Zoek.exe v5.0.0.0 Updated 08-September-2014 Tool run by leoroumans on ma 08-09-2014 at 11:30:03,90. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\leoroumans\AppData\Local\Temp\Temp1_zoek (1).zip\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-09-05-080055.log 53142 bytes C:\zoek-results2014-09-06-115049.log 34628 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\WINDOWS\SysWOW64\svchost.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\leoroumans\AppData\Local\Temp\Temp1_zoek (1).zip\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files\McAfee Security Scan not found ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 6011 MB CPU Info: Intel(R) Pentium(R) CPU G645T @ 2.50GHz CPU Speed: 2509,7 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: Qualcomm Atheros AR8152 PCI-E Fast Ethernet-controller (NDIS 6.30) CD / DVD Drives: 1x (E: | ) E: hp DVD A DH16ACSHR Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 921,2GB | D: 8,4GB Hard Disks - Free: C: 863,9GB | D: 1,0GB Manufacturer *: AMI BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: PEGATRON CORPORATION 2AE2 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Internet Explorer Version: 11.0.9600.17239 Google Chrome version: 36.0.1985.143 Adobe Reader version: 11.0.8.4 Sun Java version: 1.7.0_67 (32-bit) Shockwave Player version: 11.6.8r638 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\LEOROU~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2014-09-06 08:24:35 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\WINDOWS\SysWOW64\javaws.exe 2014-09-06 08:24:33 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\WINDOWS\SysWOW64\javaw.exe 2014-09-06 08:24:33 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\WINDOWS\SysWOW64\java.exe 2014-09-06 08:24:33 0F70F4DAF2BC5613EE75C9B2585CE67E 98216 ----a-w- C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-08-28 07:22:30 568D6F1C730EC3A9B381F01020D600DC 4148224 ----a-w- C:\WINDOWS\Sysnative\win32k.sys ====== C:\WINDOWS\Sysnative\drivers ===== 2014-08-13 01:41:31 313DCE665B57000B18CB26C6B6A10DFE 1557848 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2014-08-13 01:40:04 7A1A3F213CDB3363D179D5014272025D 402432 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2014-08-13 01:40:01 674A4702E4E144E8710ED1A2EC6DD049 96768 ----a-w- C:\WINDOWS\Sysnative\drivers\agilevpn.sys 2014-08-13 01:39:59 65ED7B9CFEA893DF7748D5FF692690DE 38912 ----a-w- C:\WINDOWS\Sysnative\drivers\vwifimp.sys 2014-08-13 01:39:56 35BF5C5F5E3C9902C98978C7640574DA 71680 ----a-w- C:\WINDOWS\Sysnative\drivers\vwififlt.sys 2014-08-13 01:38:37 5C42CEE3E2018E1DFC6E3E17240A432A 206848 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys 2014-08-13 01:33:56 FE0ADF5028EB8C1339B66B3AEDE3FEF9 440664 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbport.sys 2014-08-13 01:33:56 D537815E450A149752C15868392AD1F3 110592 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFPf.sys 2014-08-13 01:33:56 93435654DCA210298BA0F986EB51C679 419672 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbhub.sys 2014-08-13 01:33:56 83C9C45D59C72FEFDAE9A5686BE31FEA 467800 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2014-08-13 01:33:56 7CCBBCEE408A5DBE3FE47297DB5A6CFC 227840 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFRd.sys 2014-08-13 01:33:56 48BA326A3DBA5B5BEB5F2777F4618696 89944 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbehci.sys 2014-08-13 01:33:56 25AC0B50A71938890970E1508F107196 2518360 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-08-13 01:33:56 064260B3A5868AC894A4943543BC7AB7 37376 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbuhci.sys 2014-08-13 01:33:55 D79920BE4E6683D3AB50F71457A4F6C6 27480 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbd.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2014-09-06 08:24:38 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\leoroumans\AppData\Roaming ====== 2014-09-06 08:46:16 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp 2014-09-06 08:46:16 -------- d-----w- C:\Users\leoroumans\AppData\Local\Temp 2014-09-06 08:46:16 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-09-06 08:46:16 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-09-06 08:25:43 -------- d-----w- C:\Users\leoroumans\AppData\Roaming\Oracle 2014-09-01 19:51:05 -------- d-----w- C:\Users\leoroumans\AppData\Local\Torch 2014-09-01 19:51:05 -------- d-----w- C:\Users\leoroumans\AppData\Local\Comodo 2014-09-01 19:51:05 -------- d-----w- C:\Users\leoroumans\AppData\Local\Chromatic Browser 2014-09-01 19:51:05 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Torch 2014-09-01 19:51:05 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-09-01 19:51:05 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser 2014-09-01 19:51:05 -------- d-----w- C:\Users\Gast\AppData\Local\Torch 2014-09-01 19:51:05 -------- d-----w- C:\Users\Gast\AppData\Local\Comodo 2014-09-01 19:51:05 -------- d-----w- C:\Users\Gast\AppData\Local\Chromatic Browser 2014-09-01 19:51:05 -------- d-----w- C:\Users\Administrator\AppData\Local\Torch 2014-09-01 19:51:05 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo 2014-09-01 19:51:05 -------- d-----w- C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-09-01 19:51:04 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Google 2014-09-01 19:51:04 -------- d-----w- C:\Users\Gast\AppData\Local\Google 2014-09-01 19:51:04 -------- d-----w- C:\Users\Administrator\AppData\Local\Google ====== C:\Users\leoroumans ====== 2014-09-06 08:25:02 -------- d-----w- C:\ProgramData\Oracle 2014-09-06 08:24:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-06 07:58:02 068014C9EACAD27DD8BC8CAF6BDECB06 918440 ----a-w- C:\Users\leoroumans\Downloads\JavaSetup7u67.com 2014-09-05 21:09:14 FBEE19FCD4244CCD4D8F4E0143FEE84E 683256 ----a-w- C:\Users\leoroumans\Downloads\IncrediMail_TSA3HPVCX.exe 2014-09-01 19:51:06 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol 2014-09-01 19:51:04 -------- d-----w- C:\Users\HomeGroupUser$\AppData 2014-09-01 19:51:04 -------- d-----w- C:\Users\Gast\AppData 2014-09-01 19:51:04 -------- d-----w- C:\Users\Administrator\AppData 2014-09-01 19:50:35 380262714325254772CDA9F22B119AB2 1261296 ----a-w- C:\Users\leoroumans\Downloads\Setup.exe 2014-09-01 19:50:32 EAC26DA6E23238FEB5DB7365893FC857 842608 ----a-w- C:\Users\leoroumans\Downloads\Soesi B - Depressief.mp4.exe ====== C: exe-files == 2014-09-06 08:24:35 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-09-06 08:24:33 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-09-06 08:24:33 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\SysWOW64\java.exe 2014-09-06 08:24:29 CEEFA72555A8FAD52C29BA17AE3E6DEF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\servertool.exe 2014-09-06 08:24:29 A6B7A388547C4CDF4D8F2AF55D79AC85 145832 ----a-w- C:\Program Files (x86)\Java\jre7\bin\unpack200.exe 2014-09-06 08:24:29 8B986C008892DB58928BC72483ADF7B9 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe 2014-09-06 08:24:29 7BDCC29DDFBB355761A018A74D4A1E8C 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe 2014-09-06 08:24:29 7A17013ABD895DFBD61A5AF9996D0E5E 50088 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe 2014-09-06 08:24:29 48442596BFEB26E56898A0E4D2596A95 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\policytool.exe 2014-09-06 08:24:29 34CEC403ED594B55D55DED61A3A53DAF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmid.exe 2014-09-06 08:24:28 F67D9621616CB31217A497FEDE4913F5 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\pack200.exe 2014-09-06 08:24:28 EC4C47AADE6606AFCDEAB28E29654ECE 75688 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe 2014-09-06 08:24:28 C3F55C9B02A22EC0B345E20AE9AE9B71 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\klist.exe 2014-09-06 08:24:28 BF918C9473D64BBD53C22C47045883F5 182696 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jqs.exe 2014-09-06 08:24:28 A788E5ED0454307CBCFB95CC33E5F717 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\orbd.exe 2014-09-06 08:24:28 8B657BA869AE7D3C6A29792C986E0DD5 68008 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javacpl.exe 2014-09-06 08:24:28 7ED5C21F9F29B5278FFF39718C667235 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ktab.exe 2014-09-06 08:24:28 7DC9A0127F850997B4CFD9923C680D7D 