Zoek.exe v5.0.0.0 Updated 21-09-2014 Tool run by strandwege on di 23/09/2014 at 14:49:05,54. Microsoft Windows 7 Home Premium 6.1.7600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\strandwege\Downloads\zoek(3).exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-09-22-071548.log 88116 bytes C:\zoek-results2014-09-22-181422.log 88050 bytes C:\zoek-results2014-09-23-122116.log 31073 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Users\strandwege\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\FDD + FMD Combo Reader\CZFMDksk.exe C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Users\strandwege\Downloads\zoek(3).exe C:\windows\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) (Build 7600) Memory (RAM): 3883 MB CPU Info: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz CPU Speed: 2363.1 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | NVIDIA GeForce 310M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Bluetooth Device (Personal Area Network) | Broadcom 802.11n Network Adapter | Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW TS-U633J Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 179.0GB | D: 266.8GB | Q: 0.0MB Hard Disks - Free: C: 36.5GB | D: 266.7GB | Q: 0.0MB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 12/16/09 | SECCSD - 6222004 Time Zone: Romance (standaardtijd) Motherboard *: SAMSUNG ELECTRONICS CO., LTD. QX310/QX410/QX510/SF310/SF410/SF510 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated) Default Browser: Firefox 32.0.2 Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: 32.0.2 (x86 nl) Adobe Reader version: 11.0.8.4 Sun Java version: 1.7.0_67 (32-bit) Flash Player version: 11.7.700.202 ==== Files Recently Created / Modified ====================== ====== C:\windows ==== ====== C:\Users\STRAND~1\AppData\Local\Temp ==== 2014-09-23 11:45:17 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\strandwege\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpifajdu.dll ====== Java Cache ===== ====== C:\windows\SysWOW64 ===== 2014-09-23 11:50:49 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\windows\SysWOW64\javaws.exe 2014-09-23 11:50:41 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\windows\SysWOW64\javaw.exe 2014-09-23 11:50:41 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\windows\SysWOW64\java.exe 2014-09-23 11:50:41 0F70F4DAF2BC5613EE75C9B2585CE67E 98216 ----a-w- C:\windows\SysWOW64\WindowsAccessBridge-32.dll ====== C:\windows\SysWOW64\drivers ===== ====== C:\windows\Sysnative ===== 2014-09-10 07:08:04 C0B628A6909BB283A07AEC0B785A0D9B 424448 ----a-w- C:\windows\Sysnative\aeinv.dll 2014-09-10 07:08:04 1D8201DB58B6C08A4F64063A0BCD4957 574976 ----a-w- C:\windows\Sysnative\aepdu.dll ====== C:\windows\Sysnative\drivers ===== ====== C:\windows\Tasks ====== ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2014-09-08 09:18:22 -------- d-----w- C:\Program Files\CDBurnerXP ======= C:\PROGRA~2 ===== 2014-09-23 11:51:07 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2014-09-23 11:50:22 -------- d-----w- C:\PROGRA~2\Java ======= C: ===== ====== C:\Users\strandwege\AppData\Roaming ====== 2014-09-23 12:21:16 -------- d-----w- C:\windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-09-23 12:21:16 -------- d-----w- C:\windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-09-23 12:21:16 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp 2014-09-23 12:21:16 -------- d-----w- C:\Users\Public\AppData\Local\temp 2014-09-23 12:21:15 -------- d-----w- C:\Users\Default\AppData\Local\temp 2014-09-23 12:21:15 -------- d-----w- C:\Users\Default User\AppData\Local\temp 2014-09-22 18:10:45 -------- d-----w- C:\Users\strandwege\AppData\Local\Temp 2014-09-13 17:24:56 -------- d-----w- C:\Users\strandwege\AppData\Local\Skype 2014-09-08 09:18:24 -------- d-----w- C:\Users\strandwege\AppData\Roaming\Canneverbe Limited ====== C:\Users\strandwege ====== 2014-09-23 11:53:46 6FA82666782777A65E05B376F0FC981D 244312 ----a-w- C:\Users\strandwege\Downloads\Firefox Setup Stub 32.0.2.exe 2014-09-23 11:51:24 -------- d-----w- C:\ProgramData\Oracle 2014-09-23 11:50:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-23 11:48:20 