Zoek.exe v5.0.0.0 Updated 27-08-2014 Tool run by Kevin on do 28/08/2014 at 14:40:17,25. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kevin\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 28/08/2014 14:43:35 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Aimersoft deleted successfully C:\Program Files\SiteFinder deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\xml_param deleted successfully C:\Users\Kevin\AppData\Roaming\SimilarSites deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3630730252-1380453509-1967557004-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-3630730252-1380453509-1967557004-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-3630730252-1380453509-1967557004-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9857D485-ACBB-4404-8BA9-073D49BA4006} deleted successfully HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3630730252-1380453509-1967557004-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully ==== Installed Programs ====================== Acer Updater Adobe Flash Player 14 ActiveX Adobe Flash Player 14 Plugin Adobe Reader XI (11.0.08) - Nederlands Ask Toolbar Ask Toolbar Updater Audacity 2.0.3 avast Free Antivirus Belgium e-ID middleware 4.0.4 (build 7251) Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dropbox GeoGebra 4.4 Google Chrome Google Update Helper Griffith 0.13.1 HandBrake 0.9.8 HD Tune 2.55 Java 7 Update 65 Java Auto Updater Kruidvat Fotoservice Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Application Error Reporting Microsoft Lync 2010 Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server VSS Writer Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Movie Maker Mozilla Firefox 31.0 (x86 nl) Mozilla Maintenance Service MSVCRT MSVCRT110 NirSoft BlueScreenView NVIDIA-configuratiescherm 311.06 NVIDIA 3D Vision controllerstuurprogramma 306.97 NVIDIA 3D Vision stuurprogramma 311.06 NVIDIA Display Control Panel NVIDIA Drivers NVIDIA ForceWare Network Access Manager NVIDIA Grafisch stuurprogramma 311.06 NVIDIA Install Application NVIDIA MediaShield NVIDIA PhysX NVIDIA PhysX systeemsoftware 9.12.0604 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components Ogg Codecs 0.81.15562 Orban/Coding Technologies AAC/aacPlus Player PluginT 1.0 Photo Common Photo Gallery Pokki Secure Download Manager Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Speccy Sql Server Customer Experience Improvement Program Stuurprogrammapakket voor Windows - Fedict SmartCard (10/04/2011 4.0.0.5) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition VLC media player 2.1.3 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack yEd Graph Editor 3.10 ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Users\Kevin\AppData\Local\Pokki\Engine\pokki.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Users\Kevin\AppData\Local\Pokki\Engine\pokki.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Users\Kevin\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Users\Kevin\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\Ask deleted C:\Users\Kevin\AppData\Local\APN deleted C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki deleted C:\Users\Kevin\AppData\LocalLow\AskToolbar deleted C:\Windows\SYSTEM32\TASKS\Scheduled Update for Ask Toolbar deleted C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw.sys deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted "C:\Users\Kevin\AppData\Local\Pokki\analytics.db" deleted "C:\Users\Kevin\AppData\Local\Pokki\engine_update.db" deleted "C:\Users\Kevin\AppData\Local\Pokki\notifications.db" deleted "C:\Users\Kevin\AppData\Local\Pokki\ocdeskband_0.dll" deleted "C:\Program Files\Ask.com\Updater\Updater.exe" deleted "C:\Program Files\Ask.com\Updater\Updater.exe" deleted "C:\Users\Kevin\AppData\Local\Pokki\Engine\avcodec-54.dll" deleted "C:\Users\Kevin\AppData\Local\Pokki\Engine\avformat-54.dll" deleted "C:\Users\Kevin\AppData\Local\Pokki\Engine\avutil-51.dll" deleted "C:\Users\Kevin\AppData\Local\Pokki\Engine\chrome_100_percent.pak" deleted "C:\Users\Kevin\AppData\Local\Pokki\Engine\en-US.pak" deleted "C:\Users\Kevin\AppData\Local\Pokki\Engine\icudt.dll" deleted "C:\Users\Kevin\AppData\Local\Pokki\Engine\libPokki.dll" deleted "C:\Users\Kevin\AppData\Local\Pokki\Engine\pokki.exe" deleted "C:\Users\Kevin\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll" deleted "C:\Users\Kevin\AppData\Local\Pokki\Engine\resources.pak" deleted "C:\Users\Kevin\AppData\Local\Pokki\Pokkies\installed_pokkies.db" not deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\lockfile" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\Cookies" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\Network Action Predictor" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\Visited Links" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3-websheet\Cookies" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3-websheet\Network Action