Zoek.exe v5.0.0.0 Updated 24-12-2014 Tool run by Gebruiker on zo 28/12/2014 at 17:43:15,84. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 28/12/2014 17:44:33 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\GU Player deleted successfully C:\Program Files\PriceLess deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\PROGRA~2\PriceLess deleted successfully C:\Users\Gebruiker\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Gebruiker\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-646503806-2735956478-2094658483-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\atieclxx.exe C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\AEADISRV.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Windows\system32\DllHost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Pirate\Pirate-1010.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Gebruiker\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wpnfd_1_10_0_1 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wpnfd_1_10_0_1 deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command] @="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Deleting Files \ Folders ====================== C:\Program Files\GU Player not found C:\ProgramData\PriceLess not found C:\Program Files\PriceLess not found C:\ProgramData\WindowsMangerProtect deleted C:\ProgramData\1803528019 deleted C:\Users\Gebruiker\AppData\Roaming\webssearches deleted C:\ProgramData\a6dae069ff3b2952 deleted C:\Program Files\Bandoo deleted C:\Windows\patsearch.bin deleted C:\Users\Gebruiker\Downloads\SoftonicDownloader_voor_soulseek.exe deleted C:\Windows\system32\drivers\Msft_Kernel_webinstrNew_01009.Wdf deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\system32\GroupPolicy\Machine deleted C:\Windows\system32\GroupPolicy\User deleted C:\Windows\system32\GroupPolicy\gpt.ini deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601) Memory (RAM): 3072 MB CPU Info: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz CPU Speed: 547,7 MHz Sound Card: Luidsprekers (SoundMAX Integrat | Digitale audio (S/PDIF) (SoundM | Display Adapters: ATI Mobility Radeon HD 2600 | ATI Mobility Radeon HD 2600 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: Intel(R) Wireless WiFi Link 4965AG | Intel(R) 82566MM Gigabit-netwerkverbinding CD / DVD Drives: 1x (D: | ) D: HL-DT-STRW/DVD GCC-C10N Ports: COM Ports NOT Present. LPT1 Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 465,7GB Hard Disks - Free: C: 430,9GB Manufacturer *: Hewlett-Packard BIOS Info: AT/AT COMPATIBLE | 12/01/11 | HPQOEM - 1 Time Zone: Romance (standaardtijd) Motherboard *: Hewlett-Packard 30C5 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 39.0.2171.95 Internet Explorer Version: 11.0.9600.17501 Google Chrome version: 39.0.2171.95 Adobe Reader version: 11.0.0.379 Sun Java version: 1.7.0_60 (32-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-12-06 19:11:11 54C86AC5EC71A7DE76A51D9EDB771B58 299 ----a-w- C:\Windows\Apache.Ini 2014-12-06 19:06:25 7BAAA0080A773E0F6E89B27684F37A97 315904 ----a-w- C:\Windows\IsUninst.exe ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== 2014-12-28 13:53:12 C92925E9FDD38F8B0BE977A7CEF3406B 325979 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n9882\VOPackage.exe 2014-12-28 13:36:02 77DE94559E4FD60C751173B759247E90 100864 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\404576D9-2E1B-A775-3089-DB49EEBE9ECE.exe 2014-12-28 13:36:02 03D0A0FAF76629260636E9A355971493 88576 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\404576D9-2E1B-A775-3089-DB49EEBE9ECE.dll 2014-12-28 13:36:02 0114469F3B396AB4CDAC6D2612BB6BD2 8191256 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\optprosetup.exe 2014-12-28 13:36:01 765C16DEDC36B0E0C45D3E6A4B233EAC 400896 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\1F105C90-9473-E606-C19F-85894A38689C.exe 2014-12-28 13:35:40 0D3138FB3A96D9E67E2751203E397CA0 536216 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\0673A313ED1A4aeaB70899F786B9C7D6\DispRun.exe 2014-12-28 13:35:29 1EDD8A6CE1A5FB296807C88607E9BE93 7056391 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\GUSetup_pubg-f3a02637.exe 2014-12-28 13:35:28 33ABC7701FCCED1434D4B0A501C7E56D 6450970 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\remarkit_0411-5abe4999.exe 2014-12-28 13:35:26 000F9C9B1788E30B0DB04F3C07CD3E5C 8375800 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\OptimizerProInstaller.exe 2014-12-28 13:35:23 5BDABBBE99C91FBF399268738281E026 4250112 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\294823_.exe 2014-12-28 13:35:17 E529D2FF77681DFDC3482DFD0CCD4DB0 1148864 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\wordproser_2110-9e9761dd.exe 2014-12-28 13:35:12 C92925E9FDD38F8B0BE977A7CEF3406B 325979 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\VOPackage.exe 2014-12-28 13:35:12 53F14089FB782DE7B9C8F2578FED8AAB 441896 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\webssearches_23_12-21c2870b.exe 2014-12-28 13:35:07 68268F7BE87A68AA1797E027DDA9D12A 200704 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\princeless_0810-e6299329.exe 2014-12-28 13:34:35 01C504A0234E3973993618E6480D50F2 362248 ----atw- C:\Users\Gebruiker\AppData\Local\Temp\n6365\s6365.