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\keytool.exe 2014-09-06 08:24:28 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaw.exe 2014-09-06 08:24:28 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaws.exe 2014-09-06 08:24:28 0371CFD6228F89B5B9E20F67807987FE 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\kinit.exe 2014-09-06 08:24:27 F69D8BDC202973592D710BC913D01919 48040 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe 2014-09-06 08:24:27 C8883F91C31CAC40890AC8B668E05F61 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe 2014-09-06 08:24:27 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java.exe 2014-09-06 08:24:01 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\leoroumans\AppData\LocalLow\Sun\Java\jre1.7.0_67\lzma.exe 2014-09-05 21:09:14 FBEE19FCD4244CCD4D8F4E0143FEE84E 683256 ----a-w- C:\Users\leoroumans\Downloads\IncrediMail_TSA3HPVCX.exe 2014-09-01 19:50:35 380262714325254772CDA9F22B119AB2 1261296 ----a-w- C:\Users\leoroumans\Downloads\Setup.exe 2014-09-01 19:50:32 EAC26DA6E23238FEB5DB7365893FC857 842608 ----a-w- C:\Users\leoroumans\Downloads\Soesi B - Depressief.mp4.exe === C: other files == 2014-09-06 08:24:29 F3EABF8A2AF5C0D8BAE022EE6C17FD91 18650 ----a-w- C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip 2014-09-06 07:58:02 068014C9EACAD27DD8BC8CAF6BDECB06 918440 ----a-w- C:\Users\leoroumans\Downloads\JavaSetup7u67.com ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2640948650-3554147299-374822674-1001\Software\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "Driver Restore"="C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false" "EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE /EPT EPLTarget\P0000000000000000 /M XP-205 207 Series" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer_For_P2G8"="c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "CLVirtualDrive"="c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "Driver Restore"="C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false" "EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE /EPT EPLTarget\P0000000000000000 /M XP-205 207 Series" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Folders ====================== 2013-01-17 13:02:19 1298 ----a-w- C:\Users\leoroumans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk 2012-11-27 18:23:06 2101 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] C:\WINDOWS\tasks\HPCeeScheduleForleoroumans.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13-09-2010 23:15] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\Driver Restore-RTMRules" [C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe] "C:\WINDOWS\SysNative\tasks\Driver Restore-RTMScan" [C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe] "C:\WINDOWS\SysNative\tasks\Driver Restore-RTMUpdater" [C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HPCeeScheduleForleoroumans" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{F074503E-32A1-4C3C-A16B-C0792471D240}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "e-webprint@epson.com"="C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on" [12-11-2013 16:02] ==== Firefox Extensions ====================== ProfilePath: C:\Users\LEOROU~1\AppData\Roaming\TomTom\HOME\Profiles\sd78tyfa.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com ==== Firefox Plugins ====================== ==== Chrome Look ====================== Google Wallet - leoroumans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/", "startup_urls": [ "http://www.google.com/" ], ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPDTDFJS" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [Driver Restore] C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-205 207 Series" O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\leoroumans\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\leoroumans\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1336 folders=238 801090598 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\leoroumans\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\LEOROU~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found ==== EOF on ma 08-09-2014 at 19:03:08,40 ======================