Predictor" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default\Cookies" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default\Network Action Predictor" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default\Shortcuts" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\Cookies" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\Network Action Predictor" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\Visited Links" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1-websheet\Cookies" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1-websheet\Network Action Predictor" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\Cookies" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\Network Action Predictor" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\QuotaManager" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\QuotaManager-journal" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\Visited Links" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications-websheet\Cookies" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications-websheet\Network Action Predictor" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\Cache\data_0" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\Cache\data_1" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\Cache\data_2" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\Cache\data_3" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\Cache\index" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\Extension State\000339.log" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\Extension State\LOCK" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\Extension State\MANIFEST-000338" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\User StyleSheets\Custom.css" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3-websheet\Cache\data_0" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3-websheet\Cache\data_1" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3-websheet\Cache\data_2" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3-websheet\Cache\data_3" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3-websheet\Cache\index" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3-websheet\Extension State\000339.log" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3-websheet\Extension State\LOCK" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3-websheet\Extension State\MANIFEST-000338" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default\Cache\data_0" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default\Cache\data_1" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default\Cache\data_2" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default\Cache\data_3" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default\Cache\index" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default\Extension State\000343.log" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default\Extension State\LOCK" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default\Extension State\MANIFEST-000342" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\Cache\data_0" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\Cache\data_1" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\Cache\data_2" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\Cache\data_3" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\Cache\index" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\Extension State\000339.log" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\Extension State\LOCK" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\Extension State\MANIFEST-000338" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\User StyleSheets\Custom.css" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1-websheet\Cache\data_0" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1-websheet\Cache\data_1" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1-websheet\Cache\data_2" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1-websheet\Cache\data_3" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1-websheet\Cache\index" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1-websheet\Extension State\000339.log" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1-websheet\Extension State\LOCK" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1-websheet\Extension State\MANIFEST-000338" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\Cache\data_0" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\Cache\data_1" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\Cache\data_2" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\Cache\data_3" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\Cache\index" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\databases\Databases.db" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\Extension State\000339.log" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\Extension State\LOCK" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\Extension