Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by lucky on zo 04/05/2014 at 12:54:41,16. Microsoft® Windows Vista™ Home Premium 6.0.6001 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\lucky\Downloads\zoek (1).exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-05-03-074753.log 55162 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Flash Player 13 ActiveX CCleaner Facebook Video Calling 2.0.0.447 Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) iTunes Java 7 Update 55 Java Auto Updater Junk Mail filter update Malwarebytes Anti-Malware versie 2.0.1.1004 Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Skype Click to Call SkypeT 6.3 SweetPacks bundle uninstaller TuneUp Utilities 2013 TuneUp Utilities Language Pack (nl-NL) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update Manager for SweetPacks 1.1 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\lucky\Downloads\zoek (1).exe C:\Program Files\Microsoft Games\Hearts\Hearts.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files\TuneUp Utilities 2013 not found C:\ProgramData\BrowserProtect not found C:\Program Files\DealPly not found "C:\Windows\Installer\d4970d.msi" not found "C:\Windows\Installer\d49707.msi" not found "C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 1 (Build 6001) Memory (RAM): 1014 MB CPU Info: Genuine Intel(R) CPU T2300 @ 1.66GHz CPU Speed: 1661,1 MHz Sound Card: Hoofdtelefoon (High Definition | Apparaat voor digitale uitvoer | Display Adapters: Mobile Intel(R) 945GM Express Chipset Controller 0 (Microsoft Corporation - WDDM) | Mobile Intel(R) 945GM Express Chipset Controller 0 (Microsoft Corporation - WDDM) | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: Atheros AR5007UG Wireless Network Adapter | Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0) CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GSA-T10N Ports: COM3 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 93,2GB | D: 18,6GB Hard Disks - Free: C: 44,5GB | D: 13,5GB Manufacturer *: Phoenix Technologies LTD BIOS Info: AT/AT COMPATIBLE | 01/15/07 | MEDION - 6040000 Time Zone: West-Europa (standaardtijd) Motherboard *: MEDION WIM2120 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 34.0.1847.131 Internet Explorer version: 7.0.6001.18000 Google Chrome version: 34.0.1847.131 Sun Java version: 1.7.0_55 (32-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\lucky\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-05-04 10:49:00 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\System32\javaws.exe 2014-05-04 10:48:31 B42338F92D3BDADA79B6BE553E72587C 94632 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2014-05-04 10:48:30 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\System32\java.exe 2014-05-04 10:48:30 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-05-04 05:36:46 365FEF29B22F626C5756AC0DEE91C249 231936 ----a-w- C:\Windows\System32\msshsq.dll 2014-05-02 07:19:50 D07E5384D2B4E71F7D49C9F334D69284 18904 ----a-w- C:\Windows\System32\StructuredQuerySchemaTrivial.bin 2014-05-02 07:19:50 4774D83BE60B7F47C612E25D6FE0F010 11776 ----a-w- C:\Windows\System32\msshooks.dll 2014-05-02 07:19:50 1F0DC7DEE80AC47EDC207FAB5ED54DA2 106605 ----a-w- C:\Windows\System32\StructuredQuerySchema.bin 2014-05-02 07:19:49 8F580BCC5296ECC9DC8A649D75BE6BA5 34816 ----a-w- C:\Windows\System32\msscb.dll 2014-05-02 07:19:48 FF424E08EEF0611BBEA407DE6D607EE5 44032 ----a-w- C:\Windows\System32\msstrc.dll 2014-05-02 07:19:48 8C0B9F7E85259315C5E193C6595E71CD 87552 ----a-w- C:\Windows\System32\mssitlb.dll 2014-05-02 07:19:48 8BEAF2B4BCDE405AF7EC46A9E03B2D65 32768 ----a-w- C:\Windows\System32\mssprxy.dll 2014-05-02 07:19:48 89D74683C859B7982056D15938BACA3E 754176 ----a-w- C:\Windows\System32\propsys.dll 2014-05-02 07:19:48 87889A983C015080FA813D7E32910D1E 87552 ----a-w- C:\Windows\System32\SearchFilterHost.exe 2014-05-02 07:19:48 86A80569CA85612331755482D15BAEBA 71680 ----a-w- C:\Windows\System32\propdefs.dll 2014-05-02 07:19:48 7AA568ABE5EEFA5AE1BB43ECDD8D68AE 