Zoek.exe v5.0.0.0 Updated 02-June-2014 Tool run by mebec on wo 11-06-2014 at 16:11:49,88. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\mebec\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 11-6-2014 16:14:45 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Citrix deleted successfully C:\Program Files\MemTurbo 4 deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\Users\mebec\AppData\Roaming\Sammsoft deleted successfully C:\Users\mebec\AppData\Local\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1859406639-702596590-2520636958-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23} deleted successfully HKEY_USERS\S-1-5-21-1859406639-702596590-2520636958-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F2183319-A9AF-41A7-AE5D-352EDD9ED8B4} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\SearchIndexer.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Windows\System32\WUDFHost.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wuauclt.exe C:\Users\mebec\Desktop\zoek.exe C:\Windows\system32\conime.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "BrowserMngr Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "BrowserMngrDefaultScope"=- ==== Deleting Files \ Folders ====================== C:\Program Files\Mozilla Firefox\user.js deleted C:\Program Files\Shareaza Applications deleted C:\Program Files\Yahoo! deleted C:\Users\mebec\AppData\Roaming\BrowserCompanion deleted C:\Users\mebec\AppData\Roaming\GetRightToGo deleted C:\Windows\System32\Tasks\DealPlyUpdate deleted C:\Users\mebec\AppData\LocalLow\DataMngr deleted C:\Windows\System32\SET6D8E.tmp deleted C:\Windows\System32\SET9441.tmp deleted C:\Windows\System32\searchplugins deleted C:\Windows\System32\Extensions deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 1022 MB CPU Info: Intel(R) Pentium(R) D CPU 2.80GHz CPU Speed: 2764,6 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: NVIDIA GeForce 8400 GS | NVIDIA GeForce 8400 GS | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; ACER AL1916W | Screen Resolution: 1024 X 768 - 32 bit Network: Network Present Network Adapters: Realtek 8185 Extensible 802.11b/g Wireless Device | Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller CD / DVD Drives: 1x (E: | ) E: LITE-ON DVDRW SHW-160P6S Ports: COM1 | COM2 LPT1 Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 113,2GB | D: 112,9GB Hard Disks - Free: C: 68,6GB | D: 96,8GB Manufacturer *: Phoenix Technologies, LTD BIOS Info: AT/AT COMPATIBLE | 12/19/06 | ACRSYS - 42302e31 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer MRS600M Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Internet Explorer Version: 9.0.8112.16421 Adobe Reader version: 10.1.7.27 Sun Java version: 1.7.0_55 (32-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\mebec\AppData\Local\Temp ==== 2014-06-07 14:18:09 57677B56DBD1D07BE20109ED5C2CD577 1850368 ----a-w- C:\Users\mebec\AppData\Local\temp\06071618-00001378-w7g2r73kpj\dw20shared.msi 2014-06-07 14:18:03 AA2EB5B959B8C0719A2A5B435E6CDC82 53248 ----a-w- C:\Users\mebec\AppData\Local\temp\06071618-00001378-n8agt5l35a\wlremoteclientlang-i386.msi 2014-06-07 14:18:01 1EC34913B32993787E46983A3F9DFF76 37888 ----a-w- C:\Users\mebec\AppData\Local\temp\06071618-00001378-ew7btcpo0l\wlremoteservicelang-i386.msi 2014-06-07 14:17:59 8D9112876329031F42A1BCF476FB5D37 4278272 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-t8ci3xe5wq\PhotoLibraryLang.msi 2014-06-07 14:17:56 35406A4509E8750281B2C0632C23DFFA 5416448 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-bj72gggwsz\writerlang.msi 2014-06-07 14:17:53 D1C58A643A8CF95B8E8F2DA01881E964 69120 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-td6b4wr2bw\UXPlatformLang.msi 2014-06-07 14:17:49 90609FA5EBAF95ED0EFACEAAE278E4A9 1524736 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-3jucts2dtu\WLXSuiteLang.msi 2014-06-07 14:17:47 BFA96F447C1AC451C3FBEB910AFC98D3 1073664 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-ama55ege65\PhotoCommonLang.msi 2014-06-07 14:17:45 DFF5EAD062D14A42D5FF69B5BD4F61C8 5864960 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-4qq1c6x1vt\MessengerLang.msi 2014-06-07 14:17:42 EE6D22BD2D2E45F3CB2A37373B6BE0DE 6219776 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-5jw7udaf9s\MailLang.msi 2014-06-07 14:17:40 