State\MANIFEST-000338" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\User StyleSheets\Custom.css" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\databases\file__0\1" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications-websheet\Cache\data_0" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications-websheet\Cache\data_1" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications-websheet\Cache\data_2" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications-websheet\Cache\data_3" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications-websheet\Cache\index" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications-websheet\Extension State\000339.log" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications-websheet\Extension State\LOCK" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications-websheet\Extension State\MANIFEST-000338" deleted "C:\Program Files\Ask.com" deleted "C:\Program Files\Ask.com" deleted "C:\Users\Kevin\AppData\Local\Pokki" not deleted "C:\Program Files\Ask.com\Updater" deleted "C:\Program Files\Ask.com\Updater" deleted "C:\Users\Kevin\AppData\Local\Pokki\Engine" deleted "C:\Users\Kevin\AppData\Local\Pokki\Pokkies" not deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3-websheet" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1-websheet" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications-websheet" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\Cache" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\Extension State" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3\User StyleSheets" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3-websheet\Cache" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\149b46d4a102c0304583931ceaa3f0bf19785ee3-websheet\Extension State" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default\Cache" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\Default\Extension State" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\Cache" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\Extension State" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1\User StyleSheets" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1-websheet\Cache" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\f22abfeae27a67446927d078890381efc546d3e1-websheet\Extension State" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\Cache" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\databases" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\Extension State" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\User StyleSheets" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications\databases\file__0" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications-websheet\Cache" deleted "C:\Users\Kevin\AppData\Local\Pokki\UserData\notifications-websheet\Extension State" deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601) Memory (RAM): 3072 MB CPU Info: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz CPU Speed: 2512,2 MHz Sound Card: Luidsprekers (High Definition A | Digitale audio (S/PDIF) (High D | Luidsprekers (High Definition A | Display Adapters: NVIDIA GeForce G100 | NVIDIA GeForce G100 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: NVIDIA nForce 10/100/1000 Mbps Ethernet CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GH40F Ports: COM1 LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 342,1GB | D: 341,9GB Hard Disks - Free: C: 140,6GB | D: 341,8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 02/26/09 | ACRSYS - 20090226 Time Zone: Romance (standaardtijd) Motherboard *: ACER MCP73VE Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Firefox 31.0 Internet Explorer Version: 11.0.9600.17239 Mozilla Firefox version: 31.0 (x86 nl) Google Chrome version: 36.0.1985.143 Adobe Reader version: 11.0.8.4 Sun Java version: 1.7.0_65 (32-bit) Flash Player version: 14.0.0.145 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Kevin\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-08-27 17:59:59 DBF9369D554A229DB0D554BB95A4B0AA 305152 ----a-w- C:\Windows\System32\gdi32.dll 2014-08-27 17:59:59 7DA17C38F8B8F2E89F52C1A08FD447EB 2352640 ----a-w- C:\Windows\System32\win32k.sys 2014-08-20 21:05:27 AF6655214DEBB2C8446DE843A02AAEBA 99480 ----a-w- C:\Windows\System32\infocardapi.dll 2014-08-20 21:05:22 370FC4421ADE62FC89AC93B345570388 8856 ----a-w- C:\Windows\System32\icardres.dll 2014-08-20 21:05:14 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\System32\icardagt.exe 2014-08-20 21:05:08 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe 2014-08-20 20:24:02 C9059EF0C94C55C0DA9CACEE160A5F66 654336 ----a-w- C:\Windows\System32\rpcrt4.dll 2014-08-20 20:24:01 5860EE5C807CB3866551B845123493C6 107520 ----a-w- C:\Windows\System32\cdd.dll 2014-08-20 20:23:56 FEE3E022B00A5165ED645E38C1E6C776 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-08-20 20:23:56 87C2B5010779DF6BE4732751C5DB5D64 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-08-20 