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-12-17 19:09:38 0481346D0EF668C0D4FF69A7BBEFA846 115712 ----a-w- C:\Windows\System32\ieUnatt.exe ====== C:\Windows\system32\drivers ===== 2014-12-11 08:37:27 7FE680A3DFA421C4A8E4879AE4C5AAB0 74752 ----a-w- C:\Windows\System32\drivers\tdx.sys ====== C:\Windows\Tasks ====== 2014-12-28 13:56:17 59910F382E2AB90041BCC86E2A963883 3180 ----a-w- C:\Windows\system32\Tasks\{210CA3F7-99FE-46C4-B8BA-529C5DCEF479} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-28 16:22:45 -------- d-----w- C:\Program Files\trend micro 2014-12-06 19:06:47 -------- d-----w- C:\Program Files\Mindscape ======= C: ===== 2014-12-06 19:06:20 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS 2014-12-06 19:06:20 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS ====== C:\Users\Gebruiker\AppData\Roaming ====== 2014-12-28 13:36:10 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Programs 2014-12-28 13:35:38 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Torch 2014-12-28 13:35:38 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-12-28 13:35:38 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser 2014-12-28 13:35:38 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Torch 2014-12-28 13:35:38 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Comodo 2014-12-28 13:35:38 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Chromatic Browser 2014-12-28 13:35:38 -------- d-----w- C:\Users\Gast\AppData\Local\Torch 2014-12-28 13:35:38 -------- d-----w- C:\Users\Gast\AppData\Local\Comodo 2014-12-28 13:35:38 -------- d-----w- C:\Users\Gast\AppData\Local\Chromatic Browser 2014-12-28 13:35:38 -------- d-----w- C:\Users\Administrator\AppData\Local\Torch 2014-12-28 13:35:38 -------- d-----w- C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-12-28 13:35:37 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Google 2014-12-28 13:35:37 -------- d-----w- C:\Users\Gast\AppData\Local\Google 2014-12-28 13:35:37 -------- d-----w- C:\Users\Administrator\AppData\Local\Google 2014-12-28 13:35:37 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo 2014-12-17 19:59:31 -------- d-sh--w- C:\Users\Gebruiker\AppData\Local\EmieBrowserModeList 2014-12-16 17:11:01 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Windows Live Writer 2014-12-06 19:06:12 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games ====== C:\Users\Gebruiker ====== 2014-12-28 16:21:12 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Gebruiker\Downloads\RSIT.exe 2014-12-28 13:35:39 6471C52810B8A50B8C7897FBE5F0E2D1 398 --sha-r- C:\ProgramData\ntuser.pol 2014-12-28 13:35:37 -------- d-----w- C:\Users\HomeGroupUser$\AppData 2014-12-28 13:35:37 -------- d-----w- C:\Users\Gast\AppData 2014-12-28 13:35:37 -------- d-----w- C:\Users\Administrator\AppData 2014-12-28 13:34:26 2447C2EF39B6044E14DFB9524D30CD5E 594184 ----a-w- C:\Users\Gebruiker\Downloads\Soulseek.exe ====== C: exe-files == 2014-12-28 16:22:45 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Gebruiker.exe 2014-12-28 16:21:12 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Gebruiker\Downloads\RSIT.exe 2014-12-28 14:07:06 0F901EE41FF20347C106D663F24931F9 679752 ----a-w- C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\SwReporter\2.6.2\software_reporter_tool.exe 2014-12-28 13:53:12 C92925E9FDD38F8B0BE977A7CEF3406B 325979 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n9882\VOPackage.exe 2014-12-28 13:36:02 77DE94559E4FD60C751173B759247E90 100864 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\404576D9-2E1B-A775-3089-DB49EEBE9ECE.exe 2014-12-28 13:36:02 0114469F3B396AB4CDAC6D2612BB6BD2 8191256 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\optprosetup.exe 2014-12-28 13:36:01 765C16DEDC36B0E0C45D3E6A4B233EAC 400896 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\1F105C90-9473-E606-C19F-85894A38689C.exe 2014-12-28 13:35:40 0D3138FB3A96D9E67E2751203E397CA0 536216 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\0673A313ED1A4aeaB70899F786B9C7D6\DispRun.exe 2014-12-28 13:35:29 1EDD8A6CE1A5FB296807C88607E9BE93 