2D60FD744E3FEB3192C5 61952 ----a-w- C:\Windows\System32\iesetup.dll 2014-04-11 17:10:46 21BF6759685FD193715B483F2B3F21B1 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-04-11 17:10:46 0FDC1A576A3F40420882C0F7C4A66EAD 32768 ----a-w- C:\Windows\System32\iernonce.dll 2014-04-11 17:10:45 C9CA9803299EB6AFA34CB520BAAB083D 32256 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-04-11 17:10:45 6557B48D53D653CFCCE3CB1CFA53A8E1 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-04-11 17:10:45 2101D94DED769CE86A3DE1152F4FCDF5 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-04-11 17:10:45 0F4A295516781897FFB09B4CCF2E8798 592896 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-04-11 17:10:44 BECAA526B8A1823A36A1BA123B8C41A9 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-04-11 17:10:39 05BD47136DE62FAFE9F95B40E4100144 2178048 ----a-w- C:\Windows\System32\iertutil.dll 2014-04-11 17:10:38 E4E829EE073E046B0EB19B5FECB19B8C 1789440 ----a-w- C:\Windows\System32\wininet.dll 2014-04-11 17:10:38 76F58DB8F85C125E0D6B3AA42F3BF1D0 1143808 ----a-w- C:\Windows\System32\urlmon.dll 2014-04-11 17:10:37 C4A383FD50FBD7E274DD41CF571DF898 1967104 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-04-11 17:10:36 2AFBB91BBD2378933B26E6D68C140D1B 11745792 ----a-w- C:\Windows\System32\ieframe.dll 2014-04-11 17:10:35 EA85144F35EDE6EE25C484D4242FF2C8 17387008 ----a-w- C:\Windows\System32\mshtml.dll 2014-04-11 17:10:34 8C46360D6EF9D4C563FE834C4F287DA3 4254720 ----a-w- C:\Windows\System32\jscript9.dll 2014-04-10 15:38:07 E1102CEDF0C818984C2ACA2A666D4C5F 245408 ----a-w- C:\Windows\System32\unicows.dll 2014-04-09 13:20:17 F74FFA7654702F81884BDB41EB80DAC2 868352 ----a-w- C:\Windows\System32\kernel32.dll ====== C:\Windows\system32\drivers ===== 2014-04-10 15:38:07 FE3EA6E9AFC1A78E6EDCA121E006AFB7 18688 ----a-w- C:\Windows\System32\drivers\afc.sys 2014-04-09 13:20:24 F1A449D762657230629D8BFC107ABC14 149440 ----a-w- C:\Windows\System32\drivers\storport.sys 2014-04-09 13:20:24 EB34CE31FABD4DC4343FD2AD16D2CAF9 234432 ----a-w- C:\Windows\System32\drivers\msiscsi.sys 2014-04-09 13:20:24 5FB4F271032B6435F3B2252F577A4815 27072 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2014-04-09 13:20:19 C8DFF8D07755A66C7A4A738930F0FEAC 1212352 ----a-w- C:\Windows\System32\drivers\ntfs.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-04-10 15:37:39 -------- d-----w- C:\Program Files\Common Files\ArcSoft 2014-04-10 15:37:38 -------- d-----w- C:\Program Files\ArcSoft 2014-04-07 11:42:57 -------- d-----w- C:\Program Files\GMapCatcher 2014-03-24 16:20:33 -------- d-----w- C:\Program Files\Linkey 2014-03-24 10:09:41 -------- d-----w- C:\Program Files\Belastingdienst ======= C: ===== ====== C:\Users\Lucho\AppData\Roaming ====== 2014-04-11 09:47:36 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Local\NextUp 2014-04-11 05:21:32 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Local\Programs 2014-04-11 05:21:06 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Local\ArcSoft 2014-04-11 05:20:57 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\ArcSoft 2014-04-10 15:39:00 -------- d-----w- C:\Users\Lucho\AppData\Local\ArcSoft 2014-04-10 15:37:02 -------- d-----w- C:\Users\Lucho\AppData\Roaming\ArcSoft 2014-04-10 06:00:38 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla 2014-04-10 05:59:14 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Temp 2014-04-06 14:04:49 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\Mozilla 2014-04-06 14:04:49 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Local\Mozilla 2014-04-06 04:48:20 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Locallow\Sun 2014-04-05 18:21:34 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Local\Microsoft Games 2014-04-05 11:59:01 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Locallow\DataMngr 2014-04-05 11:58:02 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Local\Apple Computer 2014-04-05 11:57:07 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\Belastingdienst 2014-04-05 11:56:43 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\Canon 2014-04-05 11:56:38 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\AVG2014 2014-04-05 11:56:36 B1628CA97D6BE9B63E1EC66AF2125E6F 