80B857683F79FD39875240E8E882F204 918952 ----a-w- C:\Users\strandwege\Downloads\jxpiinstall(1).exe 2014-09-23 11:37:18 80B857683F79FD39875240E8E882F204 918952 ----a-w- C:\Users\strandwege\Downloads\jxpiinstall.exe 2014-09-14 10:04:56 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\strandwege\Downloads\RSITx64.exe 2014-09-08 09:18:42 -------- d-----w- C:\ProgramData\Canneverbe Limited ====== C: exe-files == 2014-09-23 11:54:29 FD5E45969B82B83E33CB05B5C9B0E3F2 114288 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe 2014-09-23 11:53:46 6FA82666782777A65E05B376F0FC981D 244312 ----a-w- C:\Users\strandwege\Downloads\Firefox Setup Stub 32.0.2.exe 2014-09-23 11:50:49 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-09-23 11:50:41 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-09-23 11:50:41 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\SysWOW64\java.exe 2014-09-23 11:50:32 A6B7A388547C4CDF4D8F2AF55D79AC85 145832 ----a-w- C:\Program Files (x86)\Java\jre7\bin\unpack200.exe 2014-09-23 11:50:32 8B986C008892DB58928BC72483ADF7B9 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe 2014-09-23 11:50:31 F69D8BDC202973592D710BC913D01919 48040 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe 2014-09-23 11:50:31 F67D9621616CB31217A497FEDE4913F5 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\pack200.exe 2014-09-23 11:50:31 EC4C47AADE6606AFCDEAB28E29654ECE 75688 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe 2014-09-23 11:50:31 CEEFA72555A8FAD52C29BA17AE3E6DEF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\servertool.exe 2014-09-23 11:50:31 C8883F91C31CAC40890AC8B668E05F61 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe 2014-09-23 11:50:31 C3F55C9B02A22EC0B345E20AE9AE9B71 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\klist.exe 2014-09-23 11:50:31 BF918C9473D64BBD53C22C47045883F5 182696 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jqs.exe 2014-09-23 11:50:31 A788E5ED0454307CBCFB95CC33E5F717 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\orbd.exe 2014-09-23 11:50:31 8B657BA869AE7D3C6A29792C986E0DD5 68008 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javacpl.exe 2014-09-23 11:50:31 7ED5C21F9F29B5278FFF39718C667235 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ktab.exe 2014-09-23 11:50:31 7DC9A0127F850997B4CFD9923C680D7D 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\keytool.exe 2014-09-23 11:50:31 7BDCC29DDFBB355761A018A74D4A1E8C 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe 2014-09-23 11:50:31 7A17013ABD895DFBD61A5AF9996D0E5E 50088 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe 2014-09-23 11:50:31 48442596BFEB26E56898A0E4D2596A95 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\policytool.exe 2014-09-23 11:50:31 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaw.exe 2014-09-23 11:50:31 34CEC403ED594B55D55DED61A3A53DAF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmid.exe 2014-09-23 11:50:31 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java.exe 2014-09-23 11:50:31 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaws.exe 2014-09-23 11:50:31 0371CFD6228F89B5B9E20F67807987FE 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\kinit.exe 2014-09-23 11:49:03 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\strandwege\AppData\LocalLow\Sun\Java\jre1.7.0_67\lzma.exe 2014-09-23 11:48:20 80B857683F79FD39875240E8E882F204 918952 ----a-w- C:\Users\strandwege\Downloads\jxpiinstall(1).exe 2014-09-23 11:37:18 80B857683F79FD39875240E8E882F204 918952 ----a-w- C:\Users\strandwege\Downloads\jxpiinstall.exe 2014-09-18 07:54:01 6734F08196F8356C98284F86E8BD897F 415248 ----a-r- C:\ProgramData\NVIDIA\Updatus\Download\62CD\updatus.18892431_RUNASUSER.exe === C: other files == 2014-09-23 11:50:33 F3EABF8A2AF5C0D8BAE022EE6C17FD91 18650 ----a-w- C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3188734110-2836186041-1348834007-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3188734110-2836186041-1348834007-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "CZFMDKsk"="C:\PROGRA~2\FDD_FM~1\CZFMDKsk.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk" "backup"="C:\\windows\\pss\\Bluetooth.