313344 ----a-w- C:\Windows\System32\thawbrkr.dll 2014-05-02 07:19:48 234CB691FBA69E8C1BE489A341586252 301568 ----a-w- C:\Windows\System32\srchadmin.dll 2014-05-02 07:19:48 0744891152ADD1A1675DA31E248A91FE 143872 ----a-w- C:\Windows\System32\korwbrkr.dll 2014-05-02 07:19:46 F1AA467825079B05D590D475432B4066 60416 ----a-w- C:\Windows\System32\msscntrs.dll 2014-05-02 07:19:46 E713A2BC4A348FF87A18BBEBE670B3CC 136704 ----a-w- C:\Windows\System32\nlhtml.dll 2014-05-02 07:19:46 E0AD35C7525ACB85E11ADB8FDBBED009 1671680 ----a-w- C:\Windows\System32\chsbrkr.dll 2014-05-02 07:19:46 C1B7AB03AC2F3C990A40BC2E18E02CF1 11967524 ----a-w- C:\Windows\System32\korwbrkr.lex 2014-05-02 07:19:46 6FE7B01528C54CF06A5F706FBAA5E41F 194560 ----a-w- C:\Windows\System32\offfilt.dll 2014-05-02 07:19:46 58FF5B0E7546E2D2334B5C2D29D1ACB4 38400 ----a-w- C:\Windows\System32\rtffilt.dll 2014-05-02 07:19:46 439F040603EC7E07ED47C1C37FEC4FCE 56320 ----a-w- C:\Windows\System32\xmlfilter.dll 2014-05-02 07:19:46 41A100BD1E2D6A4BE838CB97C833A024 29184 ----a-w- C:\Windows\System32\wsepno.dll 2014-05-02 07:19:46 1647E2E832AFD0B20E2DE0F43A067ACB 40448 ----a-w- C:\Windows\System32\mimefilt.dll 2014-05-02 07:19:45 E65C5F612400B39D7AA83E7057D798C2 1418240 ----a-w- C:\Windows\System32\mssrch.dll 2014-05-02 07:19:45 CD5D53DFE552074D5553E1089961EA6F 350208 ----a-w- C:\Windows\System32\mssph.dll 2014-05-02 07:19:45 C4894B3B448B647BEDC9E916D181BDBE 184832 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2014-05-02 07:19:45 AC32DC4D4552151D6842B678D52EB9B7 670208 ----a-w- C:\Windows\System32\mssvp.dll 2014-05-02 07:19:45 7778BDFA3F6F6FBA0E75B9594098F737 439808 ----a-w- C:\Windows\System32\SearchIndexer.exe 2014-05-02 07:19:45 444FCF9203D285ABEC4B6350704469A0 203776 ----a-w- C:\Windows\System32\mssphtb.dll 2014-05-02 07:19:45 11207151949652C0A93CDA84D82DE303 6103040 ----a-w- C:\Windows\System32\chtbrkr.dll 2014-05-02 07:19:45 0CBD1906F74BEB539FCEF6493095B933 1582592 ----a-w- C:\Windows\System32\tquery.dll 2014-05-02 07:13:07 065A1EE855BC6A3546E98DC4C2085D39 80896 ----a-w- C:\Windows\System32\MSNP.ax 2014-05-02 07:13:01 A6E278C31CD0AFEAF22E1FA35472CD19 293376 ----a-w- C:\Windows\System32\psisdecd.dll 2014-05-02 07:13:00 BB9A3A08CB2D4AFE1947323F890EEFD9 217088 ----a-w- C:\Windows\System32\psisrndr.ax 2014-05-02 06:44:50 DFF617498211FBB3D8D3FCC51A37B777 99176 ----a-w- C:\Windows\System32\PresentationHostProxy.dll 2014-05-02 06:44:50 302964DCAC79D618CC7B72C778DA9FD2 295264 ----a-w- C:\Windows\System32\PresentationHost.exe 2014-05-02 06:44:49 FA4B5940B31853ADE67A73026884C8C9 1130824 ----a-w- C:\Windows\System32\dfshim.dll 2014-05-02 06:44:49 15515AE1540B4EE2B75DF63FC15129DF 49472 ----a-w- C:\Windows\System32\netfxperf.dll 2014-05-02 06:44:49 128DD9AF8640DBCC711940903C8B554F 297808 ----a-w- C:\Windows\System32\mscoree.dll 2014-05-02 05:56:24 3FA837E3C30334BA8CA5EEB2B375D50C 2048 ----a-w- C:\Windows\System32\winrsmgr.dll 2014-05-02 05:53:34 9A626BF1143410771075503B2AB3F564 12800 ----a-w- C:\Windows\System32\wsmprovhost.exe 2014-05-02 05:53:34 2662DBEAD02082F1AB671E550B56E920 20480 ----a-w- C:\Windows\System32\winrshost.exe 2014-05-02 05:53:34 12C7EAF8A0EF6DE0066AAB801DCA021F 40448 ----a-w- C:\Windows\System32\winrs.exe 2014-05-02 05:53:29 D80AAE1CDAFAC1E0ADEDC7D312EF61D0 10240 ----a-w- C:\Windows\System32\wsmplpxy.dll 2014-05-02 05:53:29 19CFA2BAEE7FA471786897A0113B52D9 10240 ----a-w- C:\Windows\System32\winrssrv.dll 2014-05-02 05:53:24 F7D20026623E7136730FC42E25CBD2E6 56320 ----a-w- C:\Windows\System32\wecapi.dll 2014-05-02 05:53:24 D595A88D377366F93AFAEA20B8764A50 81408 ----a-w- C:\Windows\System32\wevtfwd.dll 2014-05-02 05:53:24 B48DB26FF92EA10802DDA092E4B44872 79872 ----a-w- C:\Windows\System32\wecutil.exe 2014-05-02 05:53:24 AE3736E7E8892241C23E4EBBB7453B60 146944 ----a-w- C:\Windows\System32\wecsvc.dll 2014-05-02 05:53:24 1311171CF8F6D2954441EF2A42693035 54272 ----a-w- C:\Windows\System32\WsmRes.dll 2014-05-02 05:53:23 9E07A84FF9532B3DE8886A84F28EEB99 41472 ----a-w- C:\Windows\System32\pwrshplugin.dll 