110064 ----a-w- C:\Users\Yvonne.Lucho-PC\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-05 11:56:36 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\Apple Computer 2014-04-05 11:56:36 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Local\Avg2014 2014-04-05 11:56:19 -------- d-----r- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-05 11:56:08 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\Identities 2014-04-05 11:55:52 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\Adobe 2014-04-05 11:55:50 -------- d-s---w- C:\Users\Yvonne.Lucho-PC\AppData\Locallow\Microsoft 2014-04-05 11:55:15 -------- d-s---w- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\Microsoft 2014-04-05 11:55:15 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\TuneUp Software 2014-04-05 11:55:15 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\Media Center Programs 2014-04-05 11:55:15 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\Genie-Soft 2014-04-05 11:55:15 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Local\Temp 2014-04-05 11:55:15 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Local\Microsoft Help 2014-04-05 11:55:15 -------- d-----w- C:\Users\Yvonne.Lucho-PC\AppData\Local\Microsoft 2014-04-05 11:55:15 -------- d-----r- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-05 11:55:15 -------- d-----r- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-05 11:55:15 -------- d-----r- C:\Users\Yvonne.Lucho-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-04 16:37:29 -------- d-----w- C:\Users\Lucho\AppData\Locallow\DataMngr 2014-04-03 11:28:22 -------- d-----w- C:\Users\Manuel\AppData\Local\Skype 2014-04-01 11:39:50 -------- d-----w- C:\Users\Lucho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2014-04-01 11:38:46 -------- d-----w- C:\Users\Lucho\AppData\Roaming\Popcorn Time 2014-03-27 15:31:47 -------- d-----w- C:\Users\Yvonne\AppData\Local\SearchProtect 2014-03-26 21:21:59 -------- d-----w- C:\Users\Lucho\AppData\Local\SearchProtect 2014-03-19 22:40:25 -------- d-----w- C:\Users\Lucho\AppData\Local\Popcorn-Time 2014-03-18 23:50:58 -------- d-----w- C:\Users\Lucho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-03-15 14:00:22 -------- d-----w- C:\Users\Lucho\AppData\Local\Skype ====== C:\Users\Lucho ====== 2014-04-11 09:54:07 C7613503E8FE311D1DAA9A61E384C1F8 10094400 ----a-w- C:\Users\Yvonne.Lucho-PC\Downloads\HitmanPro.exe 2014-04-11 09:50:25 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Yvonne.Lucho-PC\Downloads\JRT.exe 2014-04-11 09:45:56 04B47DEEB298AE90A0C42DEAED71F8BA 1426178 ----a-w- C:\Users\Yvonne.Lucho-PC\Downloads\adwcleaner.exe 2014-04-10 15:39:18 -------- d-----r- C:\Windows\system32\config\systemprofile\Saved Games 2014-04-10 15:39:18 -------- d-----r- C:\Windows\system32\config\systemprofile\Links 2014-04-10 15:39:16 -------- d-----r- C:\Windows\system32\config\systemprofile\Contacts 2014-04-10 15:39:14 -------- d-----r- C:\Windows\system32\config\systemprofile\Searches 2014-04-10 15:38:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect 2014-04-10 15:38:56 -------- d-----w- C:\ProgramData\ArcSoft 2014-04-10 15:38:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoImpression 6 2014-04-10 05:59:14 -------- d-----r- C:\Windows\system32\config\systemprofile\Desktop 2014-04-07 11:43:02 -------- d-----w- C:\Users\Lucho\.GMapCatcher 2014-04-05 11:56:19 -------- d-----r- C:\Users\Yvonne.Lucho-PC\Searches 2014-04-05 11:56:06 -------- d-----r- C:\Users\Yvonne.Lucho-PC\Contacts 2014-04-05 11:55:16 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Yvonne.Lucho-PC\ntuser.ini 2014-04-05 11:55:15 -------- d--h--w- C:\Users\Yvonne.Lucho-PC\AppData 2014-04-05 11:55:15 -------- d-----r- C:\Users\Yvonne.Lucho-PC\Videos 2014-04-05 11:55:15 -------- d-----r- C:\Users\Yvonne.Lucho-PC\Saved Games 2014-04-05 11:55:15 -------- d-----r- C:\Users\Yvonne.Lucho-PC\Pictures 2014-04-05 11:55:15 -------- d-----r- C:\Users\Yvonne.Lucho-PC\Music 2014-04-05 11:55:15 -------- d-----r- C:\Users\Yvonne.Lucho-PC\Links 2014-04-05 11:55:15 -------- d-----r- C:\Users\Yvonne.Lucho-PC\Favorites 2014-04-05 11:55:15 -------- d-----r- C:\Users\Yvonne.Lucho-PC\Downloads 2014-04-05 11:55:15 -------- d-----r- C:\Users\Yvonne.Lucho-PC\Documents 