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe " "item"="Bluetooth" ==== Startup Folders ====================== 2012-11-17 14:21:20 1059 ----a-w- C:\Users\strandwege\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-01-04 10:38:19 1300 ----a-w- C:\Users\strandwege\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk ==== Other Scheduled Tasks ====================== "C:\windows\SysNative\tasks\advSRS5" ["C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe"] "C:\windows\SysNative\tasks\BatteryLifeExtender" [C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe] "C:\windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\windows\SysNative\tasks\EasyBatteryManager" ["%ProgramFiles(x86)%\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe"] "C:\windows\SysNative\tasks\EasyDisplayMgr" ["C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe"] "C:\windows\SysNative\tasks\EasySpeedUpManager" ["%programfiles(x86)%\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe"] "C:\windows\SysNative\tasks\MovieColorEnhancer" ["C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe"] "C:\windows\SysNative\tasks\SamsungSupportCenter" [%programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe] "C:\windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\windows\SysNative\tasks\SmartRestarter" ["%ProgramFiles%\Samsung\SamsungFastStart\SmartRestarter.exe"] "C:\windows\SysNative\tasks\SRS Premium Sound" [C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe] "C:\windows\SysNative\tasks\SUPBackground" ["%ProgramFiles(x86)%\Samsung\Samsung Update Plus\SUPBackground.exe"] "C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\STRAND~1\AppData\Roaming\Mozilla\Firefox\Profiles\ed8nonsg.default-1346329191492 - Afmelden voor advertentiecookie - %ProfilePath%\extensions\optout@google.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\strandwege\AppData\Roaming\Mozilla\Firefox\Profiles\ed8nonsg.default-1346329191492 7ABE33792F2787D599B6963E71B9E8CD - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash ==== Chromium Look ====================== YouTube - strandwege\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - strandwege\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Gmail - strandwege\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://be.msn.com/default.aspx?lang=nl-be&ocid=OIE9HP" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://be.msn.com/default.aspx?lang=nl-be&ocid=OIE9HP" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6D82C930-68EB-4C85-A493-966AEF5ACAED}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {6D82C930-68EB-4C85-A493-966AEF5ACAED} Bing Url="http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox" ==== HijackThis Entries ====================== O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [CZFMDKsk] C:\PROGRA~2\FDD_FM~1\CZFMDKsk.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKUS\S-1-5-21-3188734110-2836186041-1348834007-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3188734110-2836186041-1348834007-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Dropbox.lnk = strandwege\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {55A2C0CD-3DE8-4264-9637-A0B40B05714E} (Mail Migration) - https://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=232708154 O17 - HKLM\System\CCS\Services\Tcpip\..\{A0C7DA38-A314-46F1-A1CE-5FC5BC02938C}: NameServer = 81.169.62.171 81.169.62.171 O17 - HKLM\System\CCS\Services\Tcpip\..\{A384538C-7C31-4805-8302-C5AD7674DFEC}: NameServer = 81.169.60.107 81.169.60.107 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\strandwege\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\strandwege\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\strandwege\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=89 folders=65 22747429 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\strandwege\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\temp emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\STRAND~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\strandwege\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\strandwege\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on di 23/09/2014 at 15:15:32,38 ======================