2014-05-02 05:53:08 F6D48AE1F578493D2E19DD644B153976 201184 ----a-w- C:\Windows\System32\winrm.vbs 2014-05-02 05:53:08 B2EDF82825D979928AE07CBE9C7A2160 2426 ----a-w- C:\Windows\System32\WsmTxt.xsl 2014-05-02 05:53:08 3C436603213561E2E7DD3D4459DBB7D4 4675 ----a-w- C:\Windows\System32\wsmanconfig_schema.xml 2014-05-02 05:52:57 DE21E8012F3946A647C9B38A636EE9EC 145408 ----a-w- C:\Windows\System32\WsmAuto.dll 2014-05-02 05:52:57 D1C18ACA47C53DA18FAD42C8FB9D6BE3 241152 ----a-w- C:\Windows\System32\winrscmd.dll 2014-05-02 05:52:57 148DB2E11E0A44FEB053250303BA02DD 214016 ----a-w- C:\Windows\System32\WsmWmiPl.dll 2014-05-02 05:52:56 6D106AB92DDE6B605A74E13147039CA6 246272 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe 2014-05-02 05:52:56 6B57C7A878B176E6D95200CEF19DDEEC 252416 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll 2014-05-02 05:52:54 7CFE68BDC065E55AA5E8421607037511 1181696 ----a-w- C:\Windows\System32\WsmSvc.dll 2014-05-01 07:12:17 801027F97983D22AB6F177C658F70C02 10626560 ----a-w- C:\Windows\System32\wmp.dll 2014-05-01 07:12:13 0C47181269A2E16AEDD0FF4B6DBCFBA9 8147456 ----a-w- C:\Windows\System32\wmploc.DLL 2014-05-01 07:11:54 1925E63C91CF1610AE41BFD539062079 125952 ----a-w- C:\Windows\System32\srvsvc.dll 2014-05-01 07:11:53 3D083BB9F3F1461B209AD26DC5255D77 17920 ----a-w- C:\Windows\System32\netevent.dll 2014-05-01 07:11:35 A23E4692716C25E5AEA300ED74E73A1C 501760 ----a-w- C:\Windows\System32\usp10.dll 2014-05-01 07:11:31 AE1CE06514A11F92ED9AA3EE1361D00B 72704 ----a-w- C:\Windows\System32\fontsub.dll 2014-05-01 07:11:31 A3B29010868195E0DEB45DB33C369DBB 34304 ----a-w- C:\Windows\System32\atmlib.dll 2014-05-01 07:11:31 0F21CE32F5F52E50BC6358BD46D0CFCA 292864 ----a-w- C:\Windows\System32\atmfd.dll 2014-05-01 07:11:26 CABE68B4AD2FEC8C18E18F73303EB26F 409600 ----a-w- C:\Windows\System32\odbc32.dll 2014-05-01 07:11:15 A573338BDCED710795C618EA5FCF48D5 3548048 ----a-w- C:\Windows\System32\ntoskrnl.exe 2014-05-01 07:11:15 89D0E06D6165C98E47065722CE703FAD 1205080 ----a-w- C:\Windows\System32\ntdll.dll 2014-05-01 07:11:14 950C425C9E1FA4DDEC8A6B7915E3D892 3600272 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2014-05-01 07:11:12 F2DC1CE3A91C87E7995500E989A5D2F1 1161728 ----a-w- C:\Windows\System32\mfc42u.dll 2014-05-01 07:11:12 6D564D355D1AB55E6C52D985ECD01C7B 1136640 ----a-w- C:\Windows\System32\mfc42.dll 2014-05-01 07:11:06 0BA29E7DAF836AB1D9AA69164DC78560 81920 ----a-w- C:\Windows\System32\iccvid.dll 2014-05-01 07:11:02 3E4822FBFAFE39E0DDD47159AA0966B6 15360 ----a-w- C:\Windows\System32\pacerprf.dll 2014-05-01 07:10:54 5AF8EA1556A06E0C2792BA74724E8331 25088 ----a-w- C:\Windows\System32\dnscacheugc.exe 2014-05-01 07:10:54 5665120753FCE7123C4DEACE241EE715 167936 ----a-w- C:\Windows\System32\dnsapi.dll 2014-05-01 07:10:54 4805D9A6D281C7A7DEFD9094DEC6AF7D 86528 ----a-w- C:\Windows\System32\dnsrslvr.dll 2014-05-01 07:10:50 C006588AA4814F367B6A1311D17BBE73 67072 ----a-w- C:\Windows\System32\asycfilt.dll 2014-05-01 07:10:47 AA406846DD60E3A4536DBAAB4037B685 1315840 ----a-w- C:\Windows\System32\ole32.dll 2014-05-01 07:10:44 3665F79026A3F91FBCA63F2C65A09B19 126464 ----a-w- C:\Windows\System32\spoolsv.exe 2014-05-01 07:10:42 ED0F7E497B69B6B0FB375C283E2B44BE 157184 ----a-w- C:\Windows\System32\t2embed.dll 2014-05-01 07:10:37 1AB81DE60826E31BCA3644C34C35006D 2042368 ----a-w- C:\Windows\System32\win32k.sys 2014-05-01 07:10:26 1E3FDB80E40A3CE645F229DFBDFB7694 247808 ----a-w- C:\Windows\System32\shsvcs.dll 2014-05-01 07:10:18 9C8A63AB622C5258C940E6D737C8F374 1169408 ----a-w- C:\Windows\System32\sdclt.exe 2014-05-01 07:10:06 B0419A01A95D3FACEBC4A30D42CF624A 317952 ----a-w- C:\Windows\System32\MP4SDECD.DLL 2014-05-01 07:10:03 DCB288183CF77605110944232C6A2665 512000 ----a-w- C:\Windows\System32\jscript.dll 2014-05-01 07:10:03 D5F28DF4C4100B233D7F5C708673696D 430080 ----a-w- C:\Windows\System32\vbscript.dll 2014-05-01 07:09:59 FA6BD25A5A65A6FF5BE4385098E3BDEF 563200 ----a-w- C:\Windows\System32\oleaut32.dll 2014-05-01 