20:23:56 7B051C4A70F23A84A09366999FE63CBD 307384 ----a-w- C:\Windows\System32\iedkcs32.dll 2014-08-20 20:23:56 6D017C0E499443ACDE3D9B5DCD753F32 1169920 ----a-w- C:\Windows\System32\urlmon.dll 2014-08-20 20:23:56 478824EC0BCE9968C0DC787164B1753B 32768 ----a-w- C:\Windows\System32\iernonce.dll 2014-08-20 20:23:56 41A3A54603686FD437FA4E8EB95025F9 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-08-20 20:23:56 3BB3D5D1CACD68BE8F7A16CCB3AADA93 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-08-20 20:23:56 36B67392AFB8901CC442EA988AD4603D 43008 ----a-w- C:\Windows\System32\jsproxy.dll 2014-08-20 20:23:56 004DFEA0B7AE3F8F438CD2D8C643DAEE 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-08-20 20:23:55 E9B28B60C0272E2E1E462E6FB38E6B55 367104 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-08-20 20:23:55 E8D46F442AB53A52BDBB3EA0C51BDABD 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-08-20 20:23:55 1A05CFA45B6AEBFCCC835DCF68CBD1D0 526336 ----a-w- C:\Windows\System32\msfeeds.dll 2014-08-20 20:23:54 E70C00791A18866BB23B3A652E3390A0 2001920 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-08-20 20:23:54 B91AA3BC8083E66925FAE29FDA485CEA 164864 ----a-w- C:\Windows\System32\msrating.dll 2014-08-20 20:23:53 7EFBB7A3C664A8DF93C9937DF76760A4 663040 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-08-20 20:23:53 4D0E91438CE181AF94C653B3BBE3C65A 61952 ----a-w- C:\Windows\System32\iesetup.dll 2014-08-20 20:23:52 D7D412D3436CFB85B383CDD3C9B455F0 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-08-20 20:23:52 B945BAA81B4805AD6BDDF4D026DCFB47 1792512 ----a-w- C:\Windows\System32\wininet.dll 2014-08-20 20:23:52 9D16B568E318F49535AD72539C9997C2 455168 ----a-w- C:\Windows\System32\vbscript.dll 2014-08-20 20:23:52 18A3154606E3F8945956948A4E708007 704512 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-08-20 20:23:51 F48A1A114382AB4EF8000E1943E6CF1F 438784 ----a-w- C:\Windows\System32\ieui.dll 2014-08-20 20:23:51 239575F9EA0D227516843EEE8B7342CA 239616 ----a-w- C:\Windows\System32\dxtrans.dll 2014-08-20 20:23:50 90FF511B751A0327D07C4073760F1578 11772928 ----a-w- C:\Windows\System32\ieframe.dll 2014-08-20 20:23:49 49FFD37673BD20279A8BF27CC20040B3 1068032 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-08-20 20:23:49 444EB30B1610A35FC99D62A91B2BCAA7 69632 ----a-w- C:\Windows\System32\mshtmled.dll 2014-08-20 20:23:49 272420427EB96EA052C719AA796C09F2 61952 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-08-20 20:23:48 FF4A917DD7C387BD2715A5F67307FED1 2184704 ----a-w- C:\Windows\System32\iertutil.dll 2014-08-20 20:23:47 24FA5F74D3B4BA62539DF87285BA934E 597504 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-08-20 20:23:46 8453DDF167CE2986AA4AB04BC6824925 17524224 ----a-w- C:\Windows\System32\mshtml.dll 2014-08-20 20:23:46 7C1BFC2ABE297BCA1A7BA77A8292C088 4204032 ----a-w- C:\Windows\System32\jscript9.dll 2014-08-20 20:23:30 D08819FEE0CDB8A8A58E2B34D05E7A11 2048 ----a-w- C:\Windows\System32\tzres.dll 2014-08-20 20:23:21 C212A43AA83A717AD38505F23ACDCB33 2363392 ----a-w- C:\Windows\System32\msi.dll 2014-08-20 20:23:20 43CD23B65CBF04D6F8ACA984B0EF93FE 1805824 ----a-w- C:\Windows\System32\authui.dll 2014-08-20 20:23:19 CADC4CFE957C24984FFA718AB7E4EF3C 101824 ----a-w- C:\Windows\System32\consent.exe 2014-08-20 20:23:19 9DA1CCDBBF8136AC2383C2624CA8CD14 337408 ----a-w- C:\Windows\System32\msihnd.dll 2014-08-20 20:20:54 D14DF403FF550F6B1F4702CD2F288ABD 412160 ----a-w- C:\Windows\System32\aepdu.dll 2014-08-20 20:20:53 C4675C2734716F56FCA370CF1183457F 302592 ----a-w- C:\Windows\System32\aeinv.dll 2014-08-20 20:20:51 386BF6FD9FC562B1A5558C49E1C3A6FB 12874240 ----a-w- C:\Windows\System32\shell32.dll ====== C:\Windows\system32\drivers ===== 2014-08-20 20:24:01 3583A5A8CC2E682BFFBD4630D0FEC08B 730048 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-08-20 20:24:01 0EC652D17AB4607745FB4E6958E8FAB6 219072 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-25 19:10:53 -------- d-----w- C:\Program Files\trend micro 2014-08-25 16:15:02 -------- d-----w- C:\Program Files\HD Tune 2014-07-30 09:21:35 -------- d-----w- C:\Program Files\Common Files\Java 2014-07-30 09:20:56 -------- d-----w- C:\Program Files\Java ======= C: ===== ====== C:\Users\Kevin\AppData\Roaming ====== ====== C:\Users\Kevin ====== 2014-08-27 18:01:51 8DE9F588DFB1641F2C0EA05BD4B60605 218 ----a-w- C:\Users\Kevin\.recently-used.xbel 2014-08-25 19:07:46 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Kevin\Downloads\RSIT.exe 2014-08-25 16:15:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune 2014-08-25 16:14:35 088812A121E0A9CEB40CE9C808C8A90C 642632 ----a-w- C:\Users\Kevin\Downloads\hdtune_255.exe 2014-08-23 09:28:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-08-23 09:24:47 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Kevin\Downloads\spsetup126.exe 2014-08-23 09:24:34 2DE3DEEC7180188539377B182C5A149B 141480 ----a-w- C:\Users\Kevin\Downloads\bluescreenview_setup(1).exe 