Zoek.exe v5.0.0.0 Updated 29-11-2014 Tool run by Peter on di 02/12/2014 at 8:42:50,63. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Peter\Downloads\zoek (1).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2013-06-29-183121.log 9025 bytes C:\zoek-results2014-03-06-142353.log 62620 bytes C:\zoek-results2014-03-08-061627.log 1854 bytes ==== Empty Folders Check ====================== C:\Program Files\AGEIA Technologies deleted successfully C:\Program Files\GrabRez deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\Users\Peter\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Peter\AppData\Roaming\Nokia Suite deleted successfully C:\Users\Peter\AppData\Roaming\Vso deleted successfully C:\Users\Peter\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3342649242-1555140345-3633093444-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72C09671-7ECB-45D0-8412-3F5570BDD773} deleted successfully HKEY_USERS\S-1-5-21-3342649242-1555140345-3633093444-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9869E75-2204-45CE-8ECA-9FF88141FFA2} deleted successfully HKEY_USERS\S-1-5-21-3342649242-1555140345-3633093444-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F07581A0-5E33-4EB6-BEF5-1D78DD77C7B2} deleted successfully HKEY_USERS\S-1-5-21-3342649242-1555140345-3633093444-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA9C4133-445A-4179-A5B8-3B8EF8E68F6} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3342649242-1555140345-3633093444-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_USERS\S-1-5-21-3342649242-1555140345-3633093444-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) æTorrent Adobe Flash Player 15 ActiveX Adobe Flash Player 15 Plugin Avast Free Antivirus Extensie voor Windows Live Toolbar (Windows Live Toolbar) Google Chrome Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java 7 Update 71 Java Auto Updater LAME v3.99.3 (for Windows) LOGOSoft Comfort V5.0 Malwarebytes Anti-Malware versie 2.0.3.1025 Markeringviewer (Windows Live Toolbar) Microsoft-invoegtoepassing Opslaan als PDF of XPS voor 2007 Microsoft Office-programma's Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ Run Time Lib Setup Microsoft_VC100_CRT_SP1_x86 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 33.1 (x86 nl) NVIDIA-configuratiescherm 340.52 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA PhysX NVIDIA Update 15.3.33 NVIDIA Update Core Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2899526) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2899527) 32-Bit Edition Security Update for Windows Media Encoder (KB2447961) simpliclean Smart Menu's (Windows Live Toolbar) Speccy Spotify Stuurprogrammapakket voor Windows - Fedict SmartCard (12/08/2009 4.0.0.3) Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Favorites voor Windows Live Toolbar Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Xara Designer Pro X10 Zylom puzzles Deluxe ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\simplitec\simpliclean\ServiceProvider.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Online Games Manager\ogmservice.exe C:\Windows\system32\PSIService.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\ehome\ehmsas.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehsched.exe C:\Windows\ehome\ehRecvr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Users\Peter\Downloads\zoek (1).exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k swprv ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Peter\AppData\Roaming\HPAppData deleted C:\navigram_register.exe deleted C:\Users\Peter\AppData\Roaming\MAGIX deleted C:\Users\Peter\AppData\Roaming\SimpleFiles deleted C:\PROGRA~2\APN deleted C:\PROGRA~2\simplitec deleted C:\PROGRA~2\Wondershare Video Converter Ultimate deleted C:\PROGRA~2\MAGIX deleted C:\PROGRA~2\Trymedia deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec deleted C:\Windows\system32\Tasks\LaunchSignup deleted C:\Users\Public\Desktop\simpliclean.lnk deleted "C:\Program Files\simplitec\simpliclean\gahelper.dll" deleted "C:\Program Files\simplitec\simpliclean\ServiceProvider.exe" deleted "C:\Program Files\simplitec\simpliclean\modules\common\asp_ipc32.dll" deleted "C:\Program Files\simplitec" deleted "C:\Program Files\simplitec\simpliclean" deleted "C:\Program Files\simplitec\simpliclean\modules" deleted "C:\Program Files\simplitec\simpliclean\modules\common" deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 3070 MB CPU Info: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz CPU Speed: 2455,9 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: NVIDIA GeForce 210 | NVIDIA GeForce 210 | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; SyncMaster 2043NW/2043NWX | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: NVIDIA nForce Networking Controller CD / DVD Drives: 3x (D: | E: | F: | ) D: Optiarc DVD RW AD-5170A | E: MagicISOVirtual DVD-ROM | F: TSSTcorpCDDVDW SE-208DB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 457,8GB | G: 465,8GB Hard Disks - Free: C: 100,4GB | G: 370,7GB Manufacturer *: Phoenix Technologies, LTD BIOS Info: AT/AT COMPATIBLE | 01/09/08 | PacBel - 42302e31 Time Zone: Romance (standaardtijd) Motherboard *: Packard Bell BV APL00 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Google Chrome 39.0.2171.65 Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: 33.1 (x86 nl) Mozilla Firefox version: Google Chrome version: 39.0.2171.65 Adobe Reader version: 10.1.12.15 Sun Java version: 1.7.0_71 (32-bit) Flash Player version: 15.0.0.189 Shockwave Player version: 12.0.9r149 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-11-21 13:07:02 B59EF013D567E5746F1DEE2565F747ED 43152 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\Peter\AppData\Local\Temp ==== 2014-12-01 09:40:22 0D936A150E7E2C18260B96C301912485 20356656 ----a-w- C:\Users\Peter\AppData\Local\Temp\Update_Simplitec_PowerSuite_1.5.2.2en_UK.exe ====== Java Cache ===== 2014-11-15 23:24:48 4EF9818238DC3476BDEAC17BA553C7A7 11920 ----a-w- C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\55ee8e10-58b91110 2014-11-15 23:26:54 DA24B07155A744DFFAAF285740CCFE84 14292 ----a-w- C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6bb6e098-3d3703f7 2014-11-15 23:23:46 3AFD2DABE59E548DECF06B1165441311 1246 ----a-w- C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\76796d43-21bbc24c 2014-11-15 23:24:28 969FDE85AE5226FC57131C3DACBA49C2 29412 ----a-w- C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\4b3c135f-29aa3c52 2014-11-15 23:24:13 FE031C7BF55FAB689E185BCEFBA04913 11086 ----a-w- C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\12688be1-6f498913 2014-11-15 23:26:29 DBF60DC8E56D48F682E9B3C78E26838A 34381 ----a-w- C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\49a0786a-5aa70c72 2014-11-13 08:08:57 30810F09A3FCC03EC583120B033700BC 282329 ----a-w- C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-6cce6e59 2014-11-15 23:23:47 32CDA17908BB8126BBCF2D5931F9E2E0 73900 ----a-w- C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\151d42fd-68c73526 2014-11-13 08:08:57 67911F367EC150BDC8F2CB46397F0925 845 ----a-w- C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-3e5e0e06 2014-11-13 08:08:57 CC798D237C3C215958ECE8E674CDE56C 437 ----a-w- C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-e2e4c8970372d2fb4193a7ef29d16f6c3f08527947fcb9208b3a0e48820369fd-6.0.lap ====== C:\Windows\system32 ===== 2014-11-24 12:04:56 B55FA6AD6C4A74AFC85433490E97C0DE 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin 2014-11-24 11:57:45 C43A07AB2BFD3F949B306BEDAD39E025 28448 ----a-w- C:\Windows\System32\nvhdap32.dll 2014-11-24 11:57:45 9E7110493C7C8F8F6FC8CADCDB6A34EF 895264 ----a-w- C:\Windows\System32\nvhdagenco3220103.dll 2014-11-24 11:57:43 E2DF79E836FB4F0861714D365939F49B 16122344 ----a-w- C:\Windows\System32\nvwgf2um.dll 2014-11-24 11:57:42 DFFE13F20E46CC6FBA85C5CB490DE8A2 11283344 ----a-w- C:\Windows\System32\nvopencl.dll 2014-11-24 11:57:41 3440B6CEF9534A6D9872D643BEB23EAD 24198088 ----a-w- C:\Windows\System32\nvoglv32.dll 2014-11-24 11:57:38 961254689B05E663592EED0A9471B07A 1054552 ----a-w- C:\Windows\System32\nvdispco3234052.dll 2014-11-24 11:57:38 441C34511B9D0310F0D3A6BB7B4D570F 907552 ----a-w- C:\Windows\System32\nvdispgenco3234052.dll 2014-11-24 11:57:38 34B8E6705D391CCC509EBB602563F160 3988952 ----a-w- C:\Windows\System32\nvcuvid.dll 2014-11-24 11:57:37 