07:09:57 E6B6C46C7A4139CA00B8968957569FC6 954752 ----a-w- C:\Windows\System32\mfc40.dll 2014-05-01 07:09:57 13D0F7769927B74782CB59D8CCEF9E10 954288 ----a-w- C:\Windows\System32\mfc40u.dll 2014-05-01 07:09:54 5DEE866BB87A161C33B273408CCEDA93 36352 ----a-w- C:\Windows\System32\rtutils.dll 2014-05-01 07:09:48 77DE4C45589BBDDEB108B215682EC333 28672 ----a-w- C:\Windows\System32\Apphlpdm.dll 2014-05-01 07:09:47 4FB0D7237080269A903C4A17A369C1E9 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll 2014-05-01 07:09:40 6544320E7BABB601E9D95A1FEFE7FC49 866816 ----a-w- C:\Windows\System32\wmpmde.dll 2014-05-01 07:09:38 E80A99C3FD3FC7C7D967A3436D7541C2 429056 ----a-w- C:\Windows\System32\EncDec.dll 2014-05-01 07:09:38 CE05C641CE38A64D3BBFD6D206A19B8A 153088 ----a-w- C:\Windows\System32\sbeio.dll 2014-05-01 07:09:38 6B146CD17160355F5F7DADAEF9ED1266 323072 ----a-w- C:\Windows\System32\sbe.dll 2014-05-01 07:09:38 31C41BC0E9951D929CA1BB95882427FB 177664 ----a-w- C:\Windows\System32\mpg2splt.ax 2014-05-01 07:09:31 7BEDF1C8A7A2ABB84B044134AAA0D1BB 1314816 ----a-w- C:\Windows\System32\quartz.dll 2014-05-01 07:09:24 048B65EC931A39A5F42016BE04775274 11582464 ----a-w- C:\Windows\System32\shell32.dll 2014-05-01 07:09:23 44338CAB70F1DB264D2F3F9F86A5D281 351744 ----a-w- C:\Windows\System32\shlwapi.dll 2014-05-01 07:09:18 7B587B8A6D4A99F79D2902D0385F29BD 603648 ----a-w- C:\Windows\System32\schedsvc.dll 2014-05-01 07:09:17 F315E8A8517EBFA13ECD16011FB0A03B 357376 ----a-w- C:\Windows\System32\taskschd.dll 2014-05-01 07:09:17 EAFB5897AC9CD84890171AC38862320F 171520 ----a-w- C:\Windows\System32\taskeng.exe 2014-05-01 07:09:17 B8F5F3C5D15D62943414AA6BF5E7B781 345088 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2014-05-01 07:09:16 E3923280E0D6E8A98925BA36E835CC73 270336 ----a-w- C:\Windows\System32\taskcomp.dll 2014-05-01 07:09:12 D4E26869D0BC72FB6C186926B899E3ED 738816 ----a-w- C:\Windows\System32\inetcomm.dll 2014-05-01 07:09:10 9ECCC9E958F2B116F26774DA178F522C 81920 ----a-w- C:\Windows\System32\consent.exe 2014-05-01 07:09:07 12A4E29C7F0C1B1E89541830FD0E52F1 1257472 ----a-w- C:\Windows\System32\msxml3.dll 2014-05-01 07:09:04 FD1965AAA112C6818A30AB02742D0461 125952 ----a-w- C:\Windows\System32\wersvc.dll 2014-05-01 07:09:04 C282D25118D0F0605CDA33A9173E1296 147456 ----a-w- C:\Windows\System32\Faultrep.dll 2014-05-01 07:09:01 70B1A86DF0C8EAD17D2BC332EDAE2C7C 565248 ----a-w- C:\Windows\System32\emdmgmt.dll 2014-05-01 07:09:00 E4C2A84BC3ED47DA2958614DD3E1D181 45056 ----a-w- C:\Windows\System32\dataclen.dll 2014-05-01 07:09:00 99D8D5AF1826A4CB454B865223540449 36864 ----a-w- C:\Windows\System32\cdd.dll 2014-05-01 07:08:54 8256A6D9F7E25520C032227FCF88A4E3 2048 ----a-w- C:\Windows\System32\tzres.dll 2014-05-01 07:08:14 F825B8CEC8523C7542C2E397D31DB292 90112 ----a-w- C:\Windows\System32\wshext.dll 2014-05-01 07:08:14 549FA98184D34DA75D84F9914BE2DEFB 155648 ----a-w- C:\Windows\System32\wscript.exe 2014-05-01 07:08:14 0F627B71A47665C68EBADFEACEFE771B 135168 ----a-w- C:\Windows\System32\wshom.ocx 2014-05-01 07:08:13 D0F82B8B2FDD0ACECA4B1CB2765B9965 135168 ----a-w- C:\Windows\System32\cscript.exe 2014-05-01 07:08:13 C5DD137AA113619E69679385A43AE87D 180224 ----a-w- C:\Windows\System32\scrobj.dll 2014-05-01 07:08:13 83433ECFB05E44AB1529004CCA561FE9 172032 ----a-w- C:\Windows\System32\scrrun.dll 2014-05-01 07:08:10 306835D4E74E49A5D10F0FCA0B422EB1 890368 ----a-w- C:\Windows\System32\kernel32.dll 2014-05-01 07:08:07 F42F8855CB5C22E203C6672B124F17FD 375808 ----a-w- C:\Windows\System32\winsrv.dll 2014-05-01 07:08:07 A8838BAFFC18781990CF7D7BB9678715 49152 ----a-w- C:\Windows\System32\csrsrv.dll 2014-05-01 07:08:02 BD49A818455C1EA5448BDECAAD81886F 2067456 ----a-w- C:\Windows\System32\mstscax.dll 2014-05-01 07:08:01 E2CB68BCF229FB3EC2C9EF6C22F3049C 677888 ----a-w- C:\Windows\System32\mstsc.exe 2014-05-01 06:46:56 457366B876CEAB9E92DDF976B8520CB6 531968 ----a-w- C:\Windows\System32\comctl32.dll 2014-05-01 06:46:49 9D3F546DC4FF84A078CF5EDEADD14478 6078464 ----a-w- C:\Windows\System32\ieframe.dll 