2014-07-30 09:21:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ====== C: exe-files == 2014-08-25 19:10:53 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Kevin.exe 2014-08-25 19:07:46 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Kevin\Downloads\RSIT.exe 2014-08-25 16:15:02 F8FC2D14DF813CC920A39B3CB7E59CBC 401408 ----a-w- C:\Program Files\HD Tune\HDTune.exe 2014-08-25 16:15:02 CEFC20D14D9940D53505E9B9769139E7 682266 ----a-w- C:\Program Files\HD Tune\unins000.exe 2014-08-25 16:14:35 088812A121E0A9CEB40CE9C808C8A90C 642632 ----a-w- C:\Users\Kevin\Downloads\hdtune_255.exe 2014-08-23 09:24:47 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Kevin\Downloads\spsetup126.exe 2014-08-23 09:24:34 2DE3DEEC7180188539377B182C5A149B 141480 ----a-w- C:\Users\Kevin\Downloads\bluescreenview_setup(1).exe 2014-08-21 19:36:09 A31EEE18FD822AB0F976E30AC7595210 39734352 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.143\36.0.1985.143_chrome_installer.exe === C: other files == 2014-08-27 17:59:59 7DA17C38F8B8F2E89F52C1A08FD447EB 2352640 ----a-w- C:\Windows\System32\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3630730252-1380453509-1967557004-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Pokki"="C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "Communicator"="C:\Program Files\Microsoft Lync\communicator.exe /fromrunkey" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ApnUpdater"="C:\Program Files\Ask.com\Updater\Updater.exe" "ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup" "NVRaidService"="C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe" "Aimersoft Helper Compact.exe"="C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Pokki"="C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform" ==== Startup Folders ====================== 2012-11-04 19:28:50 1274 ----a-w- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [23/10/2012 10:27] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [23/10/2012 10:27] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [29/07/2014 22:26] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\rc5w9jsr.default-1352063216321 - Website Discovery Pro - %ProfilePath%\extensions\discoverypro@discoverypro.com AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\rc5w9jsr.default-1352063216321 005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 486DCD78DFB28733BFDD4D4EFEA2FD50 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U65 EE23F610D9353B9217FFEC4B73A27EF5 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.650.20 4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update 893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In 0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin D7EFF0B98C370E03D7E2593399D9B669 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision 75A1232EAC640B782CDD2132B5271AA8 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION 3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery 8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaaojmikegpiepcfdkkjaplodkpfmlo - C:\Users\Kevin\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[20/07/2014 09:10] Ask Toolbar - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo YouTube - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Ask Toolbar - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo Google Docs - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Chrome In-App Payments service - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/", "urls_to_restore_on_startup": [ "http://www.google.com/" ] C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/", "urls_to_restore_on_startup": [ "http://www.google.com/" ] ==== Chrome Fix ====================== C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo deleted successfully C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaojmikegpiepcfdkkjaplodkpfmlo_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaojmikegpiepcfdkkjaplodkpfmlo_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Invoegtoepassing voor Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll O9 - Extra 'Tools' menuitem: Invoegtoepassing voor Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ==== Empty IE Cache ====================== C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Kevin\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kevin\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kevin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\rc5w9jsr.default-1352063216321\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3519 folders=137 162656603 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Kevin\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Kevin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Kevin\AppData\Local\Pokki\Pokkies\installed_pokkies.db" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found "C:\Users\Kevin\AppData\Local\Pokki" not found ==== EOF on do 28/08/2014 at 15:19:11,62 ======================