470FA875FCF6B66A7EC0C362A49E8BDB 166912 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-umb1lt808g\MovieMakerLang.msi 2014-06-07 14:17:38 0ED1D1113904BE004CA579A1F22E31C7 29696 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-852fdas5h6\writerprodlang.msi 2014-06-07 14:17:36 26D64CA82D9096D03EB4EF06E82D0D58 80384 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-qy3v7mo41y\WindowsLiveSyncLang.msi 2014-06-07 14:17:34 372B8AC2A2A7F1FD169DF548B5A4ADD1 71168 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-agcg42t56i\FSSClientLang_x86.msi 2014-06-07 14:17:32 269AE4E9C2EEECA56C85AA51BC97401A 57344 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-kfztmqn9zb\companion.mui.msi 2014-06-07 14:17:28 14FC74E93DF8BE0E71861CC95F32396B 3454976 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-2nr2j4fxwm\companion.core.msi 2014-06-07 14:17:16 C65BA80302268711530E3AE935E299A0 8979968 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-s6liz2ns6r\FSSClient_Suite_x86.msi 2014-06-07 14:17:05 7BA384F20EF53983C85BB946477AC817 6363136 ----a-w- C:\Users\mebec\AppData\Local\temp\06071617-00001378-yh08i4e643\MeshRuntime.msi 2014-06-07 14:16:57 CB52DD64209A85C1EEB7F2550FD979F9 2480640 ----a-w- C:\Users\mebec\AppData\Local\temp\06071616-00001378-dytr5d1xfl\WLRemoteClient-i386.msi 2014-06-07 14:16:53 5B720025DF207C9510625E86F44BDFE5 6195200 ----a-w- C:\Users\mebec\AppData\Local\temp\06071616-00001378-r7umszakci\WindowsLiveSync.msi 2014-06-07 14:16:36 46D2FF77084C4A39393953A4FEF91FDE 775168 ----a-w- C:\Users\mebec\AppData\Local\temp\06071616-00001378-hzmd759qrj\writerprod.msi 2014-06-07 14:16:29 54854BAC91E616BF8F71184C05AD0355 1819136 ----a-w- C:\Users\mebec\AppData\Local\temp\06071616-00001378-6849ri32qo\SQLServerCE31-EN.msi 2014-06-07 14:16:14 6064694D99DEB4279425C2099425B0B7 34193408 ----a-w- C:\Users\mebec\AppData\Local\temp\06071616-00001378-roi12rsoyu\PhotoLibrary.msi 2014-06-07 14:15:50 B7D4BEEE971D2678A40E8809113D0083 11846656 ----a-w- C:\Users\mebec\AppData\Local\temp\06071615-00001378-81yztklku9\MovieMaker.msi 2014-06-07 14:15:47 09541EFC85C7D64F369688D71F768F41 3664384 ----a-w- C:\Users\mebec\AppData\Local\temp\06071615-00001378-5itoet7fgk\SpamFilterData.msi 2014-06-07 14:15:45 10B41377AB309ECE8C8BA829FFC7F1FC 70144 ----a-w- C:\Users\mebec\AppData\Local\temp\06071615-00001378-ke2vh4lp2k\WLMimeFilter-i386.msi 2014-06-07 14:15:36 2C972DE1E1A1130C5BD834F434A0E28F 13850624 ----a-w- C:\Users\mebec\AppData\Local\temp\06071615-00001378-ktfh30rjoa\Mail.msi 2014-06-07 14:15:29 175C3A569723F93B8D0D37B90EB71698 8313856 ----a-w- C:\Users\mebec\AppData\Local\temp\06071615-00001378-nliieguxnm\Writer.msi 2014-06-07 14:15:23 1C26A77F50BFCA590760BDAC24E84E03 4680704 ----a-w- C:\Users\mebec\AppData\Local\temp\06071615-00001378-w6kaonz07i\crt90.msi 2014-06-07 14:15:18 57677B56DBD1D07BE20109ED5C2CD577 1850368 ----a-w- C:\Users\mebec\AppData\Local\temp\06071615-00001378-an24jd4erk\dw20shared.msi 2014-06-07 14:15:16 58A2CF21B51D41CF1872EE547CF81777 147968 ----a-w- C:\Users\mebec\AppData\Local\temp\06071615-00001378-59n3i71dl9\soxe.definitions.msi 2014-06-07 14:15:09 595975A12B8BBEEB39DDB29833E5C5F6 429056 ----a-w- C:\Users\mebec\AppData\Local\temp\06071615-00001378-tbfzwnrf2z\soxe.core.msi 2014-06-07 14:15:02 BF26EA65E2C3BBB49BB466E7765303C5 4004864 ----a-w- C:\Users\mebec\AppData\Local\temp\06071615-00001378-jdbsl7uvas\Contacts.msi 2014-06-07 14:14:58 328BB3198A56A8C6A039543B232FF503 2310656 ----a-w- C:\Users\mebec\AppData\Local\temp\06071614-00001378-94zwoe6t2o\pimt.msi 2014-06-07 14:14:52 2F23F76A4B497A35499C00B4FC5E1D3B 9433088 ----a-w- C:\Users\mebec\AppData\Local\temp\06071614-00001378-y0uiggn2sb\UXPlatform.msi 2014-06-07 14:14:46 282791611C9DBA51A4425DE58CC8DF27 7710720 ----a-w- C:\Users\mebec\AppData\Local\temp\06071614-00001378-3altrohbha\WLXSuite.msi 2014-06-07 14:14:43 141021890289016535D5D12741A0CBEC 2343936 ----a-w- C:\Users\mebec\AppData\Local\temp\06071614-00001378-5fql0tr4xs\d3dx10-x86.msi 2014-06-07 14:14:41 65F366F46B61E587AF159CF411CDE0EF 939008 ----a-w- C:\Users\mebec\AppData\Local\temp\06071614-00001378-hzulonul8d\SegoeFont.msi 2014-06-07 14:14:33 B702DAE20A021BC244A239A833C3D1FB 8332288 ----a-w- C:\Users\mebec\AppData\Local\temp\06071614-00001378-l80jvp3uty\PhotoCommon.msi 2014-06-07 14:14:21 77F123231DE70036DFB0C080D5078B3C 22647296 ----a-w- C:\Users\mebec\AppData\Local\temp\06071614-00001378-jijq16od4c\Messenger.msi 2014-06-07 14:14:07 B9D48264811438678F2D148A60A95DC7 3614208 ----a-w- C:\Users\mebec\AppData\Local\temp\06071614-00001378-luneuj75il\WLRemoteService-i386.msi 2014-06-05 17:24:52 C9E569480875089A7814C8784144A3AF 20406840 ----a-w- C:\Users\mebec\AppData\Local\temp\Messenger_20.0.0001_2\SkypeSetupFull(6.3.73.105)(Trackable457)trackable.exe 2014-06-05 17:24:13 C9E569480875089A7814C8784144A3AF 20406840 ----a-w- C:\Users\mebec\AppData\Local\temp\Messenger_20.0.0001_1\SkypeSetupFull(6.3.73.105)(Trackable457)trackable.exe 2014-06-05 17:22:43 C9E569480875089A7814C8784144A3AF 20406840 ----a-w- C:\Users\mebec\AppData\Local\temp\Messenger_20.0.0001_0\SkypeSetupFull(6.3.73.105)(Trackable457)trackable.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Users\mebec\AppData\Roaming ====== ====== C:\Users\mebec ====== 2014-06-11 10:36:41 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\mebec\Desktop\RSIT.exe ====== C: exe-files == 2014-06-11 10:37:31 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\mebec.exe 2014-06-11 10:36:41 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\mebec\Desktop\RSIT.exe 2014-06-07 14:30:35 A61A24E28CE5E961941D61C1D342AC39 4748896 ----a-w- C:\Users\mebec\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSJ0DHMH\ccsetup414.exe 2014-06-05 17:24:52 C9E569480875089A7814C8784144A3AF 20406840 ----a-w- C:\Users\mebec\AppData\Local\temp\Messenger_20.0.0001_2\SkypeSetupFull(6.3.73.105)(Trackable457)trackable.exe 2014-06-05 17:24:13 C9E569480875089A7814C8784144A3AF 20406840 ----a-w- C:\Users\mebec\AppData\Local\temp\Messenger_20.0.0001_1\SkypeSetupFull(6.3.73.105)(Trackable457)trackable.exe 2014-06-05 17:22:43 C9E569480875089A7814C8784144A3AF 20406840 ----a-w- C:\Users\mebec\AppData\Local\temp\Messenger_20.0.0001_0\SkypeSetupFull(6.3.73.105)(Trackable457)trackable.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1859406639-702596590-2520636958-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" "RtHDVCpl"="RtHDVCpl.exe" "Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13-05-2014 20:42] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [18-10-2011 21:41] ==== Firefox Extensions ====================== ProfilePath: C:\Users\mebec\AppData\Roaming\Nvu\Profiles\n6088mmy.default - Undetermined - %ProfilePath%\extensions\installed-extensions.txt - Nvu default - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ProfilePath: C:\Users\mebec\AppData\Roaming\Nvu\Profiles\stlejxmu.Standaardgebruiker - Undetermined - %ProfilePath%\extensions\installed-extensions.txt - Nvu default - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bodddioamolcibagionmmobehnbhiakf - C:\Program Files\BrowserCompanion\blabbers-ch.crx[] naipdapbimiiikbbgjcpbgmfhnlbagpj - C:\Users\mebec\AppData\Local\Temp\naipdapbimiiikbbgjcpbgmfhnlbagpj.crx[] Google Docs - mebec\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - mebec\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - mebec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - mebec\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - mebec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - mebec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.mebec.weblinker.nl/" "SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.babylon.com/?affID=115300&tt=120912_ccp_3712_1&babsrc=NT_ss&mntrId=5418a96000000000000000064f47f019" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "SearchMigratedDefaultURL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.mebec.weblinker.nl/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ==== Empty IE Cache ====================== C:\Users\mebec\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\mebec\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\mebec\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\mebec\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=135 folders=22 60052253 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\mebec\AppData\Local\temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\UpdatusUser\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\mebec\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\mebec\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on wo 11-06-2014 at 16:35:54,50 ======================