2014-05-01 06:46:49 91217B082D0B628BF59C4C4ED8C6F245 146432 ----a-w- C:\Windows\System32\occache.dll 2014-05-01 06:46:49 8A8FE8E055D1493603E3E9CE3DE45F97 3587584 ----a-w- C:\Windows\System32\mshtml.dll 2014-05-01 06:46:48 D8A977C50C8EECD0B15F52DFF71C7F25 467456 ----a-w- C:\Windows\System32\msfeeds.dll 2014-05-01 06:46:48 7079877D59D128E9AB45F5370C0B4AD2 833024 ----a-w- C:\Windows\System32\wininet.dll 2014-05-01 06:46:48 1242F9B2E985EF32A25D70B5135277AF 1174528 ----a-w- C:\Windows\System32\urlmon.dll 2014-05-01 06:46:47 F170A5617B43171F9164E295366C24E9 389632 ----a-w- C:\Windows\System32\html.iec 2014-05-01 06:46:47 EE011BAAED3D7629771D3B9F3B4523AB 193024 ----a-w- C:\Windows\System32\iepeers.dll 2014-05-01 06:46:47 E6E62AE584FB43928506F1AFDB81160D 26624 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-05-01 06:46:47 B840C8C88818ECB31518DD7560B1B09F 230400 ----a-w- C:\Windows\System32\ieaksie.dll 2014-05-01 06:46:47 97DA2D989017C33B0A09E7F187A35004 270848 ----a-w- C:\Windows\System32\iertutil.dll 2014-05-01 06:46:47 87799E83F8271E539FC4940CC475593D 476672 ----a-w- C:\Windows\System32\mshtmled.dll 2014-05-01 06:46:47 58B842022E40AC45FDAEE022D1DD0D4B 380928 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-05-01 06:46:47 3E5E9142321339E4FB972A6BDB226FF3 1383424 ----a-w- C:\Windows\System32\mshtml.tlb 2014-05-01 06:46:47 243A215C975E13DEB37279C31812B521 78336 ----a-w- C:\Windows\System32\ieencode.dll 2014-05-01 06:46:47 12DCA8E0D14FECA2B37D53E1E18DB43C 671232 ----a-w- C:\Windows\System32\mstime.dll 2014-05-01 06:46:47 04DB05543DF13C6E01CF631DD17A545D 28160 ----a-w- C:\Windows\System32\jsproxy.dll 2014-05-01 06:46:47 03C75CC000CD0C6BF3EE2D931AD9D968 389120 ----a-w- C:\Windows\System32\iedkcs32.dll 2014-05-01 06:46:15 6528EE11EFA77F8C8B1C6EAD401F907F 276992 ----a-w- C:\Windows\System32\schannel.dll ====== C:\Windows\system32\drivers ===== 2014-05-01 07:11:22 8153396D5551276227FA146900F734E6 69632 ----a-w- C:\Windows\System32\drivers\bowser.sys 2014-05-01 07:11:20 A3E9FA213F443AC77C7746119D13FEEC 75264 ----a-w- C:\Windows\System32\drivers\dfsc.sys 2014-05-01 07:11:02 BFEF604508A0ED1EAE2A73E872555FFB 72192 ----a-w- C:\Windows\System32\drivers\pacer.sys 2014-05-01 07:11:00 2252AEF839B1093D16761189F45AF885 304640 ----a-w- C:\Windows\System32\drivers\srv.sys 2014-05-01 07:10:57 6B5FA5ADFACAC9DBBE0991F4566D7D55 213504 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2014-05-01 07:10:57 5C80D8159181C7ABF1B14BA703B01E0B 79360 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2014-05-01 07:10:56 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 105984 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2014-05-01 07:10:34 48EB99503533C27AC6135648E5474457 273408 ----a-w- C:\Windows\System32\drivers\afd.sys 2014-05-01 07:10:08 B7FF59408034119476B00A81BB53D5D1 146432 ----a-w- C:\Windows\System32\drivers\srv2.sys 2014-05-01 07:10:08 2ACCC9B12AF02030F531E6CCA6F8B76E 102400 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2014-05-01 07:09:00 85F33880B8CFB554BD3D9CCDB486845A 625152 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-05-01 07:09:00 3C21CE48FF529BB73DADB98770B54025 148480 ----a-w- C:\Windows\System32\drivers\nwifi.sys 2014-05-01 07:07:56 782568AB6A43160A159B6215B70BCCE9 898952 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-04-18 07:32:14 661B911FA04E73FB073FF9B1C9BD2E05 107736 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-04-18 07:31:42 351E390DD5D257EAFF6E74A3C7239A5D 51416 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-04-18 07:31:42 2BB23932978D623D3D395AEAB1825BF1 73432 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-04-18 07:31:42 0C6EA0109CFEDF441F06D031E9A8D1A9 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-05-04 10:49:25 -------- d-----w- C:\Program Files\Common Files\Java 2014-05-04 10:47:12 -------- d-----w- C:\Program Files\Java 2014-05-02 07:07:12 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\lucky\AppData\Roaming ====== 2014-05-04 10:44:57 