E6AEC129EE321C6D4EAA3C81E82C6D08 11222048 ----a-w- C:\Windows\System32\nvcuda.dll 2014-11-24 11:57:35 7D759257C36FF3E268874581125F5F6D 15296456 ----a-w- C:\Windows\System32\nvcompiler.dll 2014-11-21 13:07:10 197B2EE973E3BC2B0E32BED69549E41E 291352 ----a-w- C:\Windows\System32\aswBoot.exe 2014-11-20 04:40:26 1DE1C07B256961012DCE0674EA488DE7 499200 ----a-w- C:\Windows\System32\kerberos.dll ====== C:\Windows\system32\drivers ===== 2014-11-24 11:57:45 9F8EE4948B7ADD9D12F778F61A2758A4 162592 ----a-w- C:\Windows\System32\drivers\nvhda32v.sys 2014-11-24 11:57:40 1E3D32DDBE6BBDC0843432BAD599069F 10681176 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys ====== C:\Windows\Tasks ====== 2014-12-01 09:09:38 42E82741558F6D687581A4C280A0D179 382 ----a-w- C:\Windows\Tasks\simplitec Service Provider.job 2014-12-01 09:09:38 29B429CBE6FC5A104F1F63237B9D6946 2760 ----a-w- C:\Windows\system32\Tasks\simplitec Service Provider 2014-12-01 09:09:07 5EB189099A5AE310A6501E690C1F4E0D 2726 ----a-w- C:\Windows\system32\Tasks\simplitec Power Suite 2014-12-01 09:09:06 630E8517A7B13676FFA965B8F2D417CD 352 ----a-w- C:\Windows\Tasks\simplitec Power Suite.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-01 09:11:01 -------- d-----w- C:\Program Files\Common Files\MAGIX Services 2014-12-01 09:10:59 -------- d-----w- C:\Program Files\Xara 2014-12-01 09:10:59 -------- d-----w- C:\Program Files\Common Files\Xara Services 2014-11-10 08:28:01 -------- d-----w- C:\Program Files\Siemens ======= C: ===== 2014-11-28 09:00:35 4E53908BFDA4E2D7727F6F17227D5DF9 3120 ----a-w- C:\ipconfig.txt ====== C:\Users\Peter\AppData\Roaming ====== 2014-12-01 09:12:16 -------- d-----w- C:\Users\Peter\AppData\Local\Xara 2014-11-24 12:18:23 -------- d-----w- C:\Users\Peter\AppData\Local\NVIDIA 2014-11-15 23:50:05 -------- d-----w- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ 2014-11-13 08:09:06 -------- d-----w- C:\Users\Peter\AppData\Roaming\Oracle ====== C:\Users\Peter ====== 2014-12-01 19:00:13 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Peter\Downloads\RSIT (1).exe 2014-12-01 09:12:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xara 2014-12-01 09:10:59 -------- d-----w- C:\ProgramData\Xara 2014-12-01 09:04:59 81E01E4846185AAC4B6CC0F2266D3781 3033184 ----a-w- C:\Users\Peter\Downloads\xara_designerpro_x10_dlm.exe 2014-11-15 23:52:16 -------- d-----w- C:\Users\Peter\voip ====== C: exe-files == 2014-12-02 07:40:47 8A85A2406F52C4085B1434573C65FBDD 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3342649242-1555140345-3633093444-1003\$IC9YFKX.exe 2014-12-02 07:40:38 8B8C294915236A64BCCD794C537B64C1 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3342649242-1555140345-3633093444-1003\$IA7DUSU.exe 2014-12-01 19:01:40 8A8792FAC36E5D178E4AE46F13417D92 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3342649242-1555140345-3633093444-1003\$I8LPNT9.exe 2014-12-01 19:01:12 208B94F3BF0B894C038C42624F87A0CD 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3342649242-1555140345-3633093444-1003\$I0AN4ZT.exe 2014-12-01 19:00:13 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Peter\Downloads\RSIT (1).exe 2014-12-01 09:40:22 0D936A150E7E2C18260B96C301912485 20356656 ----a-w- C:\Users\Peter\AppData\Local\Temp\Update_Simplitec_PowerSuite_1.5.2.2en_UK.exe 2014-12-01 09:06:26 E06BF71CD0D3903B44B246BF8228EC80 92578096 ----a-w- C:\Users\Peter\Documents\MAGIX Downloads\Installationsmanager\Xara_Designer_Pro_X10_32Bit_DLV_en-GB_140901_14-46_10_1_3_35257.exe 2014-12-01 09:06:26 E06BF71CD0D3903B44B246BF8228EC80 92578096 ----a-w- C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7PY6KW6\Xara_Designer_Pro_X10_32Bit_DLV_en-GB_140901_14-46[1].exe 2014-12-01 09:04:59 81E01E4846185AAC4B6CC0F2266D3781 3033184 ----a-w- C:\Users\Peter\Downloads\xara_designerpro_x10_dlm.exe 2014-11-26 12:24:24 3C7B90403C3016F3209B705B9668633B 4438240 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\000068ea\DAO.19085104.exe === C: other files == 2014-12-02 05:24:21 FE39D06021DABECECC3003663A637FC2 108 