2014-04-05 11:55:15 -------- d-----r- C:\Users\Yvonne.Lucho-PC\Desktop 2014-04-01 10:09:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-03-28 15:35:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Buzan's iMindMap V3 2014-03-26 21:19:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU Speed Professional 2014-03-24 10:09:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst 2014-03-18 23:50:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR ====== C: exe-files == 2014-04-11 17:10:39 F972DDD19A10F53D74021DDEAC07CCA6 470016 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-04-11 17:10:39 BEA4E0C0BA936E8A3DB24D1A37BF70BE 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-04-11 17:10:38 0667ED9F8E905E1F73DB60ACCEDCBCA7 811728 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-04-10 15:38:25 E72831417985680AAF432610DE880E53 192512 ----a-w- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\AcStBmhE.exe 2014-04-10 15:38:25 D58D8F31AD2078356051ED58CE47295A 100864 ----a-w- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACStart.exe 2014-04-10 15:38:24 ADC420616C501B45D26C0FD3EF1E54E4 113152 ----a-w- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 2014-04-10 15:38:24 A021285655B6C0B2EB6ECDD9CDF45A44 51712 ----a-w- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACRun.exe 2014-04-10 15:38:12 A7810B302294793DE88542AAE177D1B1 207424 ----a-w- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe 2014-04-10 15:37:55 944904845529B7D84E9E6DF73406FBB4 60160 ----a-w- C:\Program Files\ArcSoft\PhotoImpression 6\Modules\SimpleEmail\Sendmail.exe 2014-04-10 15:37:55 1BB52BD6B2F4F75B07AB4C4A334D2050 97024 ----a-w- C:\Program Files\ArcSoft\PhotoImpression 6\Modules\OrderPrintsOnline\Update.exe 2014-04-10 15:37:48 E8D31635B53668D75F01C67275669722 81920 ----a-w- C:\Program Files\ArcSoft\PhotoImpression 6\uTwainPhotoExe.exe 2014-04-10 15:37:48 9EEA978178A634A54CA6B0BC3C1645FC 167936 ----a-w- C:\Program Files\ArcSoft\PhotoImpression 6\PhotoImpression.exe 2014-04-10 15:37:48 4CFFA06DBD22569068F05FD625800F65 81920 ----a-w- C:\Program Files\ArcSoft\PhotoImpression 6\uTwainFilmExe.exe 2014-04-10 15:37:43 9B13717CBE7AD0DB055136BA81E05E2C 35584 ----a-w- C:\Program Files\ArcSoft\PhotoImpression 6\TwainEnum.exe 2014-04-10 15:37:42 AFD801812E74471B8F01AE5391B75AC6 142080 ----a-w- C:\Program Files\ArcSoft\PhotoImpression 6\MediaPlayer.exe 2014-04-10 15:37:42 681202A6A5CDF4CEE504FBC3F3CB48BD 252672 ----a-w- C:\Program Files\ArcSoft\PhotoImpression 6\PhotoViewer.exe 2014-04-10 15:37:42 10FCF11B3AE0AF10E967FABE7476184B 117504 ----a-w- C:\Program Files\ArcSoft\PhotoImpression 6\Monitor.exe 2014-04-10 15:37:40 BD3CD198FA568B11DF62B76245F799D1 43776 ----a-w- C:\Program Files\ArcSoft\PhotoImpression 6\InitMediaLib.exe 2014-04-10 15:37:38 E61D65C33F2ECC93AE0C005DAC76D087 175104 ----a-w- C:\Program Files\InstallShield Installation Information\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}\Setup.exe 2014-04-10 15:37:38 8F1810ECD51F9F6B93A636ABD2525532 154112 ----a-w- C:\Program Files\ArcSoft\PhotoImpression 6\CheckUpdate.exe 2014-04-07 11:43:04 97B2EE2D5CFCBDE8BF93251EEF8C4765 41379 ----a-w- C:\Program Files\GMapCatcher\uninstall.exe === C: other files == 2014-04-10 16:02:59 C004210E88CCFEB3BD52E090160D7A26 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3434078560-3099910706-1965699870-1000\$I6NDRGG.ZIP 2014-04-10 16:02:54 91AFC4C5994F8800763BE88E97955D76 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3434078560-3099910706-1965699870-1000\$I097T53.ZIP 2014-04-10 15:53:14 54AE1CCA18FD9516471277A6EA6A7745 110108710 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3434078560-3099910706-1965699870-1000\$R097T53.ZIP 2014-04-10 15:33:23 5F79934084DF6DC0635578864376CE54 196992 ----a-w- C:\Users\Lucho\Downloads\CMP-FILMSCAN10\CMP-FILMSCAN10\AutoPlay\Driver\64BitDriver\Windows\OVT\OVTScanner\ov550ivx.sys 2014-04-10 15:33:10 1FC8A7E5C3AED31F00940C6AB2FD9B49 580992 ----a-w- C:\Users\Lucho\Downloads\CMP-FILMSCAN10\CMP-FILMSCAN10\AutoPlay\Driver\32BitDriver\System32\Drivers\ov550i.sys 2014-04-10 15:32:22 54AE1CCA18FD9516471277A6EA6A7745 110108710 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3434078560-3099910706-1965699870-1000\$R6NDRGG.ZIP ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3434078560-3099910706-1965699870-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "DivXMediaServer"="C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "WD Drive Unlocker"="C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY" "TAForOE Loader"="C:\Program Files\TextAloud\TAForOELoader.exe /background" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Lucho\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TuneUp.UtilitiesSvc] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "doubleTwist"="\"C:\\Program Files\\doubleTwist 2.0\\doubleTwist.DeviceHelper.exe\"" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" "DivXUpdate"="\"C:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW" "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" ==== Startup Folders ====================== 2011-08-30 18:19:31 1969 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk 2013-10-21 22:13:41 1151 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09-04-2014 12:03] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [01-06-2011 18:51] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [01-06-2011 18:51] C:\Windows\tasks\powersuite_monitor.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-Lucho-PC-Lucho" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\DivX-online actualiseringsprogramma" [C:\Program Files\DivX\DivX Update\DivXUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Java Update Scheduler" [C:\Program Files\Common Files\Java\Java Update\jusched.exe] "C:\Windows\system32\tasks\powersuite_monitor" [C:\Program Files\Uniblue\PowerSuite\powersuite_monitor.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{44889033-452F-46C1-A017-84F4191DA026}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{4A4E1245-B403-4D5E-9F49-AFAC64DC32F3}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{DDBC62F0-1CF2-4841-A981-5432552F40EC}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{EC5D346B-DE36-4E8A-8780-2520C2607BE2}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{4ba57eab-93a9-4b0f-90d4-414773f8ef5c}"="C:\Program Files\TextAloud\TAForFirefox" [22-01-2014 18:11] ==== Firefox Extensions ====================== ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\8tskc468.default - TextAloud 3 Toolbar - C:\Program Files\TextAloud\TAForFirefox ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\ra6uc0p1.default - Undetermined - C:\Program Files\AVG\AVG2012\Firefox4 ProfilePath: C:\Users\Lucho\AppData\Roaming\TomTom\HOME\Profiles\bboz3r16.default - Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com ProfilePath: C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\u0ipe283.default - TextAloud 3 Toolbar - C:\Program Files\TextAloud\TAForFirefox - Undetermined - C:\Users\Lucho\AppData\Roaming\Mozilla\Firefox\Profiles\citutotf.default\extensions\quick_start@gmail.com ProfilePath: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\c4k28osq.default - TextAloud 3 Toolbar - C:\Program Files\TextAloud\TAForFirefox - Visualisateur 3D de 20-20 - %ProfilePath%\extensions\2020Player_IKEA@2020Technologies.com ProfilePath: C:\Users\Yvonne\AppData\Roaming\TomTom\HOME\Profiles\eeqa4epn.default - Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Lucho\AppData\Roaming\Mozilla\Firefox\Profiles\5zz7sru7.default-1393455409765 ABE2E50533899C45DFA03E1D8767648F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll - Shockwave Flash E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update 01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In 0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51 9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin 9D4A0B314CB9CF134CA27E1E0217E51E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 818707BABCB3CAFA08C0A49EBB69DBA1 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in 9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ 8BA469072B5A692B659F856C7E97A230 - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll - NPCIG.dll 28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight 41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3227 folders=395 854199306 bytes) ==== EOF on vr 11-04-2014 at 19:45:15,01 ======================