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Locallow\Sun 2014-05-03 07:35:22 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-05-03 07:35:22 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-05-03 07:35:22 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-05-03 07:35:22 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-05-03 07:35:21 -------- d-----w- C:\Users\lucky\AppData\Local\Temp 2014-04-22 07:57:15 -------- d-s---w- C:\Windows\serviceprofiles\Localservice\AppData\Locallow\Microsoft 2014-04-22 07:56:59 BEA07E6D2B8DCE396FE21BAA61B34956 6 --sha-w- C:\Windows\serviceprofiles\Localservice\AppData\Locallow\desktop.ini ====== C:\Users\lucky ====== 2014-05-04 10:52:33 -------- d-----w- C:\ProgramData\Oracle 2014-05-04 10:48:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-04 10:42:22 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\Users\lucky\Downloads\chromeinstall-7u55 (1).exe 2014-05-04 10:41:17 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\Users\lucky\Downloads\chromeinstall-7u55.exe 2014-05-02 07:02:06 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\lucky\Downloads\RSIT (1).exe 2014-04-30 17:15:47 -------- d-----w- C:\ProgramData\WindowsSearch 2014-04-30 13:11:00 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\lucky\Downloads\RSIT.exe 2014-04-27 12:28:04 55BC08E32879A3DE7386A2695D668304 4745984 ----a-w- C:\Users\lucky\Downloads\ccsetup413.exe ====== C: exe-files == 2014-05-04 10:49:00 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\System32\javaws.exe 2014-05-04 10:48:30 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\System32\java.exe 2014-05-04 10:48:30 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-05-04 10:47:49 FB67D8F555AA8E847DC6D7BFFF69C1C1 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe 2014-05-04 10:47:49 B1CE4931FCA0E9D6493F18440A492472 49576 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe 2014-05-04 10:47:49 829199AE07062FE066CCD037190B4D04 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe 2014-05-04 10:47:49 7151FDB921CC188833E69690E969616A 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe 2014-05-04 10:47:49 67E721D8CA3F26695C2836870FF395E0 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe 2014-05-04 10:47:49 3B8C2991462B84868BB04C67E197CFC1 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe 2014-05-04 10:47:49 21190A2C683911E97E6484632F0A11AF 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe 2014-05-04 10:47:48 E788AC8198E99F9DA268A35719462DEF 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe 2014-05-04 10:47:48 CA8C3C3510377A38A0FD0386B1C8700D 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe 2014-05-04 10:47:48 B863FBED45DA51498B42DEAE76006D94 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe 2014-05-04 10:47:48 5F32AD07982BE93452A755CE94F130BA 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe 2014-05-04 10:47:48 3DAA029309C13F0A8DFB839372A3E8D3 16296 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe 2014-05-04 10:47:48 0F298580559EE0929C572CFEB99B5AAA 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe 2014-05-04 10:47:47 77430E8234A0050ECCC5E2F5B30A7BEF 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe 2014-05-04 10:47:46 C38B939945B2357D56B105C8F8FE7C45 52648 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe 2014-05-04 10:47:32 FBC892A1196A03F695F112A5EDE032DC 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe 2014-05-04 10:47:32 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Program Files\Java\jre7\bin\java.exe 2014-05-04 10:47:32 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe 2014-05-04 10:47:32 58B60ED489B1EDFA2BCDCAAF90B5EDD8 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe 2014-05-04 10:47:32 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe 2014-05-04 10:47:32 00F5108D91D768CA9D4ABC5E5053F50F 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe 2014-05-04 10:46:10 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\lucky\AppData\LocalLow\Sun\Java\jre1.7.0_55\lzma.exe 