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-3342649242-1555140345-3633093444-1003\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\Peter\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\Peter\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeBridge] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeBridge" "hkey"="HKCU" "command"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5ServiceManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS5ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\CS5ServiceManager\\CS5ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ehTray.exe" "hkey"="HKCU" "command"="C:\\Windows\\ehome\\ehTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSPService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSPService" "hkey"="HKLM" "command"="C:\\Program Files\\CyberLink\\MagicSports\\Kernel\\MagicSports\\MSPMirage.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroFilterCheck" "hkey"="HKLM" "command"="C:\\Windows\\system32\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Suite Tray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PC Suite Tray" "hkey"="HKCU" "command"="\"C:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe\" -onlytray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="RtHDVCpl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skytel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skytel" "hkey"="HKLM" "command"="Skytel.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SwitchBoard" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\toolbar_eula_launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="toolbar_eula_launcher" "hkey"="HKLM" "command"="C:\\Program Files\\Packard Bell\\GOOGLE_EULA\\EULALauncher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WinampAgent" "hkey"="HKLM" "command"="\"C:\\Program Files\\Winamp\\winampa.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Defender" "hkey"="HKLM" "command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WMPNSCFG" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] "item"="Adobe Gamma" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk" "backup"="C:\\Windows\\pss\\Adobe Gamma.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "item"="HP Digital Imaging Monitor" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" "backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\HP\\DIGITA~1\\bin\\hpqtra08.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] "item"="Logitech Desktop Messenger" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk" "backup"="C:\\Windows\\pss\\Logitech Desktop Messenger.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] "item"="MagicDisc" "path"="C:\\Users\\Peter\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MagicDisc.lnk" "backup"="C:\\Windows\\pss\\MagicDisc.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\MAGICD~1\\MAGICD~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GenericHidService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hidserv] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iphlpsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RichVideo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SwitchBoard] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "AdobeBridge"="" "Desktop iCalendar Lite.exe"="" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" "BrowserPlugInHelper"="C:\\Program Files\\Wondershare\\Video Converter Ultimate\\BrowserPlugInHelper.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [09/03/2014 20:42] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:90C:\ProgramC:Files\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\Recovery DVD Creator.job --a------ [Undetermined Task] C:\Windows\tasks\simplitec Power Suite.job --a------ C:\Program Files\simplitec\simpliclean\PowerSuite.exe [] C:\Windows\tasks\simplitec Service Provider.job --a------ C:\Program Files\simplitec\simpliclean\ServiceProvider.exe [] C:\Windows\tasks\Uitgebreide garantie.