Zoek.exe v5.0.0.0 Updated 31-08-2014 Tool run by Kevin on ma 01/09/2014 at 9:22:39,52. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kevin\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-08-28-131911.log 53483 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\WUDFHost.exe C:\Windows\Explorer.EXE C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Kevin\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_USERS\S-1-5-21-3630730252-1380453509-1967557004-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Pokki"=- [HKEY_USERS\S-1-5-21-3630730252-1380453509-1967557004-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Pokki"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Pokki"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Pokki"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ApnUpdater"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ApnUpdater"=- ==== Deleting Files \ Folders ====================== C:\Users\Kevin\AppData\Local\Pokki not found C:\Program Files\Ask.com not found C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\rc5w9jsr.default-1352063216321\extensions\discoverypro@discoverypro.com deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601) Memory (RAM): 3072 MB CPU Info: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz CPU Speed: 2498,7 MHz Sound Card: Luidsprekers (High Definition A | Digitale audio (S/PDIF) (High D | Luidsprekers (High Definition A | Display Adapters: NVIDIA GeForce G100 | NVIDIA GeForce G100 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: NVIDIA nForce 10/100/1000 Mbps Ethernet CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GH40F Ports: COM1 LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 342,1GB | D: 341,9GB Hard Disks - Free: C: 144,7GB | D: 341,8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 02/26/09 | ACRSYS - 20090226 Time Zone: Romance (standaardtijd) Motherboard *: ACER MCP73VE Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Firefox 31.0 Internet Explorer Version: 11.0.9600.17239 Mozilla Firefox version: 31.0 (x86 nl) Google Chrome version: 36.0.1985.143 Adobe Reader version: 11.0.8.4 Sun Java version: 1.7.0_67 (32-bit) Flash Player version: 14.0.0.145 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Kevin\AppData\Local\Temp ==== ====== Java Cache ===== 2014-09-01 07:20:16 E8C80BF60938EE72EE77AB866EA40E2B 282048 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-13c53120 2014-09-01 07:20:14 0B23B3044AE9E02DCE26DB4D5E007252 848 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-6927a775 2014-09-01 07:20:15 0B23B3044AE9E02DCE26DB4D5E007252 848 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-21e7f5ec 2014-09-01 07:20:15 FA0D1B4E1579239686E5C1267F2B969A 445 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-e2e4c8970372d2fb4193a7ef29d16f6c3f08527947fcb9208b3a0e48820369fd-6.0.lap ====== C:\Windows\system32 ===== 2014-09-01 07:19:17 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\System32\javaws.exe 2014-09-01 07:19:07 49E203776C2ACB289385168A9058EE9E 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2014-09-01 07:19:07 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-09-01 07:19:07 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\System32\java.exe 2014-08-27 17:59:59 DBF9369D554A229DB0D554BB95A4B0AA 305152 ----a-w- C:\Windows\System32\gdi32.dll 2014-08-27 17:59:59 7DA17C38F8B8F2E89F52C1A08FD447EB 2352640 ----a-w- C:\Windows\System32\win32k.sys 2014-08-20 21:05:27 AF6655214DEBB2C8446DE843A02AAEBA 99480 ----a-w- C:\Windows\System32\infocardapi.dll 2014-08-20 21:05:22 370FC4421ADE62FC89AC93B345570388 8856 ----a-w- C:\Windows\System32\icardres.dll 2014-08-20 21:05:14 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\System32\icardagt.exe 2014-08-20 21:05:08 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe 2014-08-20 20:24:02 C9059EF0C94C55C0DA9CACEE160A5F66 654336 ----a-w- C:\Windows\System32\rpcrt4.dll 