2014-05-04 10:42:22 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\Users\lucky\Downloads\chromeinstall-7u55 (1).exe 2014-05-04 10:41:17 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\Users\lucky\Downloads\chromeinstall-7u55.exe 2014-05-02 07:19:48 87889A983C015080FA813D7E32910D1E 87552 ----a-w- C:\Windows\System32\SearchFilterHost.exe 2014-05-02 07:19:45 C4894B3B448B647BEDC9E916D181BDBE 184832 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2014-05-02 07:19:45 7778BDFA3F6F6FBA0E75B9594098F737 439808 ----a-w- C:\Windows\System32\SearchIndexer.exe 2014-05-02 07:13:01 8C759FB3511A556BFE1D3418CF88584E 173056 ----a-w- C:\Windows\ehome\McrMgr.exe 2014-05-02 07:13:01 7C44DE5861030C4D2000409430895446 253952 ----a-w- C:\Windows\ehome\ehvid.exe 2014-05-02 07:07:18 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\lucky.exe 2014-05-02 07:02:06 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\lucky\Downloads\RSIT (1).exe 2014-05-02 06:44:50 302964DCAC79D618CC7B72C778DA9FD2 295264 ----a-w- C:\Windows\System32\PresentationHost.exe 2014-05-02 05:53:34 9A626BF1143410771075503B2AB3F564 12800 ----a-w- C:\Windows\System32\wsmprovhost.exe 2014-05-02 05:53:34 2662DBEAD02082F1AB671E550B56E920 20480 ----a-w- C:\Windows\System32\winrshost.exe 2014-05-02 05:53:34 12C7EAF8A0EF6DE0066AAB801DCA021F 40448 ----a-w- C:\Windows\System32\winrs.exe 2014-05-02 05:53:24 B48DB26FF92EA10802DDA092E4B44872 79872 ----a-w- C:\Windows\System32\wecutil.exe 2014-05-02 05:53:23 DF4217DDB34A0B73DC7AAC7829371C0C 448000 ----a-w- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 2014-05-02 05:53:23 36B6F71B6D7D280302B348145DB05A9F 204800 ----a-w- C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe 2014-05-02 05:52:56 6D106AB92DDE6B605A74E13147039CA6 246272 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe 2014-05-01 07:12:14 B5D2610D34142F287DF13130665F0B94 168960 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2014-05-01 07:11:37 61F47F05D5811A50EA298FF061803C2E 515584 ----a-w- C:\Program Files\Windows Mail\wab.exe 2014-05-01 07:11:37 48AD8051301CA6755338F3355BCB86C2 66048 ----a-w- C:\Program Files\Windows Mail\wabmig.exe 2014-05-01 07:11:15 A573338BDCED710795C618EA5FCF48D5 3548048 ----a-w- C:\Windows\System32\ntoskrnl.exe 2014-05-01 07:11:14 950C425C9E1FA4DDEC8A6B7915E3D892 3600272 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2014-05-01 07:10:54 5AF8EA1556A06E0C2792BA74724E8331 25088 ----a-w- C:\Windows\System32\dnscacheugc.exe 2014-05-01 07:10:47 5704ECC0DA5D08E814B897E91BC16556 339968 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe 2014-05-01 07:10:44 3665F79026A3F91FBCA63F2C65A09B19 126464 ----a-w- C:\Windows\System32\spoolsv.exe 2014-05-01 07:10:18 9C8A63AB622C5258C940E6D737C8F374 1169408 ----a-w- C:\Windows\System32\sdclt.exe 2014-05-01 07:10:10 EC519C56AF56AFB128EC1E04747AC867 150016 ----a-w- C:\Program Files\Movie Maker\MOVIEMK.exe 2014-05-01 07:09:17 EAFB5897AC9CD84890171AC38862320F 171520 ----a-w- C:\Windows\System32\taskeng.exe 2014-05-01 07:09:10 9ECCC9E958F2B116F26774DA178F522C 81920 ----a-w- C:\Windows\System32\consent.exe 2014-05-01 07:08:14 549FA98184D34DA75D84F9914BE2DEFB 155648 ----a-w- C:\Windows\System32\wscript.exe 2014-05-01 07:08:13 D0F82B8B2FDD0ACECA4B1CB2765B9965 135168 ----a-w- C:\Windows\System32\cscript.exe 2014-05-01 07:08:01 E2CB68BCF229FB3EC2C9EF6C22F3049C 677888 ----a-w- C:\Windows\System32\mstsc.exe 2014-05-01 06:46:47 E6E62AE584FB43928506F1AFDB81160D 26624 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-05-01 06:46:47 02FF22F3AF0108DA2A563ABC9867049F 634648 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-04-30 13:11:00 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\lucky\Downloads\RSIT.exe 2014-04-30 04:51:13 79CACA103DA5AB8EBED082503615CD37 1119448 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.131\34.0.1847.131_34.0.1847.116_chrome_updater.exe 2014-04-27 12:28:04 55BC08E32879A3DE7386A2695D668304 4745984 ----a-w- C:\Users\lucky\Downloads\ccsetup413.exe === C: other files == 2014-05-04 10:47:50 D95F1D4129F0CB2F7626CDCBAC2F512B 18636 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip 2014-05-02 05:53:08 F6D48AE1F578493D2E19DD644B153976 201184 ----a-w- C:\Windows\System32\winrm.vbs 2014-05-01 07:11:22 8153396D5551276227FA146900F734E6 69632 ----a-w- C:\Windows\System32\drivers\bowser.sys 2014-05-01 07:11:20 A3E9FA213F443AC77C7746119D13FEEC 75264 ----a-w- C:\Windows\System32\drivers\dfsc.sys 2014-05-01 07:11:02 BFEF604508A0ED1EAE2A73E872555FFB 72192 ----a-w- C:\Windows\System32\drivers\pacer.sys 2014-05-01 07:11:00 2252AEF839B1093D16761189F45AF885 304640 ----a-w- C:\Windows\System32\drivers\srv.sys 2014-05-01 07:10:57 6B5FA5ADFACAC9DBBE0991F4566D7D55 213504 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2014-05-01 07:10:57 5C80D8159181C7ABF1B14BA703B01E0B 79360 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2014-05-01 07:10:56 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 105984 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2014-05-01 07:10:37 1AB81DE60826E31BCA3644C34C35006D 2042368 ----a-w- C:\Windows\System32\win32k.sys 2014-05-01 07:10:34 48EB99503533C27AC6135648E5474457 273408 ----a-w- C:\Windows\System32\drivers\afd.sys 2014-05-01 07:10:08 B7FF59408034119476B00A81BB53D5D1 146432 ----a-w- C:\Windows\System32\drivers\srv2.sys 2014-05-01 07:10:08 2ACCC9B12AF02030F531E6CCA6F8B76E 102400 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2014-05-01 07:09:00 85F33880B8CFB554BD3D9CCDB486845A 625152 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-05-01 07:09:00 3C21CE48FF529BB73DADB98770B54025 148480 ----a-w- C:\Windows\System32\drivers\nwifi.sys 2014-05-01 07:07:56 782568AB6A43160A159B6215B70BCCE9 898952 ----a-w- C:\Windows\System32\drivers\tcpip.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-515218178-1156182028-4208866919-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Facebook Update"="C:\Users\lucky\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Facebook Update"="C:\Users\lucky\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/04/2014 11:48] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-515218178-1156182028-4208866919-1000Core.job --a------ C:\Users\lucky\AppData\Local\Facebook\Update\FacebookUpdate.exe [30/10/2012 11:19] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-515218178-1156182028-4208866919-1000UA.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/10/2011 19:58] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-515218178-1156182028-4208866919-1000Core" [C:\Users\lucky\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-515218178-1156182028-4208866919-1000UA" [C:\Users\lucky\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [30/12/2011 09:25] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[22/11/2012 11:30] Google Wallet - lucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {105E99FF-8B9A-4492-B155-06194B9056D2} Bing Url="http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=010613&q={searchTerms}&src=IE-SearchBox" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_nlBE454" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6EF34C0188ECFA43B48A4BE9C00748E deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B6EF34C0188ECFA43B48A4BE9C00748E deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\lucky\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\lucky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUJ0YCW6 will be deleted at reboot C:\Users\lucky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\lucky\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2674 folders=183 246020669 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\lucky\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\lucky\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\lucky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\lucky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUJ0YCW6" not found ==== EOF on zo 04/05/2014 at 13:14:05,97 ======================