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\0" [c:\program files\internet explorer\iexplore.exe] "C:\Windows\system32\tasks\4693" [wscript.exe C:\Users\Peter\AppData\Local\Temp\launchie.vbs //B] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\HP Deskjet 1050 J410 series.exe" [C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HP Deskjet 1050 J410 series.exe] "C:\Windows\system32\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe] "C:\Windows\system32\tasks\HpWebReg.exe" [C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HpWebReg.exe] "C:\Windows\system32\tasks\PhotoProduct.exe" [C:\Program Files\HP Photo Creations\PhotoProduct.exe] "C:\Windows\system32\tasks\Recovery DVD Creator" [C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe] "C:\Windows\system32\tasks\simplitec Power Suite" [C:\Program Files\simplitec\simpliclean\PowerSuite.exe] "C:\Windows\system32\tasks\simplitec Service Provider" [C:\Program Files\simplitec\simpliclean\ServiceProvider.exe] "C:\Windows\system32\tasks\Uitgebreide garantie" [C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{A1752DFC-7CD6-4339-BE6B-700EF751C0B2}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [21/11/2014 14:07] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\632uipbv.default - Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF - Undetermined - wrc@avast.com ProfilePath: C:\Users\Peter\AppData\Roaming\TomTom\HOME\Profiles\emn52gou.default - Undetermined - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\632uipbv.default D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update BBF0479C2D30519A2E746D12CAE54B43 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U71 1ED046D972B98E0ADEC4D4D61BF37695 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.710.14 63F8C13F269B10BC9363B007DAAACAE6 - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll - Shockwave Flash 5232105D125A448E99D8C905AB4713EE - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 21536AF136F35D9E960B085C905C98FB - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In 5174E3BE46B2CCCDAF9CEB5B622CEA9B - C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll - Shockwave for Director / Shockwave for Director 86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin D7EFF0B98C370E03D7E2593399D9B669 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision 75A1232EAC640B782CDD2132B5271AA8 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 472DAEA6EEE84240DEA132C95C57EB68 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer 24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox 09B4E13D25623D879D35286E2D29FF13 - C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player FC5866F7793AF2CBCD425CC4B8D32A9E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx[04/08/2014 12:35] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[21/11/2014 14:06] jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[19/09/2013 08:52] Google Docs - Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Avast SafePrice - Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Avast Online Security - Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {2587B8E6-DDBA-4557-84EF-25255C1C0050} (www.google.com) Google Url="http://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="https://www.google.com/search?q={searchTerms}" {9C9E91AB-BB8A-4099-80F5-110500E4631B} Bing Url="http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\simplitec POWER SUITE_is1 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Peter\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\HP\Smart Web Printing\hpswp_extensions.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280386301191 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276204295004 O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game08.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files\Online Games Manager\ogmservice.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Peter\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\UpdatusUser.PETER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\632uipbv.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=692 folders=112 210910327 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Peter\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser.PETER\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Peter\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehmsdri.log" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehRecvr.log" not found ==== EOF on di 02/12/2014 at 9:19:04,80 ======================