2014-08-20 20:24:01 5860EE5C807CB3866551B845123493C6 107520 ----a-w- C:\Windows\System32\cdd.dll 2014-08-20 20:23:56 FEE3E022B00A5165ED645E38C1E6C776 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-08-20 20:23:56 87C2B5010779DF6BE4732751C5DB5D64 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-08-20 20:23:56 7B051C4A70F23A84A09366999FE63CBD 307384 ----a-w- C:\Windows\System32\iedkcs32.dll 2014-08-20 20:23:56 6D017C0E499443ACDE3D9B5DCD753F32 1169920 ----a-w- C:\Windows\System32\urlmon.dll 2014-08-20 20:23:56 478824EC0BCE9968C0DC787164B1753B 32768 ----a-w- C:\Windows\System32\iernonce.dll 2014-08-20 20:23:56 41A3A54603686FD437FA4E8EB95025F9 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-08-20 20:23:56 3BB3D5D1CACD68BE8F7A16CCB3AADA93 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-08-20 20:23:56 36B67392AFB8901CC442EA988AD4603D 43008 ----a-w- C:\Windows\System32\jsproxy.dll 2014-08-20 20:23:56 004DFEA0B7AE3F8F438CD2D8C643DAEE 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-08-20 20:23:55 E9B28B60C0272E2E1E462E6FB38E6B55 367104 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-08-20 20:23:55 E8D46F442AB53A52BDBB3EA0C51BDABD 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-08-20 20:23:55 1A05CFA45B6AEBFCCC835DCF68CBD1D0 526336 ----a-w- C:\Windows\System32\msfeeds.dll 2014-08-20 20:23:54 E70C00791A18866BB23B3A652E3390A0 2001920 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-08-20 20:23:54 B91AA3BC8083E66925FAE29FDA485CEA 164864 ----a-w- C:\Windows\System32\msrating.dll 2014-08-20 20:23:53 7EFBB7A3C664A8DF93C9937DF76760A4 663040 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-08-20 20:23:53 4D0E91438CE181AF94C653B3BBE3C65A 61952 ----a-w- C:\Windows\System32\iesetup.dll 2014-08-20 20:23:52 D7D412D3436CFB85B383CDD3C9B455F0 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-08-20 20:23:52 B945BAA81B4805AD6BDDF4D026DCFB47 1792512 ----a-w- C:\Windows\System32\wininet.dll 2014-08-20 20:23:52 9D16B568E318F49535AD72539C9997C2 455168 ----a-w- C:\Windows\System32\vbscript.dll 2014-08-20 20:23:52 18A3154606E3F8945956948A4E708007 704512 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-08-20 20:23:51 F48A1A114382AB4EF8000E1943E6CF1F 438784 ----a-w- C:\Windows\System32\ieui.dll 2014-08-20 20:23:51 239575F9EA0D227516843EEE8B7342CA 239616 ----a-w- C:\Windows\System32\dxtrans.dll 2014-08-20 20:23:50 90FF511B751A0327D07C4073760F1578 11772928 ----a-w- C:\Windows\System32\ieframe.dll 2014-08-20 20:23:49 49FFD37673BD20279A8BF27CC20040B3 1068032 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-08-20 20:23:49 444EB30B1610A35FC99D62A91B2BCAA7 69632 ----a-w- C:\Windows\System32\mshtmled.dll 2014-08-20 20:23:49 272420427EB96EA052C719AA796C09F2 61952 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-08-20 20:23:48 FF4A917DD7C387BD2715A5F67307FED1 2184704 ----a-w- C:\Windows\System32\iertutil.dll 2014-08-20 20:23:47 24FA5F74D3B4BA62539DF87285BA934E 597504 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-08-20 20:23:46 8453DDF167CE2986AA4AB04BC6824925 17524224 ----a-w- C:\Windows\System32\mshtml.dll 2014-08-20 20:23:46 7C1BFC2ABE297BCA1A7BA77A8292C088 4204032 ----a-w- C:\Windows\System32\jscript9.dll 2014-08-20 20:23:30 D08819FEE0CDB8A8A58E2B34D05E7A11 2048 ----a-w- C:\Windows\System32\tzres.dll 2014-08-20 20:23:21 C212A43AA83A717AD38505F23ACDCB33 2363392 ----a-w- C:\Windows\System32\msi.dll 2014-08-20 20:23:20 43CD23B65CBF04D6F8ACA984B0EF93FE 1805824 ----a-w- C:\Windows\System32\authui.dll 2014-08-20 20:23:19 CADC4CFE957C24984FFA718AB7E4EF3C 101824 ----a-w- C:\Windows\System32\consent.exe 2014-08-20 20:23:19 9DA1CCDBBF8136AC2383C2624CA8CD14 337408 ----a-w- C:\Windows\System32\msihnd.dll 2014-08-20 20:20:54 D14DF403FF550F6B1F4702CD2F288ABD 412160 ----a-w- C:\Windows\System32\aepdu.dll 2014-08-20 20:20:53 C4675C2734716F56FCA370CF1183457F 302592 ----a-w- C:\Windows\System32\aeinv.dll 2014-08-20 20:20:51 386BF6FD9FC562B1A5558C49E1C3A6FB 12874240 ----a-w- C:\Windows\System32\shell32.dll ====== C:\Windows\system32\drivers ===== 2014-08-20 20:24:01 3583A5A8CC2E682BFFBD4630D0FEC08B 730048 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-08-20 20:24:01 0EC652D17AB4607745FB4E6958E8FAB6 219072 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-09-01 07:19:35 -------- d-----w- C:\Program Files\Common Files\Java 2014-09-01 07:18:57 -------- d-----w- C:\Program Files\Java 2014-08-25 19:10:53 -------- d-----w- C:\Program Files\trend micro 2014-08-25 16:15:02 -------- d-----w- C:\Program Files\HD Tune ======= C: ===== ====== C:\Users\Kevin\AppData\Roaming ====== 2014-09-01 07:20:28 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Oracle 2014-08-28 13:03:08 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-08-28 13:03:07 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\Temp 2014-08-28 13:03:07 -------- d-----w- C:\Users\Kevin\AppData\Local\Temp 2014-08-28 13:03:07 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-08-28 13:03:07 -------- d-----w- C:\Users\Default User\AppData\Local\Temp ====== C:\Users\Kevin ====== 2014-09-01 07:19:43 -------- d-----w- C:\ProgramData\Oracle 2014-09-01 07:19:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-01 07:06:47 80B857683F79FD39875240E8E882F204 918952 ----a-w- C:\Users\Kevin\Downloads\jxpiinstall(2).exe 2014-08-27 18:01:51 8DE9F588DFB1641F2C0EA05BD4B60605 218 ----a-w- C:\Users\Kevin\.recently-used.xbel 2014-08-25 19:07:46 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Kevin\Downloads\RSIT.exe 2014-08-25 16:15:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune 2014-08-25 16:14:35 088812A121E0A9CEB40CE9C808C8A90C 642632 ----a-w- C:\Users\Kevin\Downloads\hdtune_255.exe 2014-08-23 09:28:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-08-23 09:24:47 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Kevin\Downloads\spsetup126.exe 2014-08-23 09:24:34 2DE3DEEC7180188539377B182C5A149B 141480 ----a-w- C:\Users\Kevin\Downloads\bluescreenview_setup(1).exe ====== C: exe-files == 2014-09-01 07:19:17 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\System32\javaws.exe 2014-09-01 07:19:07 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-09-01 07:19:07 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\System32\java.exe 2014-09-01 07:19:01 CEEFA72555A8FAD52C29BA17AE3E6DEF 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe 2014-09-01 07:19:01 A6B7A388547C4CDF4D8F2AF55D79AC85 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe 2014-09-01 07:19:01 8B986C008892DB58928BC72483ADF7B9 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe 2014-09-01 07:19:01 7BDCC29DDFBB355761A018A74D4A1E8C 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe 2014-09-01 07:19:01 7A17013ABD895DFBD61A5AF9996D0E5E 50088 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe 2014-09-01 07:19:01 48442596BFEB26E56898A0E4D2596A95 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe 2014-09-01 07:19:01 34CEC403ED594B55D55DED61A3A53DAF 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe 2014-09-01 07:19:00 F67D9621616CB31217A497FEDE4913F5 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe 2014-09-01 07:19:00 C3F55C9B02A22EC0B345E20AE9AE9B71 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe 2014-09-01 07:19:00 A788E5ED0454307CBCFB95CC33E5F717 16808 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe 2014-09-01 07:19:00 7ED5C21F9F29B5278FFF39718C667235 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe 2014-09-01 07:19:00 0371CFD6228F89B5B9E20F67807987FE 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe 2014-09-01 07:18:59 EC4C47AADE6606AFCDEAB28E29654ECE 75688 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe 2014-09-01 07:18:59 BF918C9473D64BBD53C22C47045883F5 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe 2014-09-01 07:18:59 8B657BA869AE7D3C6A29792C986E0DD5 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe 2014-09-01 07:18:59 7DC9A0127F850997B4CFD9923C680D7D 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe 2014-09-01 07:18:59 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe 2014-09-01 07:18:59 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe 2014-09-01 07:18:58 F69D8BDC202973592D710BC913D01919 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe 2014-09-01 07:18:58 C8883F91C31CAC40890AC8B668E05F61 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe 2014-09-01 07:18:58 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Program Files\Java\jre7\bin\java.exe 2014-09-01 07:17:50 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\jre1.7.0_67\lzma.exe 2014-09-01 07:06:47 80B857683F79FD39875240E8E882F204 918952 ----a-w- C:\Users\Kevin\Downloads\jxpiinstall(2).exe 2014-08-25 19:10:53 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Kevin.exe 2014-08-25 19:07:46 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Kevin\Downloads\RSIT.exe 2014-08-25 16:15:02 F8FC2D14DF813CC920A39B3CB7E59CBC 401408 ----a-w- C:\Program Files\HD Tune\HDTune.exe 2014-08-25 16:15:02 CEFC20D14D9940D53505E9B9769139E7 682266 ----a-w- C:\Program Files\HD Tune\unins000.exe 2014-08-25 16:14:35 088812A121E0A9CEB40CE9C808C8A90C 642632 ----a-w- C:\Users\Kevin\Downloads\hdtune_255.exe === C: other files == 2014-09-01 07:19:01 F3EABF8A2AF5C0D8BAE022EE6C17FD91 18650 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip 2014-08-27 17:59:59 7DA17C38F8B8F2E89F52C1A08FD447EB 2352640 ----a-w- C:\Windows\System32\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "Communicator"="C:\Program Files\Microsoft Lync\communicator.exe /fromrunkey" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup" "NVRaidService"="C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe" "Aimersoft Helper Compact.exe"="C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==== Startup Folders ====================== 2012-11-04 19:28:50 1274 ----a-w- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [23/10/2012 10:27] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [23/10/2012 10:27] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [29/07/2014 22:26] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\rc5w9jsr.default-1352063216321 14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67 0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1 005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update 893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In 0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin D7EFF0B98C370E03D7E2593399D9B669 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision 75A1232EAC640B782CDD2132B5271AA8 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION 3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery 8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[20/07/2014 09:10] YouTube - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Chrome In-App Payments service - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/", "urls_to_restore_on_startup": [ "http://www.google.com/" ] C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/", "urls_to_restore_on_startup": [ "http://www.google.com/" ] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== HijackThis Entries ====================== O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Invoegtoepassing voor Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll O9 - Extra 'Tools' menuitem: Invoegtoepassing voor Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ==== Empty IE Cache ====================== C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\rc5w9jsr.default-1352063216321\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3537 folders=144 162823326 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Kevin\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Kevin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 01/09/2014 at 9:55:35,89 ======================