7056391 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\GUSetup_pubg-f3a02637.exe 2014-12-28 13:35:28 33ABC7701FCCED1434D4B0A501C7E56D 6450970 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\remarkit_0411-5abe4999.exe 2014-12-28 13:35:26 000F9C9B1788E30B0DB04F3C07CD3E5C 8375800 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\OptimizerProInstaller.exe 2014-12-28 13:35:23 5BDABBBE99C91FBF399268738281E026 4250112 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\294823_.exe 2014-12-28 13:35:17 E529D2FF77681DFDC3482DFD0CCD4DB0 1148864 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\wordproser_2110-9e9761dd.exe 2014-12-28 13:35:12 C92925E9FDD38F8B0BE977A7CEF3406B 325979 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\VOPackage.exe 2014-12-28 13:35:12 53F14089FB782DE7B9C8F2578FED8AAB 441896 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\webssearches_23_12-21c2870b.exe 2014-12-28 13:35:07 68268F7BE87A68AA1797E027DDA9D12A 200704 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\n6365\princeless_0810-e6299329.exe 2014-12-28 13:34:35 01C504A0234E3973993618E6480D50F2 362248 ----atw- C:\Users\Gebruiker\AppData\Local\Temp\n6365\s6365.exe 2014-12-28 13:34:26 2447C2EF39B6044E14DFB9524D30CD5E 594184 ----a-w- C:\Users\Gebruiker\Downloads\Soulseek.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-646503806-2735956478-2094658483-1001\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" "QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" ==== Startup Folders ====================== 2013-05-26 17:57:11 1193 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11/12/2014 20:52] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Torch deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Gast\AppData\Local\Torch deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Gast\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Gebruiker\AppData\Local\Torch deleted Fake profile C:\Users\Gebruiker\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gebruiker\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Gebruiker\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser deleted ==== Chromium Look ====================== Google Docs - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf PriceLess - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfcdeponefegcchfbiccghiokkchhmnl Google Wallet - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/", "startup_urls": [ "http://www.google.com/" ], ==== Chromium Fix ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_soulseek-client.nl.softonic.com_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_soulseek-client.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfcdeponefegcchfbiccghiokkchhmnl deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://istart.webssearches.com/?type=hp&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941" "Default_Page_URL"="http://istart.webssearches.com/?type=hp&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://istart.webssearches.com/web/?type=ds&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941&q={searchTerms}" "Default_Page_URL"="http://istart.webssearches.com/?type=hp&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941" "Start Page"="http://istart.webssearches.com/?type=hp&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941" "Search Page"="http://istart.webssearches.com/web/?type=ds&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== shortcuts on Users Desktops ====================== C:\Users\Gebruiker\Desktop\MioMore Desktop 7.50.lnk - C:\Program Files\Mio\MioMore Desktop 7.50\MioMore.exe C:\Users\Gebruiker\Desktop\Muziek downloaden.lnk - C:\Program Files\Pirate\Pirate-1010.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Users\Public\Desktop\CDBurnerXP.lnk - C:\Program Files\CDBurnerXP\cdbxpp.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941 C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk - C:\Program Files\OpenOffice.org 3\program\soffice.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\KA-52 Team Alligator.lnk - ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941 ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1419773745&from=slbnew&uid=WDCXWD5000BPVT-00HXZT3_WD-WXB1A61P9941P9941 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall deleted successfully ==== HijackThis Entries ====================== O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe ==== Empty IE Cache ====================== C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=64 folders=17 3794051 